--- title: Reference Project - Shopping Cart image: https://hackmd.io/_uploads/Syx4ZC-ua.png --- # Outh - Encryption and Decryption - Keys - Public key & Private Key - Authentication - Outh2.0 - Access Token & Refresh Token --- ## What is Cryptography - Cryptography is used to secure and protect data during communication. - It is helpful to prevent unauthorized person or group of users from accessing any confidential data. - **Encryption** and **Decryption** are the two essential functionalities of cryptography. --- ## Encryption and Decryption - Encryption is a process of converting normal data into an unreadable form whereas Decryption is a method of converting the unreadable/coded data into its original form. - Encryption is done by the person who is sending the data to the destination, but the decryption is done at the person who is receiving the data. - The same algorithm with the same key is used for both the encryption-decryption processes. --- ## Key - Symmetric-key encryption are algorithms which use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. - Asymmetric encryption uses 2 pairs of key for encryption. Public key is available to anyone while the secret key is only made available to the receiver of the message. This boots security. - Public key cryptography is an encryption system which is based on two pairs of keys. Public keys are used to encrypt messages for a receiver. - Private key may be part of a public/ private asymmetric key pair. It can be used in asymmetric encryption as you can use the same key to encrypt and decrypt data - Pre-shared key (PSK) is a shared secret which was earlier shared between the two parties using a secure channel before it is used. --- ## Access Token - Access tokens are the thing that applications use to make API requests on behalf of a user. - The access token represents the authorization of a specific application to access specific parts of a user’s data. - Access tokens must be kept confidential in transit and in storage. --- ## Refresh Token - For security purposes, access tokens may be valid for a short amount of time. - Once they expire, client applications can use a refresh token to "refresh" the access token. - A refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again --- # [Google Firebase](https://firebase.google.com/?hl=zh-cn )    ### [Sign in by password](https://firebase.google.com/docs/reference/rest/auth)  ```javascript= { "email": "client1@client.com", "password": "password", "returnSecureToken": "true" } ```   ---