【英文】Web身份认证

Posted on Edited on Views:

Preface

Web Authentication

Authenticating with Cookies and Sessions

  1. After the initial login request is completed, the server stores the user’s login status in the form of a session in the server memory.
  2. The server sends the session key to the client in the response.
  3. Once the client obtains the session key stored on the server, it stores the session key in the browser’s cookie.
  4. For subsequent requests to the server, the client includes the cookie in the request header as the identity of the current login.

<session>: The session key stored on the server.

1
2
3
4
5
POST http://localhost:80/api/item
Content-Type: application/json
Cookie: <session>

{}

Authenticating with Authentication

Basic Method

  1. Regardless of whether the user is logged in or not, each request sent to the server includes the AES-encrypted username:password as Authorization in the request header.
  • In the Basic method, the value of Authorization must start with Basic .

AES(<username>:<password>): The AES-encrypted username and password.

1
2
3
4
5
POST http://localhost:80/api/item
Content-Type: application/json
Authorization: Basic AES(<username>:<password>)

{}

Bearer Method

  1. After the initial login request is completed, the server encodes the user’s login status into a token.
  2. The server sends the token to the client in the response.
  3. Once the client obtains the token, it stores the token in the LocalStorage.
  4. For subsequent requests to the server, the client includes the token in the request header as Authorization.
  • In the Bearer method, the value of Authorization must start with Bearer .
  • JWT is the most common implementation of the Bearer method.

<token>: The token returned by the server after authentication.

1
2
3
4
5
POST http://localhost:80/api/item
Content-Type: application/json
Authorization: Bearer <token>

{}

Completion

References

Bilibili - free-coder