stack | lang |
---|---|
GO |
all |
all about Encryption, jwt, Oauth, HMAC and more..
basic authentication part of the specification of http send username / password with every request. uses authorization header & keyword "basic"
- put "uesrname:password" together.
- converts them to base64.
- basic64 put generic binary data into form
- base64 is reversable, never use with http, only https
- use basic athentication to login. for example:
crul -u user:pass -v google.com
never store passwords, instead store one-way encryption "hash" value of the password for added security:
- hash on the client
- hash that again on the server
- hashing algorithms "bcrypt - current choice, scrypt - new choice" more info about scrybt
- bearer tokens
- added to http spec with OAUTH2
- uses authorization header & keyword "bearer"
- to prevent faked bearer tokens, use cryptographic "signing"
- cryptographic signing is a way to provethat the value was created by certain person
- HMAC
- Hmac is a signing cryptographic algorithm "and that's all it is by itself"
json web token {jtw standerd field}.{your fields}.Signature
has several ways of making it work, but the most common one is the client credentials method. the other one that's common is implicit from the point of view of the user. both of them are identical client credentials, has more security behind it. the implicit, however works, if the implicit one works better, through if you're using like a front end only website, like react only with no actual back end.
so OAtuh2 allows a user authorizes ne website to do something at another website. example: give one website access to your dropbox accountto store files there or retrive files from there. and we also use OAuth to login. example: login with facebook. there is 4 ways, but the common ways is:
- client credentials
more secure way, but requires a server
"three" legged flow
- implicit
less secure
"two" legged flow
surprisingly enough, OAuth is actually more secure
use go docs to look for code, inside any pkg
go doc github.com/go-pkg/example
go mod init folder-name or www.github.com/userName/repo-name
go mod tidy
go get github.com/joho/godotenv
go list -m -version pkg-name
- example:
go list -m -versions github.com/dgrijalva/jwt-go
export GOPATH=$GOROOT
unset GOROOT
go env -w GO111MODULE=off