From b64fc0e34cc155c6411b190f38fd8e04867bebac Mon Sep 17 00:00:00 2001 From: Farook Al-Sammarraie Date: Sat, 4 Dec 2021 04:16:50 +0300 Subject: [PATCH] typo fix Co-authored-by: Luca Schlecker --- docs/guides/auth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/auth.md b/docs/guides/auth.md index ff4988fa6..5cb4e6826 100644 --- a/docs/guides/auth.md +++ b/docs/guides/auth.md @@ -50,7 +50,7 @@ Tokens are some form of unique data that a server can provide to a client in ord The kind of the token itself can vary depending on the implementation and project requirements: Many services use randomly generated strings as tokens. Then compare them against a database to retrieve the associated user data. Some services however prefer using data bearing tokens. One example of the latter kind is JWT, which uses JSON strings encoded in base64 and signed using a private key or an agreed upon secret. While this has the added hassle of signing the token to ensure that it's not been tampered with. It does allow for the client to issue tokens without ever needing to present a password or contact a server. The server would simply be able to verify the signature using the client's public key or secret.

### Using an Access Token -Authenticating with an access token usually involves 2 stages: The first being scquiring the access token from an authority (either by providing credentials such as a username and a password to a server or generating a signed token). The scope of the token (what kind of information it can read or change) is usually defined in this step.

+Authenticating with an access token usually involves 2 stages: The first being acquiring the access token from an authority (either by providing credentials such as a username and a password to a server or generating a signed token). The scope of the token (what kind of information it can read or change) is usually defined in this step.

The second stage is simply presenting the Token to the server when requesting a resource. This is even simpler than using basic authentication. All the client needs to do is provide the `Authorization` header with a keyword (usually `Bearer`) followed by the token itself (for example: `Authorization: Bearer ABC123`). Once the client has done that the server will need to acquire this token, which can easily be done as follows: