Reading: Access Control (ACL)

Reading: Access Control (ACL)

  1. When is Basic Authorization used vs. Bearer Authorization?

    • Basic auth is done when user initially logged into the website.
    • Bearer auth is done when user need to traverse inside the web application. Bearer auth is done by providing the user a token to user every time when travelling inside the app.

  2. What does the JSON Web Token package do?

    • JWT user a secret key to do a hashing encrpytion for the date being provided.
    • It returns a long string that not readable (encrpyed) and could be decrpyed by a matching secret key.

  3. What considerations should we make when creating and storing a SECRET?

    • Should be complex, long, and meaning less.
    • should never be saved in production code.