I am new to backend development and read about Authorization methods such as Basic, Bearer and OAuth 2.0.
I haven’t use any of these directly, but used a token based implementation.
User logs in with username and password -> if (correct) then generate token and send token to front end.
The token is a encrypted value of a combination of username,userID, secret message and a random number calculated at runtime.
For the user to make any requests after logging in, has to include the encrypted token in the header.
Since the HTTPS headers are encrypted, I can’t think of a possible vulnerability to the system.
Currently just using a header with the name ‘token’ and the token value as it’s value. Should I use the header “Authorization : Bearer ” or “Authorization: Basic token==” for any reason?
I want to know is this secure enough or are there better methods?