Authentication - Method / Protocol / Scheme


The authentication methods / construct / protocol validates the identity of a user (ie validates who you are).

The method is implemented by a (identify|authentication) provider.


Username / Password

In the traditional client-server authentication model, the third-party application requests an access-restricted resource (protected resource) on the server by authenticating with the server using the resource owner's credentials (generally a username/password). The resource owner shares then its credentials with the third party app.

Protocol Name Cleartext HTTPS
HTML form-based Yes Mandatory
What is and how works the Basic Authentication scheme? (HTTP) Yes Mandatory
Authentication - HTTP Digest Access Authentication No Optional

The cleartext protocols should be used together with HTTPS to encrypt the credentials in transit.

Identity assertion

An Identity assertion Authentication use as credentials:


Strong authentication are generally based on identity_assertion

Discover More
Authentication - (Authentication|Identity) Provider

An Authentication Provider implements the authentication method and is also known as an identity provider. The providers implementation differs primarily by: the data store that is request. the methods...
Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not,...
Oauth - Client Authentication

authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Client authentication is used for: Enforcing the binding of refresh tokens...
What are the HTTP Authentication schemes and methods?

This page lists the HTTP authentication schemes and the HTTP components that they used Via the Http Authorization Header: Basic Bearer Digest Others: DPoP HOBA 7486rfc 7486, Section 3...
What is Authentication, known also as Access control, Identification, or AuthN?

Authentication is the process that establishes the identity of a user who accesses a resource of an application (page, image,...) It's abbreviated as AuthN for authentication versus AuthZ for authorization....
Public Key Crypto Pair Key Creation
What is Sender authentication ? (Public Key Authentication based, Certificate-based in Cryptography)

Sender Authentication is based on the digital signature. If you can decrypt the signature successfully, it proves that the message come from: a particular sender or group There is three type of...
What is a Oauth Access Token?

This page talks access token in the context of the OAuth specification. An access token is a token representing an access authorization created during: a implicit grant flow or a authorization code...
What is a Session Identifier?

A session identifier is a nonce that represents uniquely a session. Instead of storing session information (such as username, login, start time, ...) directly, the server creates a nonce and sends it...
What is a Session? (authentication, tracking)

A session is used in authentication in order to store the identification data. After a user has been authenticated, the identification (the user name generally) is stored in the session and other requests...

Share this page:
Follow us:
Task Runner