A key aspect of supporting and implementing authentication is the use of authentication servers. Authentication servers are servers that are specifically used to verify a person’s identity when they need to prove who they are to a server or application.

Authentication is the process of verifying that a user logging into a website or program is who they say they are. Therefore, an authentication server is simply a server that handles the verification. These servers act as barriers between the application server and the client to ensure that only users with verified identities can access sensitive information.

While authentication does not necessarily require the use of dedicated servers, it can provide a more efficient and secure way to manage access to a website or application.

How does an authentication server work?

The typical process of an authentication server is simple if you are somewhat familiar with how a normal authentication process works. Most authentication servers today use the OAuth 2.0 protocol.

First, a user who wants to access a secure application makes a request to that application, which directs them to an authentication server.

This authentication server will grant access, assuming it can successfully verify the user’s identity, and then return an access token.

This access token can then be used by the user and the application to access the resource server and retrieve all the necessary protected information.

Authentication protocols in the game

Authentication servers function by comparing the credentials provided by the user (such as a username and password or a digital certificate) with information stored on the server. This information can be stored on the authentication server itself or in a separate database.

If the submitted credentials match the stored information, the server grants access to the requested resource. The way this is done depends on how authentication is implemented (either cookies or tokens).

There are a variety of authentication protocols that authentication servers use to verify the credentials of users requesting access, including but not limited to:

Password Authentication Protocol (PAP): A simple password-based authentication protocol in which an unencrypted password and user information are sent and received between the client and server. Although it is common, it is considered one of the most vulnerable authentication protocols, mostly due to the lack of encryption.

Challenge-Handshake Authentication Protocol (CHAP): This method uses a challenge-response system with a “secret”. The server “challenges” the client to create the correct answer from an MD5 hash function. If the client cannot provide a correct answer, the connection request is rejected. This necessary encrypted “handshake” between client and server makes CHAP a much more secure protocol than PAP.