1 00:00:00,000 --> 00:00:09,040 [MUSIC] 2 00:00:09,040 --> 00:00:09,983 Hi, everyone. 3 00:00:09,983 --> 00:00:13,302 I'm Laura, a JavaScript instructor here at Treehouse. 4 00:00:13,302 --> 00:00:17,568 In this course, we'll learn how to implement authentication and 5 00:00:17,568 --> 00:00:19,561 authorization in a React App. 6 00:00:19,561 --> 00:00:23,816 Most apps these days would not be complete without authentication. 7 00:00:23,816 --> 00:00:28,185 It's what allows users to have an identity on your website or app. 8 00:00:28,185 --> 00:00:32,431 Authentication provides password protection to hide content from 9 00:00:32,431 --> 00:00:33,850 unauthorized users. 10 00:00:33,850 --> 00:00:37,135 It lets you serve content specific to a user, 11 00:00:37,135 --> 00:00:41,031 as well as customize their settings and experience. 12 00:00:41,031 --> 00:00:45,660 When learning about authentication it's important to know the difference between 13 00:00:45,660 --> 00:00:47,755 authentication and authorization. 14 00:00:47,755 --> 00:00:52,220 The two concepts work together to ensure that only authorized users 15 00:00:52,220 --> 00:00:55,363 are allowed access to sensitive information. 16 00:00:55,363 --> 00:00:59,989 Authentication is the process of verifying the identity of a user. 17 00:00:59,989 --> 00:01:04,575 Which is typically done by requiring the user to provide some form of 18 00:01:04,575 --> 00:01:08,363 identification, in our case a username and password. 19 00:01:08,363 --> 00:01:12,710 Authorization on the other hand is the process of granting or 20 00:01:12,710 --> 00:01:14,763 denying access to content. 21 00:01:14,763 --> 00:01:17,681 Which we'll implement using React Router. 22 00:01:17,681 --> 00:01:21,152 There are many ways to authenticate a user on the Web. 23 00:01:21,152 --> 00:01:25,524 Some of the most common methods to set up authentication in your app 24 00:01:25,524 --> 00:01:27,407 are basic authentication. 25 00:01:27,407 --> 00:01:32,157 Where the username and password are encoded in base64 and 26 00:01:32,157 --> 00:01:34,154 sent over to the server. 27 00:01:34,154 --> 00:01:38,879 This is the easiest to implement and we'll be using it in this course. 28 00:01:38,879 --> 00:01:43,324 Token-based authentication where in response to a login request, 29 00:01:43,324 --> 00:01:47,243 the server generates a token and sends it back to the client. 30 00:01:47,243 --> 00:01:51,840 The client must then send this token whenever making a request. 31 00:01:51,840 --> 00:01:59,214 This was originally created as part of OAuth 2.0 but can also be used on its own. 32 00:01:59,214 --> 00:02:04,077 OAuth 2.0 is similar to token-based authentication where a token is 33 00:02:04,077 --> 00:02:06,158 used to verify your identity. 34 00:02:06,158 --> 00:02:10,750 However, instead of the API Server generating the token 35 00:02:10,750 --> 00:02:13,243 a third party does it instead. 36 00:02:13,243 --> 00:02:16,344 Don't worry if you don't understand the alternative techniques. 37 00:02:16,344 --> 00:02:20,892 Just know that there are other authentication techniques out there and 38 00:02:20,892 --> 00:02:23,859 we'll be focusing on basic authentication. 39 00:02:23,859 --> 00:02:27,907 The basic authentication scheme is part of the overall 40 00:02:27,907 --> 00:02:31,342 authentication framework provided by HTTP. 41 00:02:31,342 --> 00:02:35,205 When a client wants to authenticate a user with a server, for 42 00:02:35,205 --> 00:02:37,114 example, logging in a user, 43 00:02:37,114 --> 00:02:37,907 he can do so 44 00:02:37,907 --> 00:02:43,745 by including an authorization request header with the user's credentials. 45 00:02:43,745 --> 00:02:49,283 Basic authentication transmits the credentials as user ID password pairs. 46 00:02:49,283 --> 00:02:54,676 Which are encoded using an encoding scheme called base64. 47 00:02:54,676 --> 00:03:00,280 Base64 is a way of encoding data so that it can be transmitted over the internet or 48 00:03:00,280 --> 00:03:03,949 other channels that only support ASCII characters. 49 00:03:03,949 --> 00:03:09,002 It's important to understand that basic authentication is a less secure method of 50 00:03:09,002 --> 00:03:13,993 authentication because the user's credentials are transmitted in plain text. 51 00:03:13,993 --> 00:03:18,487 Since the username and password are encoded not encrypted. 52 00:03:18,487 --> 00:03:22,891 Anyone who intercepted the communication can easily decode it and 53 00:03:22,891 --> 00:03:25,410 retrieve the username and password. 54 00:03:25,410 --> 00:03:31,926 It should only be used over a secure encrypted connection, such as HTTPS. 55 00:03:31,926 --> 00:03:38,025 HTTPS encrypts all data being transmitted between the client and server. 56 00:03:38,025 --> 00:03:43,133 If you'd like to learn more about HTTPS be sure to check the teacher's notes. 57 00:03:43,133 --> 00:03:47,853 In this course, I'm focused on helping you build a foundation of authentication. 58 00:03:47,853 --> 00:03:51,393 Which is why we'll be using basic authentication. 59 00:03:51,393 --> 00:03:54,165 It's the simplest authentication to implement, 60 00:03:54,165 --> 00:03:58,220 and you can use the knowledge you gained in this course to branch out and 61 00:03:58,220 --> 00:04:01,740 try other more secure methods that you might find on the job.