Learn the difference between authentication and authorization and the basic steps of the authentication process.
- Authentication - confirming that the user is who they claim to be
- Authorization - determining which resources or areas of the site they can access
- Facebook Login
- Twitter Login
- Treehouse Login
You may be wondering what authentication is, and 0:00 whether it's the same as authorization. 0:02 No, authentication and authorization are not the same, but 0:04 they're often used together. 0:08 In the context of a user system, authentication refers to the process 0:10 of confirming that the user is who they claim to be. 0:15 For example, 0:18 Facebook needs you to prove who you are before you can update your status. 0:19 Likewise, you need to sign into Treehouse so we can identify you and 0:23 retrieve your information. 0:27 Websites authenticate users by validating the credentials that the user provides, 0:30 like an email address and a password, for example. 0:34 Once the site knows who the user is, 0:37 it can determine which resources or areas of the site they can access. 0:39 This is known as authorization. 0:44 Authorization means you're allowed to see certain information and do certain things. 0:46 For example, sign into Facebook, you can view your friends statuses and 0:51 update your own status. 0:54 In other words, once a site authenticates you that is it knows 0:56 that you are who you say you are. 1:00 It will authorize access to your resources and information. 1:02 There are a lot of steps involved in this process. 1:07 So let's illustrate each of them. 1:09 First, a user needs to create an account. 1:12 They will be presented with a registration form that asks for 1:14 certain information, like email address, name and password. 1:17 This information is saved in a database. 1:21 Now that a user has an account on the website, 1:24 they log into the site by entering that same email and password into a login form. 1:26 The application checks that the credentials the user entered 1:32 match a record in the database. 1:35 If the information matches, 1:37 then the site knows who they are, the user is now authenticated. 1:39 While the user is logged in, the web application can alter the appearance and 1:44 functionality of the website based on that user's preferences settings and history. 1:48 For example, you're logged into Treehouse. 1:53 So we can suggest which course you should take next, let you edit your profile page, 1:55 and keep track of which videos you watch, and which quizzes and 2:00 code challenges you complete. 2:03 In other words, 2:05 once you're authenticated, a website can follow you from page to page. 2:06 But how does the site know it's you as you bounce from page to page? 2:11 Well, a web server can identify you and 2:15 your browser each time you request a new page using something called a session. 2:18 I'll talk more about sessions later in this course, but for now, 2:23 think of a session as a unique token that the server uses to identify you. 2:26 The session sticks with you and your browser while you visit the site, and 2:31 then it's destroyed after a period of inactivity. 2:35 In other words, the token lasts for one session or one visit. 2:38 When you want to leave the website and log out, you click the log out link 2:42 that sends a request to the server and deletes the session object. 2:46 Now, without that session, the server basically forgets who you are. 2:50 So the next time you'll use the same credentials to log back in. 2:54 That may sound complex, and 2:58 like it requires a lot of programming, but don't worry. 2:59 By the end of this course you will have created a working 3:03 user authentication system. 3:06 In the next video, I'll show you the project we're going to build. 3:08
You need to sign up for Treehouse in order to download course files.Sign up