✨ Earn college credits in Cybersecurity, JS, HTML, CSS and Python

🤑 Join the Treehouse affiliate program and earn 25% recurring commission!

Join our free workshop and get a Treehouse discount code! 💼 Register here!

New No-Code Track! 🚀 New videos dropping every week—start learning today!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

✨ Earn college credits in Cybersecurity, JS, HTML, CSS and Python

🤑 Join the Treehouse affiliate program and earn 25% recurring commission!

Well done!

You have completed React Authentication!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse Continue

Video Player

00:00

00:00

00:00

2x 2x
1.75x 1.75x
1.5x 1.5x
1.25x 1.25x
1.1x 1.1x
1x 1x
0.75x 0.75x
0.5x 0.5x

None
English

Use Up/Down Arrow keys to increase or decrease volume.

What Is Authentication?

4:02 with Laura Coronel

Authentication provides password protection to hide content from unauthorized users. It lets you serve content specifically to a user, as well as customize their settings and experience.

Teacher's Notes
Questions?0
Video Transcript
Downloads
Workspaces

[MUSIC] 0:00

Hi, everyone. 0:09

I'm Laura, a JavaScript instructor here at Treehouse. 0:09

In this course, we'll learn how to implement authentication and 0:13

authorization in a React App. 0:17

Most apps these days would not be complete without authentication. 0:19

It's what allows users to have an identity on your website or app. 0:23

Authentication provides password protection to hide content from 0:28

unauthorized users. 0:32

It lets you serve content specific to a user, 0:33

as well as customize their settings and experience. 0:37

When learning about authentication it's important to know the difference between 0:41

authentication and authorization. 0:45

The two concepts work together to ensure that only authorized users 0:47

are allowed access to sensitive information. 0:52

Authentication is the process of verifying the identity of a user. 0:55

Which is typically done by requiring the user to provide some form of 0:59

identification, in our case a username and password. 1:04

Authorization on the other hand is the process of granting or 1:08

denying access to content. 1:12

Which we'll implement using React Router. 1:14

There are many ways to authenticate a user on the Web. 1:17

Some of the most common methods to set up authentication in your app 1:21

are basic authentication. 1:25

Where the username and password are encoded in base64 and 1:27

sent over to the server. 1:32

This is the easiest to implement and we'll be using it in this course. 1:34

Token-based authentication where in response to a login request, 1:38

the server generates a token and sends it back to the client. 1:43

The client must then send this token whenever making a request. 1:47

This was originally created as part of OAuth 2.0 but can also be used on its own. 1:51

OAuth 2.0 is similar to token-based authentication where a token is 1:59

used to verify your identity. 2:04

However, instead of the API Server generating the token 2:06

a third party does it instead. 2:10

Don't worry if you don't understand the alternative techniques. 2:13

Just know that there are other authentication techniques out there and 2:16

we'll be focusing on basic authentication. 2:20

The basic authentication scheme is part of the overall 2:23

authentication framework provided by HTTP. 2:27

When a client wants to authenticate a user with a server, for 2:31

example, logging in a user, 2:35

he can do so 2:37

by including an authorization request header with the user's credentials. 2:37

Basic authentication transmits the credentials as user ID password pairs. 2:43

Which are encoded using an encoding scheme called base64. 2:49

Base64 is a way of encoding data so that it can be transmitted over the internet or 2:54

other channels that only support ASCII characters. 3:00

It's important to understand that basic authentication is a less secure method of 3:03

authentication because the user's credentials are transmitted in plain text. 3:09

Since the username and password are encoded not encrypted. 3:13

Anyone who intercepted the communication can easily decode it and 3:18

retrieve the username and password. 3:22

It should only be used over a secure encrypted connection, such as HTTPS. 3:25

HTTPS encrypts all data being transmitted between the client and server. 3:31

If you'd like to learn more about HTTPS be sure to check the teacher's notes. 3:38

In this course, I'm focused on helping you build a foundation of authentication. 3:43

Which is why we'll be using basic authentication. 3:47

It's the simplest authentication to implement, 3:51

and you can use the knowledge you gained in this course to branch out and 3:54

try other more secure methods that you might find on the job. 3:58