Authentication refers to the process of confirming identity. While often used interchangeably with authorization, authentication represents a fundamentally different function.

In authentication, a user or application proves they are who they say they are by providing valid credentials for verification. Authentication is often proved through a username and password, sometimes combined with other elements called factors, which fall into three categories: what you know, what you have, or what you are.

  • Single-Factor Authentication relies on a password. Example: a school website that only requires validating a password against a username.
  • Two-Factor Authentication relies on a piece of confidential information in addition to a username and password. Example: a banking website that validates a password against a username and then requires the user to enter a PIN known to only the user.
  • Multi-Factor Authentication (MFA) uses two or more security factors from independent categories. Example: a hospital system that requires a username and password, a security code received on the user's smartphone, and fingerprint.

For a comparison of authentication and authorization, see Authentication vs. Authorization.

Application Authentication Flows

Auth0 uses OpenID Connect and OAuth 2.0 to authenticate users and verify their identity.

We support scenarios for mobile, desktop, server-side, or client-side applications. You can get more details on implementing these flows by exploring: