Serverless Architectures on AWS

Appendix C. More about authentication and authorization

This appendix covers

Basics of authentication and authorization
OAuth 2.0 flow
JSON Web Tokens

This appendix serves as a short refresher on authentication and authorization. It describes the OAuth 2.0 flow process, the OpenID Connect protocol, and the inner workings of JSON Web Tokens.

C.1. Basics of authentication and authorization

In simple web and mobile applications, the back-end server is usually responsible for the authentication and authorization of users. A password authentication scheme may work as follows (figure C.1):

A user enters a username and password in a mobile application or a website.
The user’s credentials are sent to the server. The application looks up ...

Get Serverless Architectures on AWS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Serverless Architectures on AWS by Peter Sbarski, Sam Kroonenburg

Appendix C. More about authentication and authorization

C.1. Basics of authentication and authorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly