All you need to know about login (SSO, LDAP, SAML, OAuth, OpenID)I was recently asked this question
<p>Authentication (Who you are). before accessing any resource, you need a “token”. and of course, before login, you need to register first.</p>
<p>Token generation and verification: Authorization (What you can do). this is the step after logging in or renewing a token(using a refresh token). the token that is stored in db (or here could be a standalone IDP, which depends on the design) is valid for a certain time window.</p>
<p>So what is a token? — You can think of it as “an encrypted identity within a time window”. or, you can also treat it as either of below:</p>
<ul>
<li>A movie or whatever ticket when watching a show</li>
<li>A “day pass” when you enter a building</li>
</ul>
<p>So the problem with the above traditional flow is — to reinvent the wheel. Let’s think about 2 cases.</p>
<ul>
<li>Company system (every company will have to build its own login)</li>
<li>Web application. every system there will be a “login module”. which is a big waste and disaster for the end user.</li>
</ul>
<p>Let’s move on to see the solutions.</p>
<h1>AD(1998) Login and LDAP (Lightweight Directory Access Protocol) (1993)</h1>
<p>The short, LDAP is a protocol, and AD is an implementation of LDAP in the MS world.</p>
<p>So now let’s focus on LDAP to understand how the “company standard authentication flow” works.</p>
<p><a href="https://iorilan.medium.com/all-you-need-to-know-about-login-sso-ldap-saml-oauth-openid-i-was-recently-asked-this-question-aea8ae47ce2b">Read More</a></p>