• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
Bartenders:
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

Token Based Authentication  RSS feed

 
Ranch Hand
Posts: 387
2
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In token based authentication, server generates a token which is shared with the client. The client will send this token on subsequent requests to the server. So, I am just wondering how does it differ from cookies mechanism? Cookies also work in similar fashion.
 
Ranch Hand
Posts: 277
2
Fedora Netbeans IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cookies are saved on a browser.  When you use tokens, that's used when the server and client are separated.  For example,  if there's an android app that connects to a server, they will use the token to send with the request to a secured endpoint.
 
Saloon Keeper
Posts: 9857
199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Token based authentication is used to separate the web application from the identity provider. It establishes a mutual trust between three parties. This allows you to log in using a Facebook account, for instance, but it's also possible that the web application also acts as an identity provider (by keeping track of a user's credentials).
 
Saloon Keeper
Posts: 20510
115
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One of the things that security tokens often provide is a "meta environment" where multiple apps are authenticated by the same token. This isn't quite the same thing as Single Signon, but it's close enough that their functions tend to overlap.

Perhaps the most famous token-based security system is Kerberos, which is the underpinning for modern-day Windows domain security as well as an option for other environments such as the Unix-like OS's. Another popular favorite is OAUTH, which allows web applications from different servers to vouch for each other.
 
Live ordinary life in an extraordinary way. Details embedded in this tiny ad:
Become a Java guru with IntelliJ IDEA
https://www.jetbrains.com/idea/
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!