Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
- Stackoverflow.com Wiki
Tokens-based authentication is more relevant than ever. Examine the differences and similarities between cookie and token-based authentication, advantages of using tokens, and address common questions and concerns developers have regarding token-based auth.
In the beginning, things were simple: you had two strings (a username and a password) and if someone knew both of them, they could log in. Easy.
Authentication is clearly important, but there are many ways to reliably authenticate users – not just passwords. Passwords are written off as inconvenient and unavoidable, but even if true a few years ago, that’s not true today. Due to a combination of sensors, encryption and seasoned technology users, authentication is taking on new (and exciting) forms.
Authentication itself is a fairly simple process. Don’t build that, go and use a builtin solution, authentication is complex, but the good side of it is that there are rarely any business specific stuff around it. You need to authenticate a user, and that is one of those things that is generally such a common concern that you can take an off the shelve solution and go with that.
Authorization is a lot more interesting.