All you need to know about login （SSO, LDAP, SAML, OAuth, OpenID)I was recently asked this question again: “What is the difference between authentication and authorization?”
Let’s touch all of them in this single post. walkthrough in 10 mins.
Back to the old-school
A quick explanation.
Login: Authentication (Who you are). before accessing any resource, you need a “token”. and of course, before login, you need to register first.
Token generation and verification: Authorization (What you can do). this is the step after logging in or renewing a token(using a refresh token). the token that is stored in db (or here could be a standalone IDP, which depends on the design) is valid for a certain time window.
So what is a token? — You can think of it as “an encrypted identity within a time window”. or, you can also treat it as either of below:
- A movie or whatever ticket when watching a show
- A “day pass” when you enter a building
So the problem with the above traditional flow is — to reinvent the wheel. Let’s think about 2 cases.
- Company system (every company will have to build its own login)
- Web application. every system there will be a “login module”. which is a big waste and disaster for the end user.
Let’s move on to see the solutions.
AD(1998) Login and LDAP (Lightweight Directory Access Protocol) (1993)
The short, LDAP is a protocol, and AD is an implementation of LDAP in the MS world.
So now let’s focus on LDAP to understand how the “company standard authentication flow” works.
The Org chart
So LDAP is designed for “company login and directory search” quickly.
- Stores an “organization tree” (directory) for every staff.
- combined with…