Answers for "authorizations and authentication"

authentication vs authorization

Authentication : 
				telling the system who you are 
				by providing username and password.


		Authorization : 
				things you can do according to who you are 



 ------  few ways of Authorization: 
 		Basic Auth --
 			 providing username and password for each and every request you 
             make

 		Token based 
 			generate a long token just one time 
 			and use that for the rest of the request 

 			similar to the visitor tag you get when you go to certain 
            restricted areas 


 			API KEY --- 


 			Bearer Token --

what is authorization

Authorization :
It's a process of granting or denying access to resources.
Mostly it happens after Authentatication.

Most of the projects I worked on use Bearer token
with JWT in Authorizaiton header.
I have endpoint that I can use to generate this token
and pass it to the each requests in my test.

Different ways to making authorized request:
1- Basic Auth
       (providing username and password along with each request)
2- Api Keys
       (It is provided token by the api vendor and
        it could be as query parameter or header
3- Bearer Token
       (We can get it by requesting to certain endpoint)
       Most known jwt(json web token)
4- Auth2
      (A much more secure way of authorizing your request
      The flow is similar to Login with facabook,google
       Eventually the token still get added to the 
       Authorization header)