Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Learn the difference between authentication and authorization and the basic steps of the authentication process.
New Terms:
- Authentication - confirming that the user is who they claim to be
- Authorization - determining which resources or areas of the site they can access
Examples:
- Facebook Login
- Twitter Login
- Treehouse Login
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You may be wondering what
authentication is, and
0:00
whether it's the same as authorization.
0:02
No, authentication and
authorization are not the same, but
0:04
they're often used together.
0:08
In the context of a user system,
authentication refers to the process
0:10
of confirming that the user
is who they claim to be.
0:15
For example,
0:18
Facebook needs you to prove who you
are before you can update your status.
0:19
Likewise, you need to sign into
Treehouse so we can identify you and
0:23
retrieve your information.
0:27
Websites authenticate users by validating
the credentials that the user provides,
0:30
like an email address and
a password, for example.
0:34
Once the site knows who the user is,
0:37
it can determine which resources or
areas of the site they can access.
0:39
This is known as authorization.
0:44
Authorization means you're allowed to see
certain information and do certain things.
0:46
For example, sign into Facebook,
you can view your friends statuses and
0:51
update your own status.
0:54
In other words, once a site
authenticates you that is it knows
0:56
that you are who you say you are.
1:00
It will authorize access to
your resources and information.
1:02
There are a lot of steps
involved in this process.
1:07
So let's illustrate each of them.
1:09
First, a user needs to create an account.
1:12
They will be presented with
a registration form that asks for
1:14
certain information,
like email address, name and password.
1:17
This information is saved in a database.
1:21
Now that a user has
an account on the website,
1:24
they log into the site by entering that
same email and password into a login form.
1:26
The application checks that
the credentials the user entered
1:32
match a record in the database.
1:35
If the information matches,
1:37
then the site knows who they are,
the user is now authenticated.
1:39
While the user is logged in, the web
application can alter the appearance and
1:44
functionality of the website based on that
user's preferences settings and history.
1:48
For example, you're logged into Treehouse.
1:53
So we can suggest which course you should
take next, let you edit your profile page,
1:55
and keep track of which videos you watch,
and which quizzes and
2:00
code challenges you complete.
2:03
In other words,
2:05
once you're authenticated, a website
can follow you from page to page.
2:06
But how does the site know it's you
as you bounce from page to page?
2:11
Well, a web server can identify you and
2:15
your browser each time you request a new
page using something called a session.
2:18
I'll talk more about sessions
later in this course, but for now,
2:23
think of a session as a unique token
that the server uses to identify you.
2:26
The session sticks with you and
your browser while you visit the site, and
2:31
then it's destroyed after
a period of inactivity.
2:35
In other words, the token lasts for
one session or one visit.
2:38
When you want to leave the website and
log out, you click the log out link
2:42
that sends a request to the server and
deletes the session object.
2:46
Now, without that session,
the server basically forgets who you are.
2:50
So the next time you'll use the same
credentials to log back in.
2:54
That may sound complex, and
2:58
like it requires a lot of programming,
but don't worry.
2:59
By the end of this course you
will have created a working
3:03
user authentication system.
3:06
In the next video, I'll show you
the project we're going to build.
3:08
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up