HTTP protocol is stateless. meaning, if we have to authenticate a user we send out the username and password to the server and the server authenticates us , the next time when we send out a new request to the server the server doesn't really remember us anymore (from the last request) and we may need to have to authenticate the user again to process the request and so on.
We have been using the Server based authentication for a long time now and frankly with the era of cloud computing and scalability , its ..umm .. Outdated? Yeah probably. Basically with the server based authentication we need to save some user authentication information on the .. well you guess it , Server! This is a problem. mostly because of scalability. Today we have cloud platforms that can be scaled dynamically according to the demand and if we are going to save the authentication information on the server (session mostly) then we are restricting the user to that particular server machine which was used to login increasing the server machine load and traffic.
Token based authentication to the rescue!
Token based authentication is stateless. With token based authentication, we don't save any session information and with that out of the system the server can scale! we save the authentication information as a token on the client.
How does it work
You(user) send the server(api) the authentication information, basically the username and password.
The server(api) will approve you(user)
The server(api) returns a token
You save this token somewhere on the client for further use.
Here is the important deal -> you send this saved token every time you make a new request to the server (api).
Every single further request will require you to send this token. You can also set an expiry for this token and when it expires you (user) have to login again.
You can further read about this from this amazing article here
That's all folks!
No comments:
Post a Comment