Appendix C. More about authentication and authorization
This appendix covers
- Basics of authentication and authorization
- OAuth 2.0 flow
- JSON Web Tokens
This appendix serves as a short refresher on authentication and authorization. It describes the OAuth 2.0 flow process, the OpenID Connect protocol, and the inner workings of JSON Web Tokens.
In simple web and mobile applications, the back-end server is usually responsible for the authentication and authorization of users. A password authentication scheme may work as follows (figure C.1):