Saturday, December 14, 2024

MAD2-Flask-Security

 Session-Based Authentication

  • User logs in → server generates a session ID → stores it in the database.
  • The session ID is sent to the client as a cookie, which is sent with every request to authenticate the user.
  • Session data is stored on the server (in memory or a database).
  • As the user base grows, managing and maintaining sessions becomes resource-intensive.
  • Sessions require state to be maintained on the server
  • Cookies have limitations with CORS (Cross-Origin Resource Sharing), which can make session-based authentication difficult for APIs consumed by different domain clients.

  • Token-Based Authentication
  • User logs in → server generates a token (e.g., JWT, Authentication-token) → sends it to the client.
  • The client stores the token (in local storage, session storage, or cookies) and includes it in the header (e.g., Authorization: Bearer <token>,Authentication-Token:<token>) for every request.
    Advantages of token based authentication:
  • stateless, more flexible and scalable
  • support cross-platform 



  • How the role_required decorator is working?(Role Validation)

    1.The roles_required decorator is typically used to restrict access to certain routes based on the roles assigned to a user in a Flask application
    2.The decorator checks if the logged-in user has the required role(s) to access the route.
    3.If user role not matching with the required role, the user is either redirected (e.g., to a "403 Forbidden" page) or returned an error response (e.g., JSON with 403 status).
    Status Codes
    HTTP status codes indicate the result of a request. In Vue, you typically interact with these through axios or fetch.

    Success codes
    1.200 OK: The request was successful, and the response contains the data.
    2.201 Created: The request was successful, and a new resource was created.

    Redirection codes
    1.301 Moved Permanently or 302 Found: Resource has been moved; you may need to follow the redirect.

    Client Errors
    1.400 Bad Request: The server cannot process the request due to invalid syntax.
    2.401 Unauthorized: Authentication is required or failed.
    3.403 Forbidden: User does not have permission to access the resource.
    4.404 Not Found: Resource not found.
    5.422 Unprocessable Entity: Validation errors (e.g., form input errors).

    Server Errors
    1.500 Internal Server Error: A general server error.
    2.503 Service Unavailable: Server is temporarily unable to handle the request.


    No comments:

    Post a Comment

    Mangerial Economics Quiz1 solutions Guide

    Mangerial Economics Quiz1 solutions Guide  solutions watch on you tube channel