We developed the interaction with the server in the last two chapters. In this chapter, we will explore different mechanisms by which we can provide authentication to the end user and protect the RESTful API endpoints. We will also implement an authentication approach based on JSON Web Token (JWT) for our customer banking portal. The following is a brief introduction of top four authentication mechanisms:
Basic authentication: As the name suggests, this is the simplest mechanisms for protecting a RESTful endpoint or any web resource for that matter. It sends Base64 encoded username and password in the HTTP header and does not enforce any confidentiality protection. The username and password must be sent with every request. You can find the specifications for this mechanism on the Internet Engineering Task Force's website at http://tools.ietf.org/html/rfc1945#section-11.
OAuth 1.0a: This provides authentication without ever directly passing the username and password...