Session, Cookie, JWT, Token, SSO, and OAuth 2.0 - What are they?
These terms relate to managing user identity when logging into websites. You declare who you are (identification), your identity is verified (authentication), and you're granted appropriate permissions (authorization). Many solutions exist and continue to emerge. From simple to more complex:
1. WWW
WWW - Authentication is very basic. The browser prompts for a username and password. It lacks control over the login lifecycle, so is rarely used today.
2. Session
Cookie is prevalent in browsers. Servers maintain session storage and browsers store session IDs in cookies. While browsers primarily use cookies, mobile apps can use them in web views but often prefer tokens for native functions.
3. Tokens
Tokens are encoded data used for validation, allowing clients to avoid sending credentials repeatedly. They ensure data integrity but aren't always encrypted.
4. JWT
JWT provides a standardized format for tokens. They are digitally signed to ensure their authenticity. Because JWTs can hold session or user data in their claims, servers don't need to store this information separately for verification.
5. SSO (single sign-on)
Lets you log in once and then access multiple sites. Uses central authentication service (CAS) to maintain cross-site info.
6. OAuth 2.0
OAuth 2.0 authorizes one site to access your info on another site.
#technology #softwareengineering #programming #ddd
