O'Reilly logo

Serverless Architectures on AWS: With examples using AWS Lambda by Peter Sbarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix C. More about authentication and authorization

This appendix covers

  • Basics of authentication and authorization
  • OAuth 2.0 flow
  • JSON Web Tokens

This appendix serves as a short refresher on authentication and authorization. It describes the OAuth 2.0 flow process, the OpenID Connect protocol, and the inner workings of JSON Web Tokens.

C.1. Basics of authentication and authorization

In simple web and mobile applications, the back-end server is usually responsible for the authentication and authorization of users. A password authentication scheme may work as follows (figure C.1):

  1. A user enters a username and password in a mobile application or a website.
  2. The user’s credentials are sent to the server. The application looks up ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required