- Stateless and salable servers
- Mobile applications
- Pass authentication to other applications (OAuth)
- Extra Security
HTTP is a stateless protocol. Though we authenticate a user, application wont know about that user in next request. Traditional way is to store session data in the server. Usually in memory or stored in a disk. But this approach introduced lots of issues.
- Server need to store session data (Overhead)
- Session is store in the server. So issues come up when scaling the server
- Mobile applications need to have CORS.
Steps of Token Based Authentication
- User Requests Access with Username / Password
- Application validates credentials
- Application provides a signed token to the client
- Client stores that token and sends it along with every request
- Server verifies token and responds with data
No comments:
Post a Comment