Authentication and Authorization
Lets talk about authentication and authorization of various systems .
- Basic-One way to authorize is -By providing username and password .When we login in internet banking -we login by username ,password ( Although password is shown in encrypted) . But we type username ,password only . This is basic one . It can be prone to some attacks if proper SSL ,HTTPS ,Network security is not there.
- Oauth two level authentication — When we login to BookMyshow.com and from there -we select seat and for payment -we choose -Netbanking , wallets, Credit debit card , some other wallet . So if you check — There will be a payment gateway(Billaveneue etc) that will be shown and then further Landing page of netbanking or credit debit card will be shown ,
In background -this is process — — On clicking netbanking — one request with session Id ,username(key),password(token) goes into bank system .It get authorized and return a response with Token value (Bearer token) . This get used fir further transactions.
3.Multi level -For Choosing credit /debit card for payment — You will be asked to enter CVV number then secure password also . We have already given username ,password which got validated and after that successful API response — we land on page to enter cvv,OTP etc (Background there will be a token value returned which will contain username ,password, cookies ,sessionID .This combination will be valid for some time only and will expire this token value). This is multi level authentication .