Keywords: authorization, JWT, OAuth2, keycloak, security, scalability
Methods of web application authorization
UDC 004.42
The article presents a comparative analysis of popular authorization methods in web applications: JSON Web Token (JWT), OAuth2, and Keycloak. It emphasizes that authorization is a critical process in access management, determining what a user can do after successful authentication. The characteristics of each method are examined in detail. A comparison based on several criteria – security, performance, scalability, flexibility, ease of integration, and management – demonstrates that each approach has unique advantages and disadvantages that define its applicability in different scenarios. The study supports the hypothesis that the choice of an authentication method should be based on the project's specifics, its scale, security requirements, and infrastructure capabilities.
1. Global Cybersecurity Outlook 2023: Insight Report [Electronic resource]. – URL: https://www3.weforum.org/docs/WEF_Global_Security_Outlook_Report_2023.pdf [Accessed 9th January 2025].
2. Перспективы развития информационной безопасности: глобальные вызовы и стратегии защиты / А. Яковишин, И. Кузнецов, И. Дроздов [и др.] // Информационные ресурсы России. – 2024. – № 2 (197). – С. 93–103.
3. OWASP Top Ten [Electronic resource] // OWASP® Foundation. – URL: https://owasp.org/www-project-top-ten/ [Accessed 9th January 2025].
4. OAuth 2.0 [Electronic resource] // Stripe Documentation. – URL: https://docs.stripe.com/stripe-apps/api-authentication/oauth [Accessed 10th January 2025].
5. Gartner Magic Quadrant for Access Management [Electronic resource] // Gartner. – URL: https://www.gartner.com/en/documents/4936631 [Accessed 10th January 2025].
6. Advanced Security Mechanisms in the Spring Framework: JWT, OAuth, LDAP and Keycloak / N. Dimitrijević, N. Zdravković, M. Bogdanović [et al.] // BISEC’23: 14th International Conference on Business Information Security, November 24, 2023, Niš, Serbia: CEUR Workshop Proceedings. – 2024. – P. 64–70.
7. Norimatsu T. Policy-Based Method for Applying OAuth 2.0-Based Security Profiles / T. Norimatsu, Yu. Nakamura, T. Yamauchi // IEICE Transactions on Information and Systems. – 2023. – Vol. E106.D, No. 9. – P. 1364–1379.
8. Sidorov D. Cross-browser compatibility issues and solutions in web development / D. Sidorov // ISJ Theoretical & Applied Science. – 2024. – Vol. 11, No. 139. – P. 18–21.
Keywords: authorization, JWT, OAuth2, keycloak, security, scalability
For citation: Dudak A. , Methods of web application authorization. Bulletin of the Voronezh Institute of High Technologies. 2025;19(1). Available from: https://vestnikvivt.ru/ru/journal/pdf?id=1403 .
Received 29.01.2025
Revised 07.02.2025