Introduction
Authentication and authorization
Authentication is the process of verifying who a user is and quite a many times a username and password are used. Server side application compares the entered username and password with a record it has on its database. If the submitted information matches, the server side assumes that user are a valid user and grants the access.
Authorization is the process of verifying that user has rights to use some resources before actually resource is used. Usually some token or session are used to detect that user has successfully authenticated before.
In short, access to a resource is protected by both authentication and authorization. If user can't prove his/her identity, user won't be allowed into a resource. For example in this course, node.js/express applications will use some authentication methods (token or sesson) to get user authenticated. And later, when some express endpoint are requested, node/express application checks that user is authorized to use/access spesified endpoint.
Here's a quick overview of the differences between authentication and authorization:
Image source: auth0.com
Read More
Goals of this topic
Understand
- The basics of authentication and authorization