Authenticate

Authenticate

Auth0 uses OpenID Connect and OAuth 2.0 to authenticate users and verify their identity.

Authentication refers to the process of confirming identity. While often used interchangeably with authorization, authentication represents a fundamentally different function.

In authentication, a user or application proves they are who they say they are by providing valid credentials for verification. Authentication is often proved through a username and password, sometimes combined with other elements called factors, which fall into three categories: what you know, what you have, or what you are.

  • Single-Factor Authentication relies on a password. Example: a school website that only requires validating a password against a username.

  • Two-Factor Authentication relies on a piece of confidential information in addition to a username and password. Example: a banking website that validates a password against a username and then requires the user to enter a PIN known to only the user.

  • Multi-Factor Authentication (MFA) uses two or more security factors from independent categories. Example: a hospital system that requires a username and password, a security code received on the user's smartphone, and fingerprint.

Read... To learn...                                
Login About the various ways of implementing login authentication for your applications.
Single Sign-On What Single Sign-On (SS0) is and how to implement it with Auth0.
Passwordless How to allow users to log in without needing to remember a password. Users enter their mobile phone number or email address, and receive a one-time code or link, which they can use to log in.
Identity Providers About the external social, enterprise, and legal Identity Providers supported by Auth0.
Database Connections How to create your own user store, which allows you to authenticate users with an email address or username and a password. The credentials can be stored securely in either the Auth0 user store or your own database.
Protocols About the set of open specifications and protocols that specify how to design an authentication and authorization system.

Learn more