From Zero to Hero: Identity Edition

Carla Urrea Stabile - Dec 14 '23 - - Dev Community

Identity is a broad topic, and many resources are available. This blog post gives you a curated list of some of the most relevant resources at Auth0 by Okta and relevant identity organizations.

Identity Fundamentals

A digital identity is a set of attributes that define a particular user in the context of a function that is delivered by a specific application.

Learn it from Vittorio

Identity Fundamentals Course brought to you by the one and only Vittorio Bertocci.

Identity Fundamentals

IAM, CIAM, Am I?

No Time? Learn Identity In a Minute

  • Identity In a Minute Series is an ongoing series of 60-second shorts that describe key concepts in modern identity management, authentication and authorization.

ID in a minute thumbnails

More Time? Learn Directly from Identity Experts

Authentication

In authentication, a user or application proves that they are who they say they are by providing valid credentials.

There are many ways of authentication, though. 🤔 Learn about the most common ones:

Authorization

Authorization is the process of giving someone the ability to access a resource.

People usually mix up Authentication and Authorization because usually authentication leads to authorization, but authorization does not always lead to authentication.

Learn more about authorization and the different types: 👇

2FA, MFA all-the-FA

There are many options you can use to prove your digital identity. These are called authentication factors, and there are three main types:

  • knowledge or something that you know like a password,
  • possession or something that you have like a device
  • inherence which is something that you are or is inherent to you.

Usually, your application requires only one authentication factor to authenticate a user, typically a password. In some contexts, you may want more assurance about the user's identity. In that case, you can require two or more authentication factors. That's what two-factor authentication (2FA) and multi-factor authentication (MFA) are all about.

Learn more about 2FA and MFA 👇:

OAuth2, OIDC, Oh-what?

There are many standards used for identity. Some of the most relevant are OAuth2 and OIDC. OAuth 2.0, which stands for "Open Authorization", is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. At the same time, Open ID Connect (OIDC) is an authentication protocol that utilizes the authorization and authentication mechanisms of OAuth 2.0.

But what else is out there? Learn more here 👇

Tokens, tokens, and more tokens!

A token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in securing your application. There are different tokens, but what does each one do? how do you use them?

WebAuthn

WebAuthn is a W3C recommendation for defining an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications to authenticate users strongly. Here are some great resources to learn more:

Passkeys

Passkeys are password replacements that provide a faster, easier, and more secure user login experience that leverages WebAuthn under the hood. Learn more about passkeys:

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player