Read 13 ~ Bearer Authorization
By Abdallah obaid
| NAME | URL |
|---|---|
| Home | Home. |
| Prep | Prep: Engineering Topics. |
| Read 01 | Node Ecosystem, TDD, CI/CD. |
| Read 02 | Classes, Inheritance, Functional. |
| Read 03 | Data Modeling & NoSQL Databases. |
| Read 04 | Advanced Mongo/Mongoose. |
| Read 05 | Linked Lists. |
| Read 06 | HTTP and REST. |
| Read 07 | Express. |
| Read 08 | Express Routing & Connected API. |
| Read 09 | API Server. |
| Read 10 | Stacks and Queues. |
| Read 11 | Authentication. |
| Read 12 | OAuth. |
| Read 13 | Bearer Authorization. |
| Read 14 | Access Control (ACL). |
| Read 15 | Trees. |
| Read 16 | Event Driven Applications. |
Bearer Authorization
## JSON Web Token (JWT):
- JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
- JWT is an internet standard for creating data with optional signature and/or optional encryption.
- JSON Web Tokens consist of three parts separated by dots
xxxxx.yyyyy.zzzzz:- Header
- Payload
- Signature
- Rather than keep sending username/password each time we use the
JWT. - JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
- NOTE: Signing a token does not secure it’s contents. They are viewable, so be careful of the information that you include in the JSON data.
## Bearer Token:
- Came from “bear” or “contain”.
- Is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources:
Authorization: Bearer <token>.
