Authentication - Method / Protocol / Scheme

About

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are).

The method is implemented by a (identify|authentication) provider.

Method

Username / Password

In the traditional client-server authentication model, the third-party application requests an access-restricted resource (protected resource) on the server by authenticating with the server using the resource owner's credentials (generally a username/password). The resource owner shares then its credentials with the third party app.

Protocol Name Cleartext HTTPS
HTML form-based Yes Mandatory
What is and how works the Basic Authentication scheme? (HTTP) Yes Mandatory
Authentication - HTTP Digest Access Authentication No Optional

The cleartext protocols should be used together with HTTPS to encrypt the credentials in transit.

Identity assertion

An Identity assertion Authentication use as credentials:

Strong

Strong authentication are generally based on identity_assertion





Discover More
Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not,...
Oauth
Oauth - Client Authentication

authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Client authentication is used for: Enforcing the binding of refresh tokens...
What are the HTTP Authentication schemes and methods?

This page lists the HTTP authentication schemes and the HTTP components that they used Via the Http Authorization Header: Basic Bearer Digest Others: DPoP HOBA 7486rfc 7486, Section 3...
What is Authentication, known also as Access control, Identification, or AuthN?

Authentication is the process that establishes the identity of a user who accesses a resource of an application (page, image,...) It's abbreviated as AuthN for authentication versus AuthZ for authorization....
Oauth
What is a Oauth Access Token?

This page talks access token in the context of the OAuth specification. An access token is a token representing an access authorization created during: a implicit grant flow or a authorization code...
What is a Session Identifier?

A session identifier is a nonce that represents uniquely a session. Instead of storing session information (such as username, login, start time, ...) directly, the server creates a nonce and sends it...
What is a Session? (authentication, tracking)

A session is used in authentication in order to store the identification data. After a user has been authenticated, the identification (the user name generally) is stored in the session and other requests...
What is an Authentication / Identity) Provider ? ie user store

An Authentication Provider implements the authentication method and is also known as an identity provider. The providers implementation differs primarily by: the data store (ie user store) that is...
Oauth
What is an Authorization Server in Oauth?

The Authorization Server in Oauth is one of the 4 oauth roles. It's the server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. ...
What is an access token?

A token is a authentication material An access token is a token (string) representing an access authorization. It is equivalent to a session identifier in format. It's a token that serves as delegation-specific...



Share this page:
Follow us:
Task Runner