Site icon API Security Blog

Use OAuth 2.

0 for authorization and JWT for authentication.

OAuth 2.0 is a framework that provides client applications a “secure delegated access” to server resources on behalf of a resource owner (e.g., the user). It specifies how an application can obtain limited access to HTTP services running on different servers, without having to know the username and password of the service account or store them on their own servers — which would be vulnerable to attacks if they were ever compromised. The main idea behind OAuth is based on three concepts: Resource Owner, Client Application, and Authorization Server. In addition, there are two types of tokens in OAuth: Access Token and Refresh Token
https://t.co/lL4twaLinR

Exit mobile version