Brainy Fools
Authentication vs Authorization

Authentication vs Authorization

Authorization workflow

Komal Shevane's photo
Komal Shevane
·

2 min read

Authentication verifies a user's identity, confirming their claimed identity through credentials like passwords or biometrics. Authorization, on the other hand, determines the access rights and permissions granted to authenticated users. While authentication focuses on confirming identity, authorization regulates what actions and resources users are allowed based on their authenticated identity. In essence, authentication establishes who you are, while authorization dictates what you can do or access once your identity is confirmed. Both are crucial components of security systems, collectively ensuring only authorized individuals access specific resources or perform designated actions within a system.

Authentication Process Workflow:

JWT (JSON Web Token) authentication in a React application typically involves the following steps:

  1. User Login:

    • User provides credentials (e.g., username and password) in a React login form.

    • React sends the credentials to the server.

  2. Server Authentication:

    • The server verifies the credentials and generates a JWT containing a unique identifier for the user and any additional information.

    • The server signs the JWT with a secret key.

  3. JWT Response:

    • The server sends the signed JWT back to the React client.

  4. Client Storage:

    • React client stores the JWT securely, typically in browser cookies or local storage.

    • Storing JWT in local storage is not advisable due to security risks; instead, it is recommended to store it in the Redux store or application state to enhance protection against potential attacks.

  5. Subsequent Requests:

    • For subsequent requests, the React client includes the JWT in the Authorization header.

    • The server verifies the JWT's signature using the secret key.

  6. Authorization:

    • If the JWT is valid, the server extracts user information from it and authorizes the requested actions.

  7. Token Expiry:

    • JWTs often have an expiration time, and the client needs to refresh the token by re-authenticating when it expires.

    • To achieve this on the frontend, it is necessary to implement logic that automatically triggers a call to the refresh token API at regular intervals, ensuring the token is refreshed after expiration. Subsequently, the updated token is stored again.

  8. Logout:

    • To log out, the React client removes the JWT from storage/ state/store.

This workflow allows for stateless authentication, where the server does not need to store user sessions. The JWT contains all necessary information for authentication, and each request from the client includes this token for verification and authorization on the server side.

authorizationauthenticationJWT token,JSON Web,Token,Token authentication,Access token,JSON token,JWT security,JWT authentication,Token-based authentication,JWT decoding,JWT implementationJWT#JWTAuthentication #JWTtokens Authentication with ReactAuthentication and Authorization Management