developers

From Zero to Hero: Identity Edition

There are tons of identity resources out there. What if you had a curated list of resources? Then, keep reading this blog post!

Identity is a broad topic, and many resources are available. This blog post gives you a curated list of some of the most relevant resources at Auth0 by Okta and relevant identity organizations.

Identity Fundamentals

A digital identity is a set of attributes that define a particular user in the context of a function that is delivered by a specific application.

Learn it from Vittorio

Identity Fundamentals Course brought to you by the one and only Vittorio Bertocci.

learn-identity-homepage

IAM, CIAM, Am I?

No Time? Learn Identity In a Minute

  • Identity In a Minute Series is an ongoing series of 60-second shorts that describe key concepts in modern identity management, authentication, and authorization.

ID in a minute thumbnails

More Time? Learn Directly from Identity Experts

Authentication

In authentication, a user or application proves that they are who they say they are by providing valid credentials.

There are many ways of authentication, though. 🤔 Learn about the most common ones:

For further information, we invite you to learn more about SSO with our free whitepaper.

Download the whitepaperThe Definitive Guide to Single Sign On (SSO)

Authorization

Authorization is the process of giving someone the ability to access a resource.

People usually mix up Authentication and Authorization because authentication usually leads to authorization, but authorization does not always lead to authentication.

Learn more about authorization and the different types: 👇

2FA, MFA all-the-FA

There are many options you can use to prove your digital identity. These are called authentication factors, and there are three main types:

  • knowledge or something that you know, like a password,
  • possession or something that you have, like a device
  • inherence, which is something that you are or is inherent to you.

Usually, your application requires only one authentication factor to authenticate a user, typically a password. In some contexts, you may want more assurance about the user's identity. In that case, you can require two or more authentication factors. That's what two-factor authentication (2FA) and multi-factor authentication (MFA) are all about.

Learn more about 2FA and MFA 👇:

OAuth2, OIDC, Oh-what?

There are many standards used for identity. Some of the most relevant are OAuth2 and OIDC. OAuth 2.0, which stands for "Open Authorization", is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. At the same time, Open ID Connect (OIDC) is an authentication protocol that utilizes the authorization and authentication mechanisms of OAuth 2.0.

But what else is out there? Learn more here 👇

Want to get up to speed with OAuth2 and OpenID Connect?

Download the free ebookOauth2 OpenID Connect Professional Guide

Tokens, tokens, and more tokens!

A token is a piece of data that has no meaning or use on its own but, combined with the correct tokenization system, becomes a vital player in securing your application. There are different tokens, but what does each one do? How do you use them?

Interested in getting up-to-speed with JWTs as soon as possible?

Download the free ebookJWT Handbook

WebAuthn

WebAuthn is a W3C recommendation for defining an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications to authenticate users strongly. Here are some great resources to learn more:


webauthn.me logoWant to learn more about WebAuthn?Visit → webauthn.me

Passkeys

Passkeys are password replacements that provide a faster, easier, and more secure user login experience that leverages WebAuthn under the hood. Learn more about passkeys: