Reputation: 51
Can anyone tell me the difference between basic authentication and JWT token?
So in our project I am responsible for the UI part which is in Angular 8 and the backend is developed using JAVA. Both will be deployed in the same windows server. Currently we are using basic authentication for authenticating the user and accessing different REST URL's. I am new to this so I have not much idea about the JWT tokens. So can anyone explain what is the difference between using basic authentication and JWT tokens and do we require JWT token when both backend and frontend are deployed in the same server?
sample code for user verification in current project using basic auth...
LoginAuthorisation(logindata: LoginData) {
let authrizationdata = logindata.inputEmail+":"+logindata.inputPassword;
const httpOptions = {
headers: new HttpHeaders({
'Content-Type': 'application/json',
Authorization: 'Basic ' + btoa(authrizationdata),
}),
observe: "response" as const,
withCredentials: true
};
const body = { "message": "Test Data"}
console.log(httpOptions);
return this.http.post<any>('http://*****************/home',body,httpOptions);
}
Upvotes: 4
Views: 6445
Answers (1)
Reputation: 13822
This is a really broad question but here goes.
What is basic authentication?
Usually what we mean with BASIC Authentication is HTTP's basic auth which is: In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the Base64 encoding of ID and password joined by a single colon (Wikipedia)
Bottom line: a client sends their credentials over to a server for validation.
What is JWT-based Auth?
That, however, is not a great idea. You generally don't want to send your credentials. Rather you want to send a token that represents your rights / entitlements to talk to the aerver. This is where JWT comes in. JWT stands for JSON Web Token. Your identity server generates a token that certifies the user identity, and sends it to the client. The client will send the token back to the server for every subsequent request, so the server knows the request comes from a particular identity.
Now it helps to understand JWT kind of comes from OAuth 2.0 and OpenID Connect which are authorization / authentication protocols built to avoid the "password anti-pattern" i.e. having to share your creds.
Have a look at sites like oauth.tools or jwt.io for more info.
JWT-based auth is becoming the de facto standard for API authentication rather than username-password.
Resources
- https://jwt.io
- https://oauth.tools
- https://medium.com/@maison.moa/using-jwt-json-web-tokens-to-authorize-users-and-protect-api-routes-3e04a1453c3e
Upvotes: 4
Related Questions
- Web API Authentication Basic vs Bearer
- What are the main differences between JWT and OAuth authentication?
- Is Basic Authentication a Session based authentication and why Jwt is more recommended?
- What are the differences between JWT and OAuth authentication?
- Is HTTP Basic Authentication and OAuth 2.0 same?
- JSON Web Token (JWT) : Authorization vs Authentication
- How to JWT Authorization in Angular 2.0
- Angular 2 and JWT authentication (Auth0)
- Basic Auth and JWT
- Angular basic authentication and token