Authentication

Authentication

• It is about to check the user identity to access to certain pages

Authorization

• It is about the methodology to restrict the user access right

General Flow

• Firstly, client need to register the key(session id / access token) from server/third-party, and store it into client-side (cookie/ local storage) by login , etc.

• Secondly, if client want to access the private resource, need to send the request with the key, and then server side / third-party will check whether the key is valid

• If valid, client can be allowed to access the private resource