Authentication Explained: When to Use Basic, Bearer, OAuth2, JWT and SSO(javarevisited.substack.com)
javarevisited.substack.com
Authentication Explained: When to Use Basic, Bearer, OAuth2, JWT and SSO
https://javarevisited.substack.com/p/system-design-basics-authentication
2 コメント
> It’s simple, but insecure unless wrapped in HTTPS. That’s why it’s almost never used in production anymore.
I mean, if you’re going to write a post about auth methods, you gotta say more than this.
I mean, if you’re going to write a post about auth methods, you gotta say more than this.
Another method which may be suitable for some uses (although the working of web browsers means that it will not work securely in a web browser, unless you have an extension, but it can work easily in other programs) is HMAC, although this is not suitable for all uses. For idempotent write operations which are not intended to be secret, it might work.