The document discusses authentication and authorization, explaining that authentication verifies who a user is through their user ID, while authorization determines what resources a user can access. It introduces common authentication standards like OpenID Connect which uses an ID token and access token to log users in and grant them access to resources on another site or app. Tokens like ID tokens and access tokens are used to authenticate and authorize users in a secure way across different systems and applications.

1. Authentication &
Authorization
Prologue

2. WHO AM I?

3. World where we trust everyone!

4. You only need
you user ID!

6. It’s mine!

8. PASSWORD

9. Please provide you
email and
password

13. m1.GjW1DYwYxV+r8Ont.QYFifnrRH1LjHuj71YsFLQ==.0.zg1/eqkGrGJYew9Q4fh4
hM8YVvqB8IZcqvZxaaJWIV8AzoCIp416V3350qwQdoaks82gb5dLIG5qjPyQyWes8sW
mh0utTQ4ayr2gXgK1u2uF9FdKLaQTiFyTs+qlWCzSxyGMe+WLMnEyt/KI6bxBpuiPpE
AV3WXgyKDy1kiQY9+rfzvrsxCV/szqNkwUmg1SsiCdkml/TWncSkPXFUR0sjviW8HLT
1U8KU6oEY6AYlIgmoQKpgByp4B0rGP/W/JxioQAI7qLZJGGfSUW0gq93vUCRkVIb77p
s+NfkrTfhZEL1Oq8yseYI5tIW/PWSL3C43i2JHS+1islWekYoaIRYF/VGrmjf//Oiha
NWYvRwAmPKT8RAhw6pshwjmkToTAkvcrEYanyMuNrwuUVD5fj9XtIPqN7J7DMuUUNFx
AmtG/+JkVeHlx4i3tCh+zV3UJyx3HdRhQd16VJAhRfqPs2olNCNGHLTB3yGAf0A/Wna
JlqpnIC3MBJdyKEifj7/cQRhb3DmLgmhO78Q3to
Content Of the Cookie

14. What the hell
is token!?

18. Photo printing service

19. Here is my password
BUT
don’t look
Please

21. Apps & Services everywhere!

24. SSO
Here to rescue

26. Authentication (AuthN)
+
Authorization (AuthZ)
ID Token
+
Access Token
=
OpenID Connect

27. IDP
Browser
Resource
Server
ID_TOKEN
ACCESS TOKEN
Login
ID Token, Access Token
Access token
resource

28. Token
● ID Token
○ JWT (Json Object)
● Access Token
○ JWT (Json Object)
○ Opaque

29. JWT Structure

30. My key fingerprint - 4638 7D59 AC87 6DD9 BD97 370D 5950 FED0 2787 69D1

31. But there is more!
● Refresh token
○ Offline access
● SAML
○ You don’t need it