For authentication and authorization processes, we can use OAuth 2.0 framework. It is an industry standard authorization protocol. This is a direct authentication pattern. So users can login using their other public profiles. No need to register and enter password. Because of that, this is often called the password anti-pattern. How Aouth works? When web application redirects a browser to a Google URLauthorization sequence begins; the URL includes query parameters that indicate the type of access being requested. Google manages the user authentication and session selection. The result is an authorization code, which the application can exchange for an access token and a refresh token [6]. Authentication process - source - https://developers.google.com/identity/protocols/OAuth2 The application should store the refresh token for future use and use the access token to access a Google API. Once the access token expires, the application uses the refresh token to o
Representational State Transfer is an architectural style that defines a set of constraints and properties based on HTTP. ● Uniform interface ● Stateless ● Cacheable ● Client-Server ● Layered System 1. Uniform interface- to transfer data, the REST system applies specific actions (POST, GET, PUT and DELETE) on the resources, provided they are identified with a URI. This makes it easier to obtain a uniform interface that systematizes the process with the information. 2. Stateless - REST APIs are stateless, meaning that calls can be made independently of one another, and each call contains all of the data necessary to complete itself successfully. 3. Cacheble - Because a stateless API can increase request overhead by handling large loads of incoming and outbound calls, a REST API should be designed to encourage the storage of cacheable data. 4. Layerd System- REST APIs have different layers of their architecture working together to build a hierar