### Authentication

Authentication is about validating your credentials such as Username/User ID and password to verify your identity. The system then checks whether you are what you say you are using your credentials. Whether in public or private networks, the system authenticates the user identity through login passwords. Usually authentication is done by a username and password, although there are other various ways to be authenticated.

### Authorization

Authorization occurs after your identity is successfully authenticated by the system, which therefore gives you full access to resources such as information, files, databases, funds, etc. However authorization verifies your rights to grant you access to resources only after determining your ability to access the system and up to what extent. In other words, authorization is the process to determine whether the authenticated user has access to the particular resources. A good example of this is, once verifying and confirming employee ID and passwords through authentication, the next step would be determining which employee has access to which floor and that is done through authorization.

source: https://medium.com/datadriveninvestor/authentication-vs-authorization-716fea914d55

In [1]:
# https://api.github.com/user

%run secrets.ipynb
# https://developer.github.com/v3/users/#get-the-authenticated-user
import requests
import json
from requests.auth import HTTPBasicAuth
a = requests.get("https://api.github.com/user")

In [2]:
a.status_code # returns 401: Authentication (error message": "Requires authentication")

401

In [3]:
a = requests.get("https://api.github.com/user", auth = HTTPBasicAuth(github_id, github_password))
print(a.status_code)

200


In [4]:
a = requests.get("https://api.github.com/user", auth = (github_id, github_password))

print(a.status_code)

200


In [5]:
# Attempting to create a repository


info = {'name' : 'New_repo', 'description' : 'created via API call', 'auto_init' : 'true'}

a = requests.post('https://api.github.com/user/repos', auth = (github_id, github_password), data = json.dumps(info))

In [6]:
a.status_code

422

### What is oAuth?

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.

### Car-Vallet Analogy

An OAuth token is like that valet key. As a user, you get to tell the consumers what they can use and what they can’t use from each service provider. You can give each consumer a different **valet key**. They never have the full key or any of the private data that gives them access to the full key.

Source: https://www.varonis.com/blog/what-is-oauth/

<img src="oAuthEg1.png" width="500" height="500" align="center"/>

### oAuth Roles

<img src="oAuthroles1.png" width="500" height="500" align="center"/>

### Facebook Authentication Process

<img src="fbAuthProcess.png" width="500" height="500" align="center"/>