Authentication (Who you are). before accessing any resource, you need a “token”. and of course, before login, you need to register first.
Token generation and verification: Authorization (What you can do). this is the step after logging in or renewing a token(using a refresh token). the token that is stored in db (or here could be a standalone IDP, which depends on the design) is valid for a certain time window.
So what is a token? — You can think of it as “an encrypted identity within a time window”. or, you can also treat it as either of below:
- A movie or whatever ticket when watching a show
- A “day pass” when you enter a building
So the problem with the above traditional flow is — to reinvent the wheel. Let’s think about 2 cases.
- Company system (every company will have to build its own login)
- Web application. every system there will be a “login module”. which is a big waste and disaster for the end user.
Let’s move on to see the solutions.
AD(1998) Login and LDAP (Lightweight Directory Access Protocol) (1993)
The short, LDAP is a protocol, and AD is an implementation of LDAP in the MS world.
So now let’s focus on LDAP to understand how the “company standard authentication flow” works.