What is token-based authentication?

前端 未结 8 1772
既然无缘
既然无缘 2020-11-22 16:39

I want to understand what token-based authentication means. I searched the internet but couldn\'t find anything understandable.

8条回答
  •  北海茫月
    2020-11-22 17:25

    I think it's well explained here -- quoting just the key sentences of the long article:

    The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site.

    In other words: add one level of indirection for authentication -- instead of having to authenticate with username and password for each protected resource, the user authenticates that way once (within a session of limited duration), obtains a time-limited token in return, and uses that token for further authentication during the session.

    Advantages are many -- e.g., the user could pass the token, once they've obtained it, on to some other automated system which they're willing to trust for a limited time and a limited set of resources, but would not be willing to trust with their username and password (i.e., with every resource they're allowed to access, forevermore or at least until they change their password).

    If anything is still unclear, please edit your question to clarify WHAT isn't 100% clear to you, and I'm sure we can help you further.

提交回复
热议问题