While most developers know what a URL is, not everyone knows what a URI is, and even less knows about URNs. Not to mention that the relationship between these items is not always very clear. Let's clarify in simple words the difference.
What Is a URL?
We have to deal with URLs every day. URL is an acronym that stands for Uniform Resource Locator. Maybe the expanded name may sound weird, but you can simply call it address. The term address explains very well the role of a URL. You can think of a URL like your home address: it contains all the information to find your home.
Similarly, you can define a URL as a string that denotes the location of a given resource on the Internet: a web page, an image, a mailbox, etc. The following are examples of URLs:
https://jwt.io
https://auth0.com/docs/get-started#learn-the-basics
https://identicons.dev/static/icons/mono/png/icon-access-token.png
mailto:yourfriend@somewhere.com
ftp://ftpserver.com/myfolderURLs and links
While the terms URL and link are commonly used interchangeably, technically they are not synonyms. A URL is a string that allows you to locate a resource. A link (short for hyperlink) is an HTML element that enables you to load a resource from a given URL in a browser. So, a link relies on a URL, and a URL can exist without a link, but a link without a URL makes no sense (at least in its original meaning).
Anatomy of a URL
The Uniform part of the URL acronym is about a common structure of these locator strings. The following image shows this standard structure:
An URL consists of the following parts:
- Scheme: in a URL, this is the protocol that should be used to access the resource. Beyond the well-known HTTP and HTTPS, you can use many other schemes.
- Domain: this part indicates the server hosting the resource. It can be a domain name or an IP address.
- Port: it is the protocol port to which to send the request to access the resource. Usually, it is omitted, meaning that the default protocol port should be used.
- Path: this is the path to the resource on the hosting server.
- Parameters: these are optional extra information provided to the hosting server.
- Anchor: this part represents a specific part inside the resource. It is also called fragment.
The group consisting of the domain name and the port, if present, is also known as authority. The scheme and the authority are separated by the string ://. If a URL has no authority, the scheme and the rest of the URL are separated only by the colon :. A typical example of a URL without the authority part is the URL representing an email address, such as mailto:yourfriend@somewhere.com.
Auth0 configuration and URLs
If you are going to configure your application to use Auth0, make sure you do not confuse two common concepts often mentioned by the documentation, quickstarts, and tutorials: tenant domain and issuer URL.
The tenant domain or simply domain is a string in the form YOUR-TENANT-NAME.auth0.com where YOUR-TENANT-NAME is the name you provided when you created your account with Auth0. It represents the server's domain name that will handle all the interactions between your application and Auth0.
The issuer URL is the base URL of your tenant, the issuer of ID and access tokens you will use to handle authentication and authorization. It has the following format: https://YOUR-TENANT-NAME.auth0.com.
As you can see, while the issuer URL follows the URL format, the tenant domain is just the domain part of a URL.
What Is a URI?
The URI acronym stands for Uniform Resource Identifier. Shortly, it is a string that identifies a resource. From a syntactical point of view, a URI string mostly follows the same format as... the URL! 😲
You may be wondering, how is it possible? So, are URLs and URIs the same thing? Well, not really.
Both URLs and URIs follow the same specification: RFC 3986. However, while URLs allow you to locate a resource, a URI simply identifies a resource. This means that a URI is not necessarily intended as an address to get a resource. It is meant just as an identifier.
Going back to the address example, if you say you live in the only yellow house in your town, you are not giving directions on how to get there. However, this information identifies your house among the others in your town.
On the other hand, a URL is a URI. Beyond the fact that it uses the same URI syntax, it also identifies a resource through an address. In other words, a URL is an identifier that allows you to identify a resource and, at the same time, gives you directions to access it.
Your home address not only gives directions to find it. It also identifies it so that you can't confuse it with another one.
In a nutshell, URLs are a subset of URIs.
An example of URI
Now you are probably wondering what the point of a URI that is not the address of a resource is. 🤔
A typical example of URI that is not a URL is an XML namespace identifier. If you've ever worked with XML, you may have found some document similar to the following:
<?xml version = "1.0" encoding = "UTF-8"?>
<rec:recipe xmlns:recipe = "https://the-great-chef.com/languages/recipe">
<rec:title>Spaghetti carbonara</rec:title>
<rec:author>Anonymous</rec:author>
<rec:ingredients>
...
</rec:ingredients>
</cont:contact>That https://the-great-chef.com/languages/recipe string is a URI that identifies an XML namespace, i.e., a set of names for XML elements and attributes that allows you to define a cooking recipe. By the way, don't use that namespace: I totally invented it right now! 😄
Although the format of that URI is the same as an URL, it doesn't allow you to access any resource on the Web. However, using that format lets you reduce name clashing for namespaces. In fact, the URI's domain name is not intended as the server's name hosting that resource. The URI's domain name leverages the existing registration process for DNS to obtain a globally unique name without the need for another registry. In other words, if you are the owner of the-great-chef.com domain, there is no risk of conflict in creating URIs based on this domain.
URIs have great relevance in the Semantic Web since they are used to identify concepts through the Resource Description Framework (RDF).
Auth0 configuration and URIs
As another example of a URI that is not a URL, consider the registration of an API with Auth0.
When registering your API with Auth0, you need to provide an API identifier, also known as audience. This identifier is nothing but a URI: a logical identifier for your API. The following picture shows an example of an audience in the URI format:
Auth0 will not attempt to make any request to that URI. It is just used to distinguish your API from others.
What Is a URN?
Maybe the URN acronym is less popular than URL and URI, but it belongs to the same family. It stands for Uniform Resource Name, and its scope is to identify resources in a permanent way, even after that resource does not exist anymore.
Unlike a URL, a URN doesn't provide any information about locating the resource but simply identifies it, just like a pure URI. In particular, a URN is a URI whose scheme is urn and has the following structure, as described by the RFC 2141:
urn:<NAMESPACE-IDENTIFIER>:<NAMESPACE-SPECIFIC-STRING>The <NAMESPACE-IDENTIFIER> placeholder stands for a string representing the resource category you want to identify. The <NAMESPACE-SPECIFIC-STRING> is the resource's specific identifier, and its format depends on the namespace identifier.
The following are examples of URNs:
urn:isbn:1234567890
urn:ISSN:0167-6423
urn:ietf:rfc:2648Those URNs identify objects of different types. For example, urn:isbn:1234567890 identifies a publication through the ISBN system; urn:ISSN:0167-6423 identifies a publication through the ISSN system; urn:ietf:rfc:2648 is an RFC issued by the IETF.
You may think that this format differs a lot from the URL and URI format you've seen earlier. Actually, they have a common syntax definition, although that difference has historical reasons.
In the Auth0 context, you use URNs to globally identify your SAML entity. Specifically, you use a URN in the form urn:auth0:YOUR_TENANT:YOUR_CONNECTION_NAME. Check this article to learn more about SAML and this document to use SAML with Auth0.
Unlike a URI, URNs are identifiers issued by public standard organizations and may involve anything needing a standard identifier in human activity, not just computer and software systems.
Summary
I hope that now you have a clearer picture of the relationship between URLs, URIs, and URNs. To summarize the differences between these overlapping concepts, check out this infographic:
