This article walks through the complete SSO login flow—from the browser request to the SSO server, code exchange, token generation, and front‑end redirection—while detailing front‑end and back‑end code modifications needed for password‑less authentication.
This article explains the complete OAuth2 token lifecycle—including how resource servers validate incoming tokens, how the authorization server creates and reuses access tokens, and the mechanisms for passive and active token refresh—complete with Java code examples and practical client‑side strategies.
Idempotency ensures that repeated execution of an operation yields the same result as a single execution, and this article explains its importance in backend systems, outlines concepts, and presents practical techniques such as unique indexes, token mechanisms, pessimistic and optimistic locks, distributed locks, and API design for reliable, duplicate‑free processing.
This article analyses various client scenarios in multi‑client systems, classifies authentication tokens into password, session, API, and other categories, compares them across usage cost, change cost, and security risks, and presents a hierarchical token model with detailed usage steps and practical considerations.
This article explains the differences between authentication and authorization, compares session‑based and token‑based (JWT) authentication flows, details JWT structure and signing, and outlines the advantages, disadvantages, and suitable scenarios for each method.
This article explains how to achieve interface idempotency in a Spring Boot application by generating a unique token for each request, storing it in Redis, validating the token via a custom annotation and interceptor, and provides complete code examples and testing guidance.
This article explains the importance of idempotent operations in backend systems, defines the concept, and presents practical techniques such as unique indexes, token mechanisms, pessimistic and optimistic locking, distributed locks, state‑machine design, and API patterns, complete with code snippets and diagrams.
This article explains the fundamental differences between cookies, sessions, and tokens, outlines how each works in web authentication, compares their security and performance trade‑offs, and offers practical guidance on storage, encryption, and best practices for implementing token‑based authentication.
This article explains the stateless nature of HTTP and how cookies, server‑side sessions, and token‑based authentication work together to maintain user state across requests, including their storage limits, lifecycle, and practical implementation steps.
JWT (JSON Web Token) is a compact, URL‑safe means of representing claims between parties, widely adopted for stateless authentication, but it has limitations; this article explains JWT fundamentals, creation and verification in Java, compares its advantages over sessions, and outlines security risks and mitigation strategies.
This article explains the concept of idempotency, lists common solutions, and demonstrates a practical implementation using Spring Boot, Redis, and a token‑based mechanism with custom annotations and interceptors, including full code examples, testing steps, and important pitfalls to avoid.
This article explains how traditional session‑cookie authentication creates scalability, security, and deployment challenges in front‑end/back‑end separated web applications, and how JSON Web Tokens (JWT) provide a compact, self‑contained, stateless solution while also outlining their advantages and limitations.
This article explains what JWT (JSON Web Token) is, its compact self‑contained structure, how it replaces traditional session‑cookie authentication, and discusses its benefits, limitations, and practical usage in stateless web security.
This article explains the QR‑code login process, detailing how the web front‑end, server, Redis store, and mobile application cooperate to generate a QR code, verify the scan, and complete user authentication using tokens and UUIDs.
This article analyses various client‑side authentication scenarios, classifies tokens into password, session, and API categories, compares their natural and controllable attributes, and proposes a four‑layer hierarchical token architecture to improve security, usability, and decoupling across multiple platforms.
The article surveys authentication from ancient token methods to modern password and session techniques, explains OAuth 2.0 flows and their adaptation for WeChat Mini‑Programs—including access‑token retrieval, simplified client‑credentials grants, and cloud‑call automation—while also previewing future trends such as biometrics, blockchain‑based decentralization, and AI‑driven trust models.
This article explains how to extend the default OAuth2 token response by adding business-related fields such as tenant, user, and department IDs, and walks through the relevant Spring Cloud source code that generates and enhances tokens for improved performance and security.
This article explains how to customize the default OAuth2 check‑token flow in Spring Cloud by extending the token converter to assemble complete user information—including IDs, department and tenant data—directly into the security context, eliminating extra database queries and improving performance.
To protect mobile web activity pages such as coupons and lotteries, the article proposes a layered security approach that combines professional risk‑control services, custom human‑verification logs, token‑based HTTPS signing, data encryption, and aggressive front‑end JavaScript obfuscation to block automated abuse while preserving user experience.
This article explains the concept of idempotence, provides real‑world examples such as duplicate form submissions and payment requests, and details practical backend techniques—including query handling, unique indexes, token mechanisms, pessimistic and optimistic locks, distributed locks, and API design—to guarantee that repeated operations produce consistent results without side effects.
CSRF attacks trick a logged‑in user’s browser into sending authenticated requests to a target site, enabling unauthorized actions, so front‑end developers must mitigate them by enforcing same‑origin checks, using anti‑CSRF tokens or double‑cookie verification, and configuring SameSite cookie attributes to block cross‑site requests.
This article explains the architecture and step‑by‑step workflow of QR code login, covering how the web front‑end, mobile client, and server (including Redis storage and token verification) cooperate to generate a QR code, poll for authentication, and complete a secure user login.
The article explains the mathematical definition of idempotency, its importance in preventing duplicate operations such as repeated payments or order creation, and presents practical strategies—including unique business IDs, optimistic locking, deduplication tables, distributed locks, token mechanisms, and payment buffering—to achieve reliable idempotent behavior in backend services.
This article explains OpenStack's Keystone service, describing how token‑based authentication enables unified identity, authorization, and accounting across Nova, Glance, and Neutron components, and compares the approach with public‑cloud AK/SK mechanisms.
This article explains JWT fundamentals—encoding, signature, and encryption—examines suitable use‑cases such as one‑time verification and stateless API authentication, discusses token leakage, secret design, logout handling, renewal strategies, and compares JWT with traditional session and OAuth2 approaches.
This article explains the JSON Web Token (JWT) format, its three-part structure, how to encode a payload and header with Base64, sign the token using HS256, and apply the resulting JWT to a friend‑request scenario that works without requiring the recipient to log in.
The article surveys practical blockchain use cases—from real‑time trusted information sharing and copyright protection to supply‑chain traceability, financing, cross‑border payments, asset tokenisation and decentralized currencies—highlighting their cost, speed and transparency benefits while noting that technical, regulatory and ecosystem challenges still limit widespread adoption.
The article explains that blockchain can serve as an anti‑counterfeiting technology, describes how ICOs issue tokens that grant voting and dividend rights, illustrates token‑driven projects like IPFS, and clarifies that digital currencies such as Bitcoin are not fully anonymous and still require KYC for fiat exchanges.
This article breaks down the internal workflow of Spring Security’s @EnableResourceServer, explaining how OAuth2 tokens are extracted, validated, and turned into authentication objects through ResourceServerSecurityConfigurer, OAuth2AuthenticationProcessingFilter, OAuth2AuthenticationManager, and related components.
This article explains the fundamentals of JSON Web Tokens, detailing their three-part structure, standard header and payload fields, signature creation, typical authentication workflow, and practical Node.js code examples for generating and validating JWTs securely.
