rspec/rules/S2647/common/fix/token-auth.adoc

==== Token-based authentication and OAuth
Token-based authentication is a safer alternative than basic authentication. A unique token is generated upon successful authentication and sent to the client, which is then included in subsequent requests. Therefore, it eliminates the need to transmit sensitive credentials with each request. OAuth also works by authenticating users via tokens. It gives even more flexibility on top of this by offering scopes, which limit an application's access to a user's account.

Additionally, both token-based authentication and OAuth support mechanisms for token expiration, revocation, and refresh. This gives more flexibility than basic authentication, as compromised tokens carry much less risk than a compromised password.
Modify rule S2647: Update to LaYC format (APPSEC-970) (#2917) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-09-05 15:46:16 +02:00			`==== Token-based authentication and OAuth`
			`Token-based authentication is a safer alternative than basic authentication. A unique token is generated upon successful authentication and sent to the client, which is then included in subsequent requests. Therefore, it eliminates the need to transmit sensitive credentials with each request. OAuth also works by authenticating users via tokens. It gives even more flexibility on top of this by offering scopes, which limit an application's access to a user's account.`

			`Additionally, both token-based authentication and OAuth support mechanisms for token expiration, revocation, and refresh. This gives more flexibility than basic authentication, as compromised tokens carry much less risk than a compromised password.`