Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ByteByteGo Daily] Password, Session, Cookie, Token, JWT, SSO, OAuth - Authentication Explained - Part 2 #144

Open
reboottime opened this issue Jul 4, 2023 · 2 comments
Open

[ByteByteGo Daily] Password, Session, Cookie, Token, JWT, SSO, OAuth - Authentication Explained - Part 2 #144

reboottime opened this issue Jul 4, 2023 · 2 comments
Labels
2023 system design Todo

Comments

@reboottime
Copy link
Owner

reboottime commented Jul 4, 2023
edited
Loading

Overview

This is a note extracted from Password, Session, Cookie, Token, JWT, SSO, OAuth - Authentication Explained - Part 2, By Alex Xu, it introduces three ways of passwordless authentications:

  • OTP ( one time password)
  • SSO ( single sign on)
  • OAuth 2.0 and OpenID Connect (OIDC)

While the article claims it has introduced JWT token-based authentication in part 1, it actually hasn't done so yet. Therefore, in this note, I will cover the topic of JWT authentication with my understanding.

Passwordless Authentication

When it comes to authentication, there are three factors to consider

  • Knowledge factors: something you know, such as a password
  • Ownership factors: something you own, such as a device or phone number
  • Inherence factors: something unique to you, such as your biometric features

Password fall under "something you know", One-Time Password(OTP) prove that the user owns a cell phone a device, while biometric authentication "something unique to you"
@reboottime
Copy link
Owner Author

reboottime commented Jul 4, 2023
edited
Loading

Passwordless Authentication

One Time password( OTP)

  • Unlike static passwords, which can be reused, OTPs are valid for a limited time, typically a few minutes. This means evne if someone intercepts an OTP, they can't use it to log in later.
  • Additionally, OTPs requires "something you own" as well as "something you know" to log in ( can be a cell phone ( less secure than others) or email address that the user has access to, making it harder for hackers to steal)

How OTPs work in detail


how otp works in detail

Alternatively, a hardware or software key can be used to generate OTPs for multi-factor authentication (MFA), for example, like Google 2FA.

@reboottime
Copy link
Owner Author

reboottime commented Jul 4, 2023
edited
Loading

SSO (Single Sign-On)

(Hold to wait more experience to add context)

Single Sign-On (SSO) is a user authentication method that allows us to access multiple systems or applications with a single set of credentials. SSO streamlines the login process, providing a seamless user experience across various platforms.

The SSO process mainly relies on a Central Authentication Service (CAS) server. Here's a step-by-step breakdown of the SSO process:

@reboottime reboottime added the Todo label Jul 5, 2023
Repository owner deleted a comment from katesroad Jul 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2023 system design Todo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@reboottime