All you need to know about login （SSO, LDAP, SAML, OAuth, OpenID)I was recently asked this question again: “What is the difference between authentication and authorization?”

Let’s touch all of them in this single post. walkthrough in 10 mins.

Back to the old-school

A quick explanation.

Login: Authentication (Who you are). before accessing any resource, you need a “token”. and of course, before login, you need to register first.

Token generation and verification: Authorization (What you can do). this is the step after logging in or renewing a token(using a refresh token). the token that is stored in db (or here could be a standalone IDP, which depends on the design) is valid for a certain time window.

So what is a token? — You can think of it as “an encrypted identity within a time window”. or, you can also treat it as either of below:

• A movie or whatever ticket when watching a show
• A “day pass” when you enter a building

So the problem with the above traditional flow is — to reinvent the wheel. Let’s think about 2 cases.

• Company system (every company will have to build its own login)