This article will be explaining the basics about authentication and authorization.

Authentication(인증)

Definition of my own - authentication is a process distinguishing whether the user/system the matches the actual user or the system.

Types of authentication

• SFA - uses single element for identifying a user.
• 2FA - uses additional elements for identification such as smartphone biometric authentication or fingerprints.
• MFA - uses 3 or more elements for identification.

Authentication process - authentication occurs through the following process on Frontend and Backend API

• Sign-in process
     1. User willing to use service of a certain website saves user's ID and password in database.
     2. User's password is saved after password being encrypted.

• Log-in process
     1. User inputs former created ID and password.
     2. Input password is encrypted and is traded with the encrypted password stored in the database.
     3. If the two passwords match, Log-in processes.
     4. Backend API server passes access token with users's identification information to the user.
     5. Access token is forwarded to the server from then on so the user doesn't have to go through this process everytime.

Authorization(인가)

Definition of my own - providing permission for access to certain resources and functions to a user. Authentication is prioritized before granting authorization.

Summary

• authentication is a process in which by using credential information data, the user or system id identified.
• authorization is a process to grant access permission for credential user with certain resources and functions.