In this chapter, we covered every aspect of authentication and authorization at the application layer. First, we learned about the key but subtle distinction between authentication and authorization. We looked at the HTTP standard header that allows applications to perform both of those tasks to control access to restricted resources. Then, we learned about each of the valid authentication schemes supported by the standard Authorization header.
We saw the security risks and ease of implementation that come along with basic authentication. We looked at how a bearer token authentication could alleviate some of the security risks associated with basic authentication without necessarily adding much more in the way of complexity. Finally, ...