-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathday5.html
More file actions
238 lines (220 loc) · 14.9 KB
/
day5.html
File metadata and controls
238 lines (220 loc) · 14.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Day 5: API Authentication - REST API Course</title>
<script src="https://cdn.tailwindcss.com"></script>
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet">
<link rel="stylesheet" href="styles.css">
</head>
<body class="bg-gray-100 min-h-screen flex flex-col">
<div class="flex flex-1">
<!-- Sidebar -->
<aside class="sidebar w-72 bg-gradient-to-b from-gray-900 to-gray-800 text-white fixed h-full flex flex-col shadow-xl z-20 transition-all duration-300">
<div class="flex items-center justify-between p-6 border-b border-gray-700">
<div class="flex items-center space-x-3">
<img src="https://img.icons8.com/ios-filled/50/ffffff/api-settings.png" alt="Logo" class="w-10 h-10">
<span class="text-2xl font-extrabold tracking-wide">REST API Course</span>
</div>
<button id="sidebarToggle" class="md:hidden text-white focus:outline-none">
<i class="fas fa-bars text-2xl"></i>
</button>
</div>
<!-- Progress Bar -->
<div class="px-6 pt-4">
<div class="w-full bg-gray-700 rounded-full h-2.5 mb-6">
<div class="bg-blue-500 h-2.5 rounded-full transition-all duration-500" style="width: 50%" id="progressBar"></div>
</div>
</div>
<nav class="flex-1 overflow-y-auto px-2 py-4">
<ul class="space-y-2">
<li><a href="index.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors font-semibold"><i class="fas fa-home mr-3"></i>Home</a></li>
<li><a href="day1.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-rocket mr-3"></i>Day 1: Introduction</a></li>
<li><a href="day2.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-arrow-down mr-3"></i>Day 2: GET/POST Requests</a></li>
<li><a href="day3.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-signal mr-3"></i>Day 3: HTTP Status Codes</a></li>
<li><a href="day4.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-edit mr-3"></i>Day 4: PUT & DELETE</a></li>
<li><a href="day5.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-lock mr-3"></i>Day 5: Authentication</a></li>
<li><a href="day6.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-sliders-h mr-3"></i>Day 6: Headers & Query Params</a></li>
<li><a href="day7.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-cubes mr-3"></i>Day 7: Mock API Design</a></li>
<li><a href="day8.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-vial mr-3"></i>Day 8: Test Automation</a></li>
<li><a href="day9.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-lightbulb mr-3"></i>Day 9: Real-Life Scenarios</a></li>
<li><a href="day10.html" class="flex items-center py-2 px-4 rounded-lg hover:bg-gray-700 transition-colors"><i class="fas fa-trophy mr-3"></i>Day 10: Project</a></li>
</ul>
</nav>
<footer class="mt-auto p-4 border-t border-gray-700 text-center text-sm bg-gray-900 bg-opacity-80">
<div class="flex justify-center space-x-4 mb-2">
<a href="#" class="hover:text-blue-400"><i class="fab fa-github"></i></a>
<a href="#" class="hover:text-blue-400"><i class="fab fa-twitter"></i></a>
<a href="#" class="hover:text-blue-400"><i class="fas fa-envelope"></i></a>
</div>
<span>© 2024 REST API Course. All rights reserved.</span>
</footer>
</aside>
<!-- Main Content -->
<main class="flex-1 ml-72 p-8 transition-all duration-300 bg-gray-100">
<div class="max-w-4xl mx-auto">
<h1 class="text-4xl font-bold mb-6">Day 5: API Authentication</h1>
<div class="bg-white rounded-lg shadow-lg p-6 mb-8">
<h2 class="text-2xl font-semibold mb-4">Basic Authentication</h2>
<p class="mb-4">
Basic Authentication is a simple authentication scheme built into the HTTP protocol. It sends credentials in the Authorization header.
</p>
<h3 class="text-xl font-semibold mb-2">How it works:</h3>
<ol class="list-decimal pl-6 space-y-2 mb-4">
<li>Username and password are combined with a colon</li>
<li>The resulting string is encoded in Base64</li>
<li>The encoded string is sent in the Authorization header</li>
</ol>
<h3 class="text-xl font-semibold mb-2">Example Request:</h3>
<pre><code>GET https://api.github.com/user
Authorization: Basic base64(username:password)</code></pre>
</div>
<div class="bg-white rounded-lg shadow-lg p-6 mb-8">
<h2 class="text-2xl font-semibold mb-4">Bearer Token Authentication</h2>
<p class="mb-4">
Bearer Token authentication is a common method where a token is sent in the Authorization header.
</p>
<h3 class="text-xl font-semibold mb-2">Key Characteristics:</h3>
<ul class="list-disc pl-6 space-y-2 mb-4">
<li>Token is obtained through OAuth or similar process</li>
<li>Token is sent in the Authorization header</li>
<li>More secure than Basic Auth</li>
<li>Can be revoked without changing passwords</li>
</ul>
<h3 class="text-xl font-semibold mb-2">Example Request:</h3>
<pre><code>GET https://api.github.com/user
Authorization: Bearer your_token_here</code></pre>
</div>
<div class="bg-white rounded-lg shadow-lg p-6 mb-8">
<h2 class="text-2xl font-semibold mb-4">OAuth 2.0</h2>
<p class="mb-4">
OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts.
</p>
<h3 class="text-xl font-semibold mb-2">Common OAuth Flows:</h3>
<ul class="list-disc pl-6 space-y-2 mb-4">
<li>Authorization Code Flow</li>
<li>Implicit Flow</li>
<li>Client Credentials Flow</li>
<li>Resource Owner Password Credentials Flow</li>
</ul>
<h3 class="text-xl font-semibold mb-2">Example GitHub OAuth Flow:</h3>
<ol class="list-decimal pl-6 space-y-2">
<li>Register your application with GitHub</li>
<li>Get client ID and client secret</li>
<li>Redirect users to GitHub's authorization page</li>
<li>Exchange code for access token</li>
<li>Use access token for API requests</li>
</ol>
</div>
<div class="bg-white rounded-lg shadow-lg p-6">
<h2 class="text-2xl font-semibold mb-4">Practical Exercise: GitHub API</h2>
<p class="mb-4">Let's practice authentication with the GitHub API:</p>
<ol class="list-decimal pl-6 space-y-2">
<li>Create a GitHub Personal Access Token</li>
<li>Use Basic Auth with your token</li>
<li>Make requests to GitHub's API</li>
<li>Try different endpoints that require authentication</li>
<li>Observe the response headers and status codes</li>
</ol>
</div>
<div class="bg-white rounded-lg shadow-lg p-6 mb-8">
<h2 class="text-2xl font-semibold mb-4">Practice Questions</h2>
<div class="space-y-6">
<div class="bg-blue-50 p-4 rounded-lg">
<h3 class="text-xl font-semibold text-blue-800 mb-2">Multiple Choice</h3>
<div class="space-y-4">
<div class="p-3 bg-white rounded shadow">
<p class="font-semibold mb-2">1. Which authentication method uses a username and password encoded in base64?</p>
<div class="space-y-2">
<label class="flex items-center">
<input type="radio" name="q1" class="mr-2">
A. Basic Authentication
</label>
<label class="flex items-center">
<input type="radio" name="q1" class="mr-2">
B. Bearer Token
</label>
<label class="flex items-center">
<input type="radio" name="q1" class="mr-2">
C. OAuth 2.0
</label>
</div>
</div>
<div class="p-3 bg-white rounded shadow">
<p class="font-semibold mb-2">2. Which authentication method is commonly used for third-party app access ("Login with Google")?</p>
<div class="space-y-2">
<label class="flex items-center">
<input type="radio" name="q2" class="mr-2">
A. Basic Authentication
</label>
<label class="flex items-center">
<input type="radio" name="q2" class="mr-2">
B. Bearer Token
</label>
<label class="flex items-center">
<input type="radio" name="q2" class="mr-2">
C. OAuth 2.0
</label>
</div>
</div>
</div>
</div>
<div class="bg-green-50 p-4 rounded-lg">
<h3 class="text-xl font-semibold text-green-800 mb-2">True/False</h3>
<div class="space-y-4">
<div class="p-3 bg-white rounded shadow">
<p class="font-semibold mb-2">3. Bearer tokens should be kept secret and not shared publicly.</p>
<div class="space-y-2">
<label class="flex items-center">
<input type="radio" name="q3" class="mr-2">
True
</label>
<label class="flex items-center">
<input type="radio" name="q3" class="mr-2">
False
</label>
</div>
</div>
<div class="p-3 bg-white rounded shadow">
<p class="font-semibold mb-2">4. OAuth 2.0 is only used for authentication, not authorization.</p>
<div class="space-y-2">
<label class="flex items-center">
<input type="radio" name="q4" class="mr-2">
True
</label>
<label class="flex items-center">
<input type="radio" name="q4" class="mr-2">
False
</label>
</div>
</div>
</div>
</div>
<div class="bg-purple-50 p-4 rounded-lg">
<h3 class="text-xl font-semibold text-purple-800 mb-2">Practical Exercise</h3>
<div class="space-y-4">
<div class="p-3 bg-white rounded shadow">
<p class="font-semibold mb-2">5. Using the GitHub API and your Personal Access Token:</p>
<div class="space-y-2">
<p class="text-sm text-gray-600">a) What header do you use to send the token?</p>
<input type="text" class="border rounded p-2 w-full" placeholder="Header name">
<p class="text-sm text-gray-600">b) What status code do you get if you use an invalid token?</p>
<input type="number" class="border rounded p-2 w-24" placeholder="Status code">
</div>
</div>
</div>
</div>
</div>
<div class="mt-6">
<button class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600" onclick="checkAnswers()">
Check Answers
</button>
</div>
</div>
</div>
</main>
</div>
<script src="script.js"></script>
</body>
</html>