Service-Based Authentication Using Tokens
Posted
by jerhinesmith
on Stack Overflow
See other posts from Stack Overflow
or by jerhinesmith
Published on 2009-06-02T14:18:20Z
Indexed on
2010/05/18
9:31 UTC
Read the original article
Hit count: 243
I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows:
- Client requests username/password from user
- Client passes username/password to identity provider
- Provider checks username/password and sends back a token if the user is valid
- Client does something with the token?
The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?
© Stack Overflow or respective owner