Authentication

Authentication

  • It is about to check the user identity to access to certain pages

Authorization

  • It is about the methodology to restrict the user access right

General Flow

  • Firstly, client need to register the key(session id / access token) from server/third-party, and store it into client-side (cookie/ local storage) by login , etc.

  • Secondly, if client want to access the private resource, need to send the request with the key, and then server side / third-party will check whether the key is valid

  • If valid, client can be allowed to access the private resource

Last updated

Was this helpful?