Service-Based Authentication Using Tokens

Posted by jerhinesmith on Stack Overflow See other posts from Stack Overflow or by jerhinesmith
Published on 2009-06-02T14:18:20Z Indexed on 2010/05/18 9:31 UTC
Read the original article Hit count: 243

Filed under:
|
|

I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows:

  1. Client requests username/password from user
  2. Client passes username/password to identity provider
  3. Provider checks username/password and sends back a token if the user is valid
  4. Client does something with the token?

The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

© Stack Overflow or respective owner

Related posts about authentication

Related posts about web-services