DEV Community

Carla Urrea Stabile for Okta

Posted on • Originally published at auth0.com

From Zero to Hero: Identity Edition

Identity is a broad topic, and many resources are available. This blog post gives you a curated list of some of the most relevant resources at Auth0 by Okta and relevant identity organizations.

Identity Fundamentals

A digital identity is a set of attributes that define a particular user in the context of a function that is delivered by a specific application.

Learn it from Vittorio

Identity Fundamentals Course brought to you by the one and only Vittorio Bertocci.

Identity Fundamentals

IAM, CIAM, Am I?

No Time? Learn Identity In a Minute

  • Identity In a Minute Series is an ongoing series of 60-second shorts that describe key concepts in modern identity management, authentication and authorization.

ID in a minute thumbnails

More Time? Learn Directly from Identity Experts

Authentication

In authentication, a user or application proves that they are who they say they are by providing valid credentials.

There are many ways of authentication, though. πŸ€” Learn about the most common ones:

Authorization

Authorization is the process of giving someone the ability to access a resource.

People usually mix up Authentication and Authorization because usually authentication leads to authorization, but authorization does not always lead to authentication.

Learn more about authorization and the different types: πŸ‘‡

2FA, MFA all-the-FA

There are many options you can use to prove your digital identity. These are called authentication factors, and there are three main types:

  • knowledge or something that you know like a password,
  • possession or something that you have like a device
  • inherence which is something that you are or is inherent to you.

Usually, your application requires only one authentication factor to authenticate a user, typically a password. In some contexts, you may want more assurance about the user's identity. In that case, you can require two or more authentication factors. That's what two-factor authentication (2FA) and multi-factor authentication (MFA) are all about.

Learn more about 2FA and MFA πŸ‘‡:

OAuth2, OIDC, Oh-what?

There are many standards used for identity. Some of the most relevant are OAuth2 and OIDC. OAuth 2.0, which stands for "Open Authorization", is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. At the same time, Open ID Connect (OIDC) is an authentication protocol that utilizes the authorization and authentication mechanisms of OAuth 2.0.

But what else is out there? Learn more here πŸ‘‡

Tokens, tokens, and more tokens!

A token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in securing your application. There are different tokens, but what does each one do? how do you use them?

WebAuthn

WebAuthn is a W3C recommendation for defining an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications to authenticate users strongly. Here are some great resources to learn more:

Passkeys

Passkeys are password replacements that provide a faster, easier, and more secure user login experience that leverages WebAuthn under the hood. Learn more about passkeys:

Top comments (0)