Welcome to the extensive guide on the concepts of authentication and authorization in Next.js and in general.
Authentication and authorization are two essential concepts in web security.
Authentication: the process of verifying the identity of a user. It ensures that the person or entity accessing the system is who they claim to be.
example: asking email, password or using OAuth (more about it later).
Authorization, on the other hand, determines what actions a user is allowed to perform within the system after they've been authenticated. It defines the permissions and access levels granted to users based on their identity and role examples:
allowing only admins to manage products like delete and so on. (admin role).
admins can delete users and has full access to all operations in the system. allowing users to only manage their products.
With session-based authentication, a session is created on the server for each user after they log in. The server then sends a unique session identifier (usually stored as a cookie) to the client, which is used for subsequent requests to authenticate the user. so below are explanations of some jargon words.
Session: It is like "temporary pass" that lets a user stay logged in to a website for a certain period of time. making website to remember who you are really and not need reauthenticate. When you log in, the website creates a session that remembers who you are, so you don’t need to log in again every time you visit a new page on the site. The session usually expires after a while, either when you log out or after a certain period of inactivity, for security reasons.
Cookie : It is a small piece of data that a web server sends to a user's web browser. The browser then stores this data and sends it back with every subsequent request to the same server. Cookies are commonly used for various purposes, including session management, tracking user preferences, and personalizing user experiences. You can think of cookies as a way for websites to remember users and their preferences across different sessions.