Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

User Authentication With Express and Mongo

Well done!

You have completed User Authentication With Express and Mongo!

Sign up for Treehouse Back to Library

Authentication and Authorization

3:11 with Dave McFarland and Jonathan Foster

Learn the difference between authentication and authorization and the basic steps of the authentication process.

New Terms:

  • Authentication - confirming that the user is who they claim to be
  • Authorization - determining which resources or areas of the site they can access

Examples:

  • Facebook Login
  • Twitter Login
  • Treehouse Login

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    You may be wondering what authentication is, and 0:00
    whether it's the same as authorization. 0:02
    No, authentication and authorization are not the same, but 0:04
    they're often used together. 0:08
    In the context of a user system, authentication refers to the process 0:10
    of confirming that the user is who they claim to be. 0:15
    For example, 0:18
    Facebook needs you to prove who you are before you can update your status. 0:19
    Likewise, you need to sign into Treehouse so we can identify you and 0:23
    retrieve your information. 0:27
    Websites authenticate users by validating the credentials that the user provides, 0:30
    like an email address and a password, for example. 0:34
    Once the site knows who the user is, 0:37
    it can determine which resources or areas of the site they can access. 0:39
    This is known as authorization. 0:44
    Authorization means you're allowed to see certain information and do certain things. 0:46
    For example, sign into Facebook, you can view your friends statuses and 0:51
    update your own status. 0:54
    In other words, once a site authenticates you that is it knows 0:56
    that you are who you say you are. 1:00
    It will authorize access to your resources and information. 1:02
    There are a lot of steps involved in this process. 1:07
    So let's illustrate each of them. 1:09
    First, a user needs to create an account. 1:12
    They will be presented with a registration form that asks for 1:14
    certain information, like email address, name and password. 1:17
    This information is saved in a database. 1:21
    Now that a user has an account on the website, 1:24
    they log into the site by entering that same email and password into a login form. 1:26
    The application checks that the credentials the user entered 1:32
    match a record in the database. 1:35
    If the information matches, 1:37
    then the site knows who they are, the user is now authenticated. 1:39
    While the user is logged in, the web application can alter the appearance and 1:44
    functionality of the website based on that user's preferences settings and history. 1:48
    For example, you're logged into Treehouse. 1:53
    So we can suggest which course you should take next, let you edit your profile page, 1:55
    and keep track of which videos you watch, and which quizzes and 2:00
    code challenges you complete. 2:03
    In other words, 2:05
    once you're authenticated, a website can follow you from page to page. 2:06
    But how does the site know it's you as you bounce from page to page? 2:11
    Well, a web server can identify you and 2:15
    your browser each time you request a new page using something called a session. 2:18
    I'll talk more about sessions later in this course, but for now, 2:23
    think of a session as a unique token that the server uses to identify you. 2:26
    The session sticks with you and your browser while you visit the site, and 2:31
    then it's destroyed after a period of inactivity. 2:35
    In other words, the token lasts for one session or one visit. 2:38
    When you want to leave the website and log out, you click the log out link 2:42
    that sends a request to the server and deletes the session object. 2:46
    Now, without that session, the server basically forgets who you are. 2:50
    So the next time you'll use the same credentials to log back in. 2:54
    That may sound complex, and 2:58
    like it requires a lot of programming, but don't worry. 2:59
    By the end of this course you will have created a working 3:03
    user authentication system. 3:06
    In the next video, I'll show you the project we're going to build. 3:08

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up