Q23 - Developement

ລາວ

English

ລາວ

English

Appearance

Authentication in Rant Cloud and API

At Rant Cloud, security is a top priority, and proper authentication mechanisms are in place to ensure that only authorized users and services can access your data and resources. This page outlines the authentication methods used in the platform and provides guidance on how to authenticate users and services.

Authentication Methods

1. OAuth 2.0 Authorization

Rant Cloud uses OAuth 2.0 as the primary authorization protocol. OAuth 2.0 allows users to grant third-party applications limited access to their data without exposing their credentials.

  • Authorization Code Flow: The most common flow, where the user is redirected to an authorization server, logs in, and grants access. The authorization code is then exchanged for an access token.
  • Client Credentials Flow: Used for machine-to-machine authentication, where a client authenticates directly with the authorization server without user interaction.
  • Implicit Flow: Mainly used for single-page applications (SPAs), where tokens are returned directly in the URL after authentication.

Benefits:

  • Secure, delegated access.
  • No need to share credentials directly with third-party applications.
  • Standardized and widely supported across platforms.

2. JSON Web Tokens (JWT)

We use JSON Web Tokens (JWT) for stateless, token-based authentication. JWTs are used to securely transmit information between a user and the Rant Cloud API.

  • Access Tokens: After successful authentication, an access token (JWT) is generated and returned to the client. This token must be included in the Authorization header of every API request.
  • Token Expiration: Access tokens are short-lived, and users will need to refresh their token to maintain an active session.
  • Refresh Tokens: Long-lived tokens used to obtain new access tokens without requiring the user to log in again. Refresh tokens are securely stored and can be used to refresh the authentication session.

JWT Structure:

  • Header: Specifies the signing algorithm.
  • Payload: Contains the claims (such as user data, permissions, etc.).
  • Signature: A secure cryptographic signature to verify the authenticity of the token.

Example:

bash
Authorization: Bearer <your-jwt-token>