Source

https://www.youtube.com/watch?v=h6wBYWWdyYQ 21:04

Summary

auth 的本質，很適合上補習班出來的人看

• Authentication(AuthN): 身份認證（你是誰）
• Authorization(AuthZ): 可以使用哪些權限
• AuthN flow
  1. user sign-in
  2. client(browser) stores cookie(session)
  3. rest of client’s request will bring session
• AuthZ flow
  1. login user requests data
  2. server parse and check user from cookie
  3. server checks if the request action is authorized
  4. response