Authentication And Authorization
Post By kanra
Blogs Authentication And Authorization
July 30, 2021
Category
Reference
Tag
Security

Authentication: verify who a user is

Authorization: verify what a user can do (user permission to access a resource)

OAuth

  • Open Authorization (OAuth, current is OAuth 2.0)
  • give one application permission (i.e. Notebook App) to access your data in another application (i.e. Google Account contact list)
  • Authorization process (to grant permission, or consent)
  • Terminologies
    • Recource Owner (a user)
    • Client (i.e. Notebook App) (Service Provider)
    • Authorization Server (Google Authorization server) (Identify Provider)(IdP)
    • Resource Server (Google API Server)
    • Redirect URI (a link of Notebook App)
    • Response Type (in code format, Notebook App want an Authorization Code from Google)
    • Scope (Notebook App want to access what kind of user information)
    • Consent (a window in Google to ask user whether to ALLOW or DENY access)
    • Client ID (Google used to identify Notebook App, setup in Google Developer console)
    • Client Secret (Google used to identify Notebook App, setup in Google Developer console)
    • Authorization Code (Notebook App receive from Authorization Server after user ALLOW access)
    • Access Token (Notebook App receive it by trading Authorization Code with Authorization Server, used to communicate with Recource Server)

 

Descriptionhttps://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc

 

OIDC

OpenID Connect (OIDC)

  • Single Sign-On (SSO)
  • newer
  • login using other 3rd party account (i.e. login to Notebook App using Google Account)
  • Authentication process (establishing a login session, with information about the person logged in)
  • built from the OAuth 2.0 (more features)
  • JSON format
  • Terminologies
    • Identify Provider (Authorization Server)
    • Access Token (client receive at final stage, is a string of gibberish)
    • ID Token (client receive at final stage, is a JWT with user information)
    • Claims (data inside ID Token, inside a JWT after decoded) <==> Assertion in SAML
    • Same flow as OAuth, except
    • Scope=OPENID
    • Access Token + ID Token come back at the end

i.e. Google sign in button

 

SAML

Security assertion markup language (SAML)

  • Single Sign-On (SSO)
  • older
  • Authentication process
  • XML-based format
  • verify the user’s identity and permissions
  • Terminologies
    • Service Provider (i.e. Notebook App)
    • Identify Provider (IdP) (i.e. Google Authorization server)
    • SAML Assertion (user data from IdP to the SP) <==> Claim in OIDC
  • Same flow as OIDC

i.e. employee log on to gain access to any part of the company’s inner functions.
i.e. Network Admin manage users from a central location

 

AUTHOR : kanra
EMAIL : karawakara@gmail.com
Working on Networking, Web Development, Software Development, Server-side deployment. Having fun on doing experiments on new technologies.
Related Posts
VIEW
Reference
Cisco Certified Network Associate (CCNA) Reference
VIEW
Reference
Cisco Certified Network Associate (CCNA) Reference