https://wiki.quizz.vn/ 2026-06-26T13:59:14+00:00 https://wiki.quizz.vn/ https://wiki.quizz.vn/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-06-13T03:24:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:authentication-and-authorization&rev=1781321048&do=diff <https://drive.google.com/file/d/1TIeK1rpQMfTS7lH_6Rf-Vjq5VeziDcQB/view?usp=sharing> Authentication & Authorization Technologies This document explains common authentication and authorization technologies from beginner to advanced. ---------- Overview Authentication answers: Who are you? Authorization answers: What are you allowed to do? text/html 2026-06-13T03:22:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:cryptography-fundamentals&rev=1781320946&do=diff <https://drive.google.com/file/d/1TIeK1rpQMfTS7lH_6Rf-Vjq5VeziDcQB/view?usp=sharing> Cryptography Full Concepts (Best Practice + System Design View) This document summarizes cryptography in a practical, backend-engineer-oriented way: - NOT by algorithm only - BUT by security design + system usage ---------- 1. Core Security Goals text/html 2026-06-12T10:29:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:jwt&rev=1781260184&do=diff JWT JWT is primarily used for: * Authentication * Authorization JWT normally uses: Digital Signatures NOT encryption. ---------- What Is JWT? JWT stands for: JSON Web Token Structure: Header.Payload.Signature Example: xxxxx.yyyyy.zzzzz text/html 2026-06-13T05:38:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:oauth2&rev=1781329114&do=diff <https://drive.google.com/file/d/1TIeK1rpQMfTS7lH_6Rf-Vjq5VeziDcQB/view?usp=sharing> oauth2 text/html 2026-06-16T07:08:28+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:sso-mobile&rev=1781593708&do=diff OIDC SSO System: Mobile App + PKCE + JWT + JWKS Version: 1.0 Date: 2026-06-16 Audience: Backend Engineers, Mobile Developers, Security Architects ---------- Table of Contents * * * * * * * * * ---------- ===== Overview ===== text/html 2026-06-16T06:07:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:sso-spa&rev=1781590057&do=diff OIDC SSO System — SPA + PKCE + JWT + JWKS Document Version: 1.0 Last Updated: 2026-06-16 Scope: Single Sign-On architecture with SPA (PKCE), two resource servers, one SSO/IdP server, JWT token validation via JWKS ---------- Table of Contents * text/html 2026-06-16T06:38:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=security:sso-web&rev=1781591934&do=diff OIDC SSO System — Multi-Application (Browser + WebA + WebB + ServerSSO + JWT + JWKS) Document Version: 2.0 Last Updated: 2026-06-16 Changes in v2.0: Added full RSA Key Usage section; annotated every step in both scenarios with which key (private / public) is used and by which component.