Basic is when you access the API directly with your username and password credentials. So the user would choose Basic Auth to fill-in the username and password. Bearer is where you need to make 2 call: one to get the bearer token and one to get the data. When you have the bearer token, you can reuse it for up to 60minutes. Bearer is the recommended Auth method to do whenever possible. Great for scripting, developing an external app, or integrating with external tools.
JWT defines a compact and self-contained way to securely transfer information between two parties as a JSON object. All JWTs are tokens but not all tokens are JWTs. JWT contains information about an entity to avoid querying a database more than once.
When generating a secret, it should be secure. One way to do that is using a cryptographically secure library. Using this will convert it to a hexadecimal representation. You’ll want to never include your secret in a public app. Make the secret visually different from the ID. Also, do not store the secret in plain text, only store in an encrypted or hashed version.
the process of encoding information
an object which represents the right to perform some operation
(also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request.
“Any value that an attacker could use to impersonate the user in an authentication protocol.”
A compact, URL-safe way to securely transfer information between two parties as a JSON object
- basic and bearer auth
- RBAC, bearer (how its done), front end
- bearer and has encryption again
Preparation Materials RBAC tutorial 5 steps to RBAC wiki - RBAC# - Role Base Access Control