Write Countersign Authentication with airSlate SignNow

Countersign authentication

hello guys in this video tutorial we are going to study about the different types of authentication so let's get started right away there are various types of authentication that are available as a part of this tutorial we will be focusing on a few important ones the first one we will learn about is the basic authentication the basic authentication is a process for browser to request a username and a password once these are supplied the resources are available for which the request has been sent for and this username and password is the first step to authenticate the user in the basic authentication we learnt about sending the username and password for every request we are making to the server this is inconvenient and can be a security risk even if the transport is through secure http the client application must have those credentials stored without encryption to be able to send them with these requests a popular solution to this problem is to create tokens a token is a string that server generates for the client and it can be passed along inside an http request the next type of authentication we are going to learn about is the oauth authentication to begin at a high level what is neither an api or a service it is basically an open standard for authorization and anyone can implement it to talk more specifically oauth is a standard that apps can use to provide client applications with a secure delegated access oauth works over https and authorizes the devices apis servers and applications with access tokens rather than the credentials there are two versions of oauth oauth 1.0 and or 2.0 these specifications are completely different from one another and they cannot be used together there is no backwards compatibility between them so if you ask which one is more popular the answer to that will be what 2.0 is most widely used form of oauth we will learn about oauth in due course of time but right now it is not under the scope of this particular tutorial let us learn about the basic authentication in more details so what is this basic http authentication as we discussed before the credentials for an http basic authentication scheme are transmitted in the form of user id or password and they are encoded in the base 64. speaking about the security of basic authentication the main challenge in passing the user id and password over the network is that the base64 can be reverse encoded and this makes the basic authentication scheme insecure the https or tls protocols should be used in conjunction with the basic authentication and without this additional security enhancement basic authentication should not be used to protect sensitive or valuable information in the basic http authentication the request that is sent to the server should contain a header having a key value pair in which the key is represented by authorization while the value is represented by the phrase basic and then the credentials these credentials are base 64 encoded having learned the basic authentication it's time to try the same in swagger and postman tool so right now we are in the swagger tool and the scenario for which we will be trying the basic authentication is basically to add a book to a user account we have this particular api which is a post method with the end point bookstore v1 books and we need to supply it with a user id and an isbn number for a book to add it to the book thus let's go to the postman tool and try to do it we are in the postman tool and let us click on this particular plus we select post because that's the post request and we will mention the request url over here the next step we will do is to specify the basic authentication to do that click on the authorization and select the type as basic auth in this we have to specify the username and password the username and password is a pre-known one that we have used previously and hence i will just right now enter it and enable the show password to make things simpler this username and password is the same one which you can create in this particular api which is post account v1 user since i have already created it i am using it right away having specified the basic authentication for the username and password our next step will be to go to the headers tab in the headers tab the first one you see over here is authorization key which is a header name and it is supported by a value which is basic that is the phrase basic followed by the encoded version of the username and password that is the credentials we had sent across the next step is to enter the request body over here the request body is similar to the one that we have for the post request that is user id followed by collection of isbns to make things easier i have already specified the isbn as well as the user id the last step is basically to click on the button send we received the response from the server with the status as 201 that is the status code along with the response the response you notice over here contains an isbn as well as book and other details of course the isbn is the one that we had requested for in the book details that got added to the account user for this particular user id which we had supplied previously this basically exemplifies that the authorization or the basic authentication has worked for us which is the username and password which got in the encoded format and sent across in the header and the associated value and we received a successful response for it so this explains our basic authentication case the next authentication we will learn about is the bearer authentication the name better authentication can be understood as an authentication which gives access to the resources to the bearer of the token the bearer token is a cryptic string it is usually generated by the server in response to the login request the client must send this token in the authorization header when making request to the protected resources the format in which it is framed is a key value pair where authorization is the key and bearer followed by token is the value the bearer authentication scheme was originally created as a part of oauth 2.0 but it is sometimes also used on its own similar to basic authentication the bearer authentication should only be used over https protocol to better understand the bearer token authentication we will be making the use of postman tool and in conjunction to the postman tool we will be using the swagger tool that we have for our api documentation so let us first go to the swagger tool and understand the eps that we will be using for bearer token authentication demo so we are in the swagger tool documentation and we have this particular endpoint that is generate open endpoint with the post method it will generate a token for us once the token is generated we will pass the token in one of the apis over here that is a post request with books as the end point and it will help us to add a book to a user for which the token has been generated having understood that let us move back to the postman tool we have listed out the request url over here with the post method and right now we need to add the request body over here to write the request body we will pick it from the swagger tool we'll copy this one and we will paste it in the section over here in the request body section in the username let us use the same username that we had used previously for basic authentication and the password as well remains the same having done that let us now send the request to the server the server has sent us a response and the token has got generated let us copy this particular token for our future reference having copied the token the next request that we are going to do is basically to assign a book to the user we have the post request over here and we have the headers over here as i mentioned before of course we can pass the header with authorization as the key and the error as the value followed by the token basically once i enable the authorization i can pass this br along with the token that has got generated for us there is another way to do it and for that when we go to the authorization option in the request builder and we select mirror token it makes it much easier for us in this particular token the one that we had printed or we had pasted over here has got already populated for us to add a book to the user we'll have to pass a request body right now we have some pre-populated data that i had kept ready for this particular user id which is the same as the username and password for which we are adding the book the user id is ready and among the list of isbns we had for various books i have picked an asbn and kept it ready for the sake of this particular tutorial and since everything is ready for us what i do is i simply click on the button send and it sends a request to the server and what we have received is that the token has expired so let me again send a new request and create a new token the token has got created let me copy this and then i will go back to the authorization in the bro token what i'll do is i'll simply remove the old token and paste a new one having done that i will click on the button send once more and then we can see the request has got populated along with the book that has got added to the particular user thus without using the username and password we have been able to use the token and this token was used to add a book to the user this essentially helps us understand the vr token authentication in which the bearer token was sent to the server and adequately the action was performed on the server