Online Courses
API Authentication
Online Courses
API Authentication
  • Introduction
  • API Authentication - a (very) brief introduction
    • The variants of API Authentication
    • Basic Authentication
    • API Keys
    • TLS Authentication
    • Token Based Authentication
    • Token Based Authentication and Authorization
    • OpenID Connect vs OAuth
    • History
    • Summary
    • Quiz
  • OAuth Actors
    • OAuth Actors
    • OAuth 2.0 Autors
    • Authorization vs Delegation
    • Quiz
  • OAuth 2.0 Interaction patterns
    • OAuth Code Flow
    • Client Credentials
    • Summary
    • Quiz
  • Tokens
    • Tokens
    • Formats
      • Bearer
      • PoP Tokens
    • Using an Access Token
    • Using a DPoP Access Token
    • JSON Web Token
    • Summary
    • Quiz
  • Scopes and Claims
    • What are scopes?
    • User Consent
    • Example
    • Claims
    • How to identity data to put in the token
    • Scopes and claim hierarcy
    • Putting it together
    • Summary
    • Quiz
  • APIs and Gateways
    • Why Gateways
    • Adding OAuth
    • Remember formats?
    • All APIs should depend on JWTs
    • Introspection
    • API to API call
    • API Authorization
    • Summary
    • Quiz
  • Final Assessment
Powered by GitBook
On this page
  1. API Authentication - a (very) brief introduction

Token Based Authentication

A trusted 3rd party issues tokens

Tokens are used to authenticate the caller

Can expire

Can have an audience

The API trusts the issuer of the token

Can convey both user and machine identity

PreviousTLS AuthenticationNextToken Based Authentication and Authorization

Last updated 9 months ago