Authentication

• By definition, authentication is the process of determining a user's identity. By using authentication, we check if we trust the user or not. This is usually performed using a username and password combination.
• If the username and password combination is known to us or the application, then the application tells the user that they are now authenticated.

 

• Why we need Authentication - We can see that anyone with a browser who knows the URL to our API can access, it if we keep it open or public. He would be able to receive all the resources from our API, and he would be able to change the data that that we have saved in our SQL Server. They can even delete all the data if they want to. This is harmful for your app. You need to make your API private so that only verified users or clients can use it. 

 

 

 

 

Authorization

• Refers to the process of determining whether a user has permission to perform a certain action or access a particular resource. 
• Authorization can be based on various factors such as roles, policies, claims and authentication status.

 

• Roles
  • Roles are groups of permissions that can be given to users. After logging in, we will check to see if the user has a read-only or read-write role

 

• Why we need Authorization- only allowing a certain set of users to modify or delete the data and otherwise a normal user cannot do that stuff.

 

 

 

JWT Token Flow

• We are using an authentication method in which the server creates a JWT token and pass it to the client.
• JWT or Json web tokens is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a Json object.
•