All about authentication

All about authentication

Authentication is the most common and used word when it comes to computer networking or backend in general.

In this blog, we are going to fully deep dive into authentication.

What is authentication?

Authentication means allowing the user to access your app or service after making sure he/she is a valid user. In authentication, a user provides you with his username, email, and password and then if the user is already present in your database you allow the user to access your app. In case the user is not registered on your database then you register the user first and then provide access to the user.

Authentication is of two types:

  1. Stateful

  2. Stateless

Let's discuss each of them deeply.

Stateful authentication

In stateful authentication, a user provides the backend with his/her username and password and after authenticating from the database the backend provides the user a session ID and a session reference. Then when the user requests the backend his reference is matched to the session and then he is allowed to complete his/her request. Once the user has finished his work he can simply revoke his session by logging out of the application.

In this form of auth, we need to store the session ID on the backend for a good experience.

This form of auth is useful for banking applications in which the user is only able to access the portal for 10 - 15 minutes, after that the session ID is deleted and the user is logged out of the application.

Advantages of stateful auth:

  1. Easy to implement

  2. Revoke the session anytime

Disadvantages of stateful auth:

  1. Increases server load: Consider you have millions you users accessing your application, for every user you are storing a session ID on the server, this increases the load on the servers making the application slower.

  2. Data loss: What if your server restarts itself? Then all the sessions stored would be lost and all your users would be logged out of the application.

Stateless authentication

Stateless auth is used to solve the disadvantage of stateful auth. In a stateless auth we use something like JWT ( JSON Web Token ).

In a stateless auth you provide the backend with your username, ID, and password and the backend then returns a token ( after validation ) with a secret key added to that token. Then that token is stored on the client side ( mainly local storage) and every time a user sends a request to the backend, the token is sent along with the user.

The token looks something like this:

The token also may have an expiration date, after which a new token is assigned to the user.

Advantages of stateless auth:

  1. Less load on the server: Since we token that is stored on the client side, the server has less load, as in the case of stateful auth, we needed to store the session id on the server.

  2. Easy to scale.

Disadvantages of stateless auth:

  1. Cannot revoke the session anytime: Since the token is stored on the client side the server does not have any rights to delete the session.

  2. A little more complex to implement than the session

Conclusion

Either stateful or stateless auth, both of them have their own advantage or disadvantage. You must consider the use case of you application before implementing any one of them.

Did you find this article valuable?

Support Manas Upadhyay by becoming a sponsor. Any amount is appreciated!