Appendix C. More about authentication and authorization
This appendix covers
- Basics of authentication and authorization
- OAuth 2.0 flow
- JSON Web Tokens
This appendix serves as a short refresher on authentication and authorization. It describes the OAuth 2.0 flow process, the OpenID Connect protocol, and the inner workings of JSON Web Tokens.
C.1. Basics of authentication and authorization
In simple web and mobile applications, the back-end server is usually responsible for the authentication and authorization of users. A password authentication scheme may work as follows (figure C.1):
- A user enters a username and password in a mobile application or a website.
- The user’s credentials are sent to the server. The application looks up ...
Get Serverless Architectures on AWS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.