View reading-notes on GitHub

Reading notes for class 8 of 401

Access Control (ACL)

When is Basic Authorization used vs. Bearer Authorization?

Basic authorization is used when signing into a profile and retrieving data. Bearer authorization is used when you want to verify that the user that is trying to retrieve data is allowed to.

What does the JSON Web Token package do?

The JSON Web Token package allows you to use token authentication in your code.

What considerations should we make when creating and storing a SECRET?

Make sure it is a “SECRET” and it is unique to the code.

Vocab

encryption

  • The encryption process translates information using an algorithm that makes the original information unreadable.

token

  • Defines a way to securely transmit info between two applications/parties and is trusted because it is digitally signed.

bearer

  • A person or thing that carries or holds something.

secret

  • A hidden value used to sign tokens.

JSON Web Token

  • JSON Web Token (JWT) is a compact URL-safe means of representing claims to be transferred between two parties.