Authentication

Authentication is the act of proving the identity of a computer system user. Users are usually identified with a user ID, and authentication is accomplished when the user provides a credential, for example, a password that matches the user ID. There are three common ways of authentication.

HTTP Basic Authentication In this approach, an HTTP user agent simply provides a username and password to prove their authentication. This approach does not require cookies, session IDs, login pages, and other such specialty solutions, and because it uses the HTTP header itself.

Token or key-based API Keys were created as somewhat of a fix to the early authentication issues of HTTP Basic Authentication. In this approach, a unique generated value is assigned to each first-time user, signifying that the user is known. When the user attempts to re-enter the system, their unique key is used to prove that they’re the same user as before.

OAuth OAuth is not technically an authentication method, but a method of both authentication and authorization. In this approach, the user logs into a system. That system will then request authentication, usually in the form of a token. The user will then forward this request to an authentication server, which will either reject or allow this authentication. From here, the token is provided to the user, and then to the requester. Such a token can then be checked at any time independently of the user by the requester for validation.