Authorization VS Authentication —  Tools/Strategies

Authorization VS Authentication —  Tools/Strategies

Authentication vs Authorization

Today, we are going to cover what exactly the authorization and authentication in the tech world.

We have different systems/ways which can be used for authorization and authentication into an application. But what exactly is Authorization and Authentication in layman terms.

Did you ever face challenge while the interviewer asked you about the difference between authorization and authentication as these terms sounds similar?

Nope that is good but some of us still wondering how can we relate to the term Authorization and Authentication and what comes first or last.

To clarify the difference,

Authentication

It is the process of verifying the identity of a user or device. This is to determine that it is the exact user or device this application verified for.

For example, User A only has access to relevant information and cannot see the sensitive information of User B.

Authorization

It is the process of determining what a user or device is allowed to do, after it is being authentication or his identity is being verified.

For example — Access controls encompass: File permissions, such as the right to create, read, edit or delete a file.

Lets understand the difference between OAuth, OpenID Connect and SAML

Photo by Chris Curry on Unsplash

1. OAuth 2.0 (Open Authentication)

OAuth(2.0) is an open standard for providing and implementing authorization. It is standard designed to allow a website or web apps to access resources hosted by other web apps on behalf of a user. OAuth2.0 uses access Tokens(a piece of information that represents the authorization on behalf of the end user.

For more info — https://auth0.com/intro-to-iam/what-is-oauth-2

Note: OAuth allows a third party application to access a user’s resources with their permission and without their login credentials.

2. OpenID Connect(OIDC)

OpenID connect is an open standard/open source solution for initiating and implementing the authentication process. It allows client to verify the identity of the end-user based on the authentication process. It allows users to choose the third-party OpenID provider they want to use to login to any website that accepts the OpenID standard (which could be also custom you have build).

You have seen it many times a day, when you try to login into the account of medium or Spotify or any other app through google account.

OpenID is useful for the developers who want to authenticate users, but are not willing to take the risk of storing user records on their own due to security aspects.

For more info — https://openid.net/connect/

Note : You can see it as SSO(Single Sign On) for consumer applications.

3. Security Assertion Markup Language (SAML)

This is also one of the ways for authentication and authorization.

SAML is an open standard for authentication and authorization and is used mostly in enterprises. It’s a framework for single-sign on (SSO), what it means that if you successfully logged in to an application of your organization, you can also access other apps without the need to re-enter your credentials.

SAML uses XML to exchange authentication and authorization messages between the specific identity providers to verify user identity and permissions, if access to an application is granted or denied. we can say it like it uses to transfer authentication data between two parties — the identity provider (IdP) and the service provider (SP).

Many benefits of using SAML :-

  1. SAML also offers increased security. Since the identity provider stores all login information, the service provider does not need to store any user credentials on their system.
  2. It improves the user experience as you only need to sign in once to access multiple web applications.
  3. The organization also benefits from this feature as it means fewer Help Desk calls for password resets.

For more info — How does it works behind the scene- visit — https://www.onelogin.com/learn/saml

Note: It can be seen as SSO for enterprise applications.

Photo by Christopher Gower on Unsplash

Summary

OAuth allows a third-party application to access a user’s resources with their permission and without their login credentials**.

OIDC adds an authentication layer to OAuth, allowing the application to verify the user’s identity and obtain basic profile information.

SAML is used for enterprise single sign-on, allowing users to authenticate with their corporate credentials and access enterprise resources.

Thanks for reading