Unit II - Authentication - Authorization
Unit II - Authentication - Authorization
Authorization
Determines what a user can access and what actions they can perform within a
system. Authorization is based on the user's identity, which is confirmed during
authentication.
Some more points
Authentication is a prerequisite to authorization: Authentication must be completed
before authorization can take place.
Authorization permissions are set by the system owner, administrator or manager:
Users can't change authorization permissions, but they can request changes.
Authorization can be based on environmental and resource attributes. For
instance, access might be restricted to specific environments such as
development or staging, with production access being denied.
Oauth2
OAuth2 (Open Authorization 2.0) is an authorization framework that allows third-
party applications to obtain limited access to user resources without exposing user
credentials.
It provides a secure and standardized way for applications to gain access to user
data by delegating the authorization process to trusted authorization servers.
OAuth2 is widely used for enabling single sign-on (SSO) and accessing APIs on
behalf of users.
Problems it solves
Credential Exposure: OAuth2 eliminates the need for users to share their
passwords with third-party applications, reducing the risk of credential theft.
Granular Permissions: It allows users to grant applications specific access rights
(scopes) to their data, such as read-only access or limited write access.
Token Management: OAuth2 uses access tokens that can be short-lived and
refreshed, improving security compared to long-lived credentials.
Authorization Separation: It separates the roles of authentication and
authorization, allowing for more flexible and scalable security models.
Oauth2
Example applications
Social Media Logins: Platforms like Facebook, Google, and GitHub use OAuth2 to
enable users to log in to various websites and apps with their social media
accounts.
API Access: Services like Twitter, GitHub, and Spotify use OAuth2 to allow
developers to build applications that interact with their APIs on behalf of users.
Single Sign-On (SSO): OAuth2 is commonly used in enterprise environments to
provide SSO capabilities, enabling users to access multiple services with a single
login.