1 00:00:00,240 --> 00:00:06,810 In this section, let's try to understand what is the role of tokens inside authentication and authorization 2 00:00:06,810 --> 00:00:07,240 flows. 3 00:00:07,380 --> 00:00:14,400 Many frameworks, including spring security framework, uses token based authentication and authorization 4 00:00:14,400 --> 00:00:21,900 considering its most efficient way of validating the user details for each and every request that we 5 00:00:21,900 --> 00:00:23,220 receive from the client. 6 00:00:23,490 --> 00:00:31,110 So basically a token can be a plain string of format you or it can be of an industry standard tokens 7 00:00:31,110 --> 00:00:39,060 like JWT, which we call it adjacent token that get generated when user authenticated very first time 8 00:00:39,060 --> 00:00:40,070 into the system. 9 00:00:40,080 --> 00:00:47,220 We'll discuss more about what it JWT in the coming will use for noting that token is a value that get 10 00:00:47,220 --> 00:00:55,740 generated when the user first authenticated into your system and the same token will be passed by the 11 00:00:55,740 --> 00:01:02,580 client system for all the further requests when the user trying to access a protected resource on the 12 00:01:02,580 --> 00:01:02,910 back. 13 00:01:02,950 --> 00:01:07,650 And the reason why they send the token is we don't have to share the credentials. 14 00:01:07,680 --> 00:01:11,250 Again and again, all the network for each and every request. 15 00:01:11,280 --> 00:01:18,360 Instead, we can rely on the tokens and there are also all the ways of maintaining sition I.D. on the 16 00:01:18,360 --> 00:01:18,720 back. 17 00:01:18,720 --> 00:01:24,990 And we'll see what are the advantages of token compared to maintaining Section eight is on the server 18 00:01:24,990 --> 00:01:26,520 side in the next value. 19 00:01:26,550 --> 00:01:33,780 But for now, look at this example where a client performed a logging operation into an application, 20 00:01:33,780 --> 00:01:39,990 the authorization server application, which is staying at the back, and it will validate the user 21 00:01:39,990 --> 00:01:40,680 credentials. 22 00:01:40,690 --> 00:01:47,460 And if the user is valid, it generates a token and send to the client application either in the header 23 00:01:47,610 --> 00:01:50,180 are in query string of that response. 24 00:01:50,220 --> 00:01:59,130 Now, the client will say this token either in local storage or any stories that they have access and 25 00:01:59,130 --> 00:02:05,640 for every subsequent request that they are going to make to the back end, like I want to access my 26 00:02:05,640 --> 00:02:08,430 account details, which is a protected resource. 27 00:02:08,460 --> 00:02:15,090 I will pass this token along with the request that I want to send either in the authorization header 28 00:02:15,090 --> 00:02:18,120 or wherever it is apt for my application. 29 00:02:18,270 --> 00:02:24,930 And once my backend application receives this token, it will validate whether this is the really the 30 00:02:24,930 --> 00:02:27,990 same token that I generated initially. 31 00:02:28,020 --> 00:02:33,540 So basically the server maintains all these tokens inside in the memory are. 32 00:02:33,660 --> 00:02:40,120 We also have some scenarios where applications maintain these details, either in the database or some 33 00:02:40,220 --> 00:02:43,680 optimized memory service like release memory. 34 00:02:43,690 --> 00:02:51,150 So so based upon the value that it obtained from thus memory, the server will validate what is a valid 35 00:02:51,150 --> 00:02:51,900 token or not. 36 00:02:52,110 --> 00:02:57,150 If it is a really valid, then it will give the response that the client is expecting. 37 00:02:57,300 --> 00:03:01,720 Otherwise the request will be stop saying that the token is invalid. 38 00:03:01,740 --> 00:03:07,740 So now we understand what is the role of tokens inside any authentication flaw. 39 00:03:07,980 --> 00:03:13,410 Let's try to understand what are the advantages with the token based authentication and authorization 40 00:03:13,410 --> 00:03:18,300 compared to traditional ways of dealing authorisation and authentication in the next room. 41 00:03:18,420 --> 00:03:18,860 Thank you. 42 00:03:18,870 --> 00:03:19,800 And see you in the next.