Authentication

Auth0 uses OpenID Connect and OAuth 2.0 to authenticate users and verify their identity.

Authentication refers to the process of confirming identity. While often used interchangeably with authorization, authentication represents a fundamentally different function.

In authentication, a user or application proves they are who they say they are by providing valid credentials for verification. Authentication is often proved through a username and password, sometimes combined with other elements called factors, which fall into three categories: what you know, what you have, or what you are.

  • Single-Factor Authentication relies on a password. Example: a school website that only requires validating a password against a username.

  • Two-Factor Authentication relies on a piece of confidential information in addition to a username and password. Example: a banking website that validates a password against a username and then requires the user to enter a PIN known to only the user.

  • Multi-Factor Authentication (MFA) uses two or more security factors from independent categories. Example: a hospital system that requires a username and password, a security code received on the user's smartphone, and fingerprint.

Learn more