Why token based authentication is a thing?

- Nikhil Sharma

  • October 1, 2021
< 1 minute

Repeatedly sending credentials over the internet is a security risk. But when you need to sign in to cloud and web-based apps, it is unavoidable. Or is it?

Token-based authentication is a protocol which allows users to verify their identity, and in return receive a unique access token. During the life of the token, users then access the website or app that the token has been issued for, rather than having to re-enter credentials each time they go back to the same webpage, app, or any resource protected with that same token.

Authentication tokens work like a stamped ticket. The user retains access as long as the token remains valid. Once the user logs out or quits an app, the token is invalidated. Tokens offer a second layer of security, and administrators have detailed control over each action and transaction.

Token-based authorization offers the following benefits:

  • Tokens are stateless. The token is self-contained and contains all the information it needs for authentication. This is great for scalability as it frees customer servers from having to store session state.
  • Tokens can be generated from anywhere. Token generation is decoupled from token verification allowing you the option to handle the signing of tokens on a separate server or even through a different company.
  • Fine-grained access control. Within the token payload you can easily specify user roles and permissions as well as resources that the user can access.
Subscribe to Ilantus Blogs