Appendix C. More about authentication and authorization

 

This appendix covers

  • Basics of authentication and authorization
  • OAuth 2.0 flow
  • JSON Web Tokens

This appendix serves as a short refresher on authentication and authorization. It describes the OAuth 2.0 flow process, the OpenID Connect protocol, and the inner workings of JSON Web Tokens.

C.1. Basics of authentication and authorization

In simple web and mobile applications, the back-end server is usually responsible for the authentication and authorization of users. A password authentication scheme may work as follows (figure C.1):

C.2. JSON Web Token