OverviewAuthentication is a way of proving your identity, that you are who you say you are. Only after a user has been Authenticated can it be determined if they are Authorized (or not Authorized) to access the requested resource from the server.
Basic Authentication using the Hypertext Transfer Protocol (HTTP) is one of the most well-known forms of authentication with a user providing a username and password, otherwise known as their credentials, to verify their identity to the server. The username and password are combined, separated only by a colon ":", encoded, and passed to the server as the corresponding value to the "Authorization" request header as shown below: (It is important to note that the username and password are only encoded, not encrypted, which is a security downfall using the Basic Authentication method as it is easy to reverse an encoding on the credentials).
GET https://quorumlanguage.com/GETtest.php HTTP/1.1 Authorization: Basic [your encoded username:password]
If the credentials passed in the Request Message match the credentials the server has stored in their list of users, then the server will respond with the requested resource. If the credentials passed do not match (authentication failed), or if the user does not have access to the requested resource (authorization failed), then the server will respond with a Status Code and associated Status Text indicating either "401 authentication failed" or "403 the user is not authorized to access the requested resource".
OAuthRather than using a user’s personal credentials as a means of authentication and/or authorization, OAuth allows users to request authentication and authorization through an Access Token. The access token must be obtained from the owner (server) of the resource(s) being requested prior to the request. The access token is then sent to the server in the request message as shown below to authenticate and authorize access to the resource:
To see OAuth in practice see our Skynet Tutorial where an OAuth access token is sent in the request message and used to authenticate a user before they are able to obtain an observation. If you do not have a valid token you will not be able to access the requested resource (or observation in this case).
GET https://quorumlanguage.com/GETtest.php HTTP/1.1 Authorization: Bearer [your access token-value]
In the next tutorial, we will discuss Connecting to Skynet, which describes an introduction to connecting to Skynet's telescopes to take a picture using the Hypertext Transfer Protocol (HTTP).