In federated authentication pattern , authentication code is separated out from app code and delegated to an authentication service so that authentication is no longer inside app code. Federation in technical parlance describes an attempt made by groups to delegate authority
In the simple login flow the authentication capability is INSIDE the service user is interacting with. The service will directly interact with user database for authentication .
This is
- Less maitainable as authorization /authentication and the service cannot evolve separately .If the authentication technique changes or a security patch is rolled out then every service will get affected . Each service needs to provide identity management features.
- Less secure as every service now has access to user credentials database.
Simple login
Previously Oauth 2.0 + custom tweeks and now OAuth2.0 + OpenID Connect can be used to to move away from simple login to federated identity pattern.
Federated Identity pattern, Authentication is carved out as a separate service!
Once authencation is done the service can set a cookie to track user (very similar to simple login) .