Token autentication is getting more popular day by day.
We will see here what is base of a token authentication.
Take an example, you have an application in which you need to update the profile of a user.
To update the profile user should be authorised with a login.
In the above image application send a login request to server with user name and password, to login and get access to profile page.
Next, the application send update profile request with user name and password for authorisation. Server will update the details for the user if password is correct.
This approach works perfectly but the main problem with this approach is that, the application have to save the password locally to send it to server with every request, saving password locally is not a safe option, and sending password in every request is also not safe.
Let’s see how token authentication solve this problem
Here application send a login request, when login successful server respond with a random generated unique token, application will save this token locally. Also this token will cleared when application logged out, so each new login creates a new token.
Next when updating the profile, application just send the token to the server for authentication. The server will check the token and identify the user and do the necessary update.
This solves the problem with password authentication.