Monday, September 7, 2020

What is Authentication and Authorization?

 Authentication:

The act of indicating a person or thing's identity, authentication is the process of verifying that identity.


Authorization:

Authorization is the function of specifying access rights/privileges to resources.

Friday, March 27, 2020

Open Source license policy

GPL:
The GPL is copyleft i.e It requires you to disclose your source code and make the modified version open source as well.

MIT License:
The MIT license allows reusing the code freely for our own use, reusing for commercial or non-commercial distribution whether in source or binary form. But, it does not allow us to claim the authorship of the code or to claim the original author for any downhill.

Apache Licence:
We can use Apache License software in our commercial products. The Apache License is more restrictive in terms of modifications relative to MIT license. We need to list out all of the modifications that we have done and have to preserve all of our modification notices.

BSD License:
Unlike GPL, the BSD License is free of copyleft, we don’t need to disclose our source code and to make the modified version open-source as well. Unlike Apache License, we are also not required to state all our modified changes.

Open Source License Policy and related questions and answers are available here: https://opensource.org/licenses

Resource Link: https://medium.com/@angularboy/guide-to-open-source-licenses-585f699c8369

Friday, March 6, 2020

Power Mock with static example

Power Mock with static example:

Manufacturing Code: https://github.com/7droids/PowerMock/blob/master/PowerMock/src/de/sevendroids/java/powermock/sample/PowerMockSampleClassWithStaticMethod.java

Unit Testing Code: https://github.com/7droids/PowerMock/blob/master/PowerMock/test/src/de/sevendroids/java/powermock/sample/PowerMockSampleClassWithStaticMethodTest.java

Monday, January 20, 2020

ID token vs Access Token

Access token is issued from Authorization server. Authorization Server issues an access token to a client to access a resource. Access token is verified by resource server which is provided by Authorization server. Access token is very opaque to client.

ID token is issued from Authorization server. Authorization Server issues an ID token to a client. Client who is one will validate this ID token by validating it's signature.

Access token can't tell anything about the user. On the other hand, ID token includes identity information about the user. You can identify and authenticate the user who is looking at the ID token. It includes the claim about the user like firstname, last name and email. Client can interpret the ID token and find who the user is.
Another blog data: Understanding ID token