Contribute to help us improve!
Are there edge cases or problems that we didn't consider? Is there a technical pitfall that we should add? Did we miss a comma in a sentence?
If you have any input for us, we would love to hear from you and appreciate every contribution. Our goal is to learn from projects for projects such that nobody has to reinvent the wheel.
Let's collect our experiences together to make room to explore the novel!
To contribute click on Contribute to this page on the toolbar.
Authentication
Term definition
| Term | Description |
|---|---|
Authentication |
Verification that somebody interacting with the system is the actual subject for whom he claims to be. |
The one authenticated. There are two forms of principals that need to be distinguished:
|
|
user |
A common term used to refer to any principal even though it may not be a human. |
credential |
A secret provided by the principal. The most simple form of credentials is a password. |
Authentication mechanism
Basic Auth
| Only secure when used via SSL secured connection. Otherwise principal and credentials are exposed! |
| Benefits | Concerns |
|---|---|
|
|
JWT
https://jwt.io/introduction JWT tokens are usually requested from a third party (or embedded tool) via username and password. The requested token has a limited expiration and contains details about the user. Therefore, JWTs are tightly coupled with authorization as well.
| Benefits | Concerns |
|---|---|
|
|
Form Login
A form login let’s the user enter the credentials on a form based website. The user is then logged in which is usually verified by an open session. devonfw recommends stateless applications. Therefore, a better and alternative approach is to let the user authenticate to a JWT issuer using the credentials returning a token that can be used for further requests.