Authorization
Authorization is the process of determining what permissions a user has after they are authenticated. It handles user access and permission.
Spring Security provides a robust framework for handling authorization in Spring applications.
OAuth 2.0 is a widely used protocol for authorization in web applications.
Authentication
Authentication is the process of verifying the identity of a user or system. Handles login and password verification.
OpenID Connect adds a layer on top of OAuth 2.0 to provide authentication capabilities.
Authorization Server
An authorization server is a component that handles both authentication and authorization, and create an access token and ID token for the user
- Access tokens are used to access protected resources (API access)
- ID tokens (JWT - JSON Web Tokens) are used to identify the user
Authorization Solutions:
- Open-Source / Free: (requires you to host and manage the service)
- Keycloak
- NextAuth.js
- Cloud-based:
- Auth0
- Okta
- Amazon Cognito
- Clerk