reading-notes

View the Project on GitHub TrunkOfUkuleles/reading-notes

QUESTIONS

  1. Write the following steps in the correct order: Ask the client if they want to sign in via a third party Make a request to a third-party API endpoint Redirect to a third party authentication endpoint Register your application to get a client_id and client_secret Receive authorization code Make a request to the access token endpoint Receive access token

  2. What can you do with an authorization code? the code is used to confirm who you are at login, and use that as a basis of generating an access token.

  3. What can you do with an access token? as long as the signature remains accepted, it gives any requests to the server the access you have.

  4. What’s a benefit of using OAuth instead of your own basic authentication? simple and hooks into services that people already use. Take the onus of security off of you a bit

Vocabulary

Client ID: public id of user for auth Client Secret: privite identifyer that can house app credentials Authentication Endpoint: place to authenticate the token sent in the request Access Token Endpoint: generation of token API Endpoint: where api calls are sent Authorization Code: code generated by auth for use generation token Access Token: local storage (cookie) with the codes needed to be sent in requests to the server

Preview

Which 3 things had you heard about previously and now have better clarity on? tokens, authorization, Which 3 things are you hoping to learn more about in the upcoming lecture/demo? want to see the shape of the call more to get it down. What are you most excited about trying to implement or see how it works? getting this up an d running with a test suite

JWT - JSON Web Token

open standard. securly transfer information between two bodies, and it is signed as secure. Very fast and flexible transmission - containing everything you would need about user

signed Tokens

all about that integrity. Include JWT with user requests so that you can have the correct access without querying the db for the user each time.

JWT FORM

Header.Payload.Signature Header - token type (JWT) and the algo being used, then it is base-64 rencoded.

![cred]{‘./assets/client-credentials-grant.png’}

Bearer