Skip to content

Centralised Authentication#

It's likely that you have a single account for each website that you (frequently) visit online: Google Mail, Facebook, LinkedIn, Reddit, etc. When you get into a corporate environment you're very likely to be working with a centralised authentication system which means you'll have a single set of credentials that gets you access to many systems.

There are a few technologies backing this kind of system. For now I simply want you to be familiar with the concept and the technologies directly. It's quite an advanced topic. Also note we won't implement them in this book as it's an advanced topic for future you and your future career.

OAuth#

The key here is "without giving them the passwords." With OAuth, you connect to a website or application (same thing these days) it uses another, centralised system to verify your identity. This usually means you're sent to that application first, you authenticate, and then you're returned to the original system you tried to xaccess and you're logged in. Visually this looks like this:

OAuth Abstract Flow

OAuth Abstract Flow
(Devansvd, CC BY-SA 4.0, via Wikimedia Commons)

The application asks the user to authorise the application to access their Google Drive account so the printing service cna access photos in the drive. An authorisation server is consulting, and the user has to provide credentials to validate their identity. Once that identity is confirmed the printing service can access that user's Google Drive, all without ever sharing their Google account password with the third party printing service.

Single Sign-on (SSO)#

This is a bit different to OAuth because with OAuth you authorise applications to access your account without having to share the password. With SSO, you login to a central system and then from there you can access other systems (that may or may not need access to your account information). This is the most common authentication mechanism you'll see in large companies, enterprises and governments.

After you've authenticated with the centralised system, you start accessing other systems that have been configured to use your centralised authentication mechanism for authorisation instead of asking you for a password. That's SSO very simplified and in a nut shell.

In another, more advanced book we will look at AWS SSO.