Glossary
Access Token
In an OAuth context, a credential a client application uses on behalf of the resource owner (user).
Authentication
The process of proving your identity before you can access a secure system.
Authentication is all about proving that you are who you say that you are. Some methods to authenticate someone include passwords, biometrics (facial recognition, fingerprint verification), and cryptographic keys.
This term is all about who. Related, but distinct is authorization, which is all about what you can access.
Authorization
The process of verifying what things you can access within a secure system.
Authorization can take a few forms:
- Based on entities:
user,admin,super-admin - Based on roles:
viewer,commenter,editor - Based on granted scopes:
readaccess,writeaccess,read-writeaccess
This term is all about what you have access to within a given system. Closely related but distinct is authentication, which is all about who has access.
Authorization Provider
A service that implements OAuth, allowing clients to access protected resources on behalf of users.
Some examples of authorization providers include Google, GitHub, Microsoft, Okta.
Authorization Server
An OAuth component that authenticates the resource owner and the client application, and issues access tokens. It also handles the revocation of expired tokens.
When using an authorization provider like Google, Microsoft, or GitHub, the authorization server is external to the application.
Client Application
An application that acts on behalf of a user in an OAuth context.
The client acts as a go-between for the resource owner, who grants authority, the authorization server, which validates the user and client, and the resource server, which keeps the resource owner’s data.
Encryption
The process of scrambling plain information in a special way (using cryptographic algorithms) to make that data more secure, or encrypted. The reverse of this process is called decryption.
Encrypted data is hidden to anyone without the one key that can unscramble or decrypt the data. This protects the information from unauthorized access.
People have protected information with encryption long before the age of modern computing. Today, encryption is used widely for storing data like passwords, for communication that’s protected from eavesdropping, for securing online transactions, and much more. It’s the backbone of privacy online.
Main Password
A password that unlocks a password manager’s vault.
OAuth Flow
The sequence of steps authorizing an application to act on behalf of a user.
Password
A secret combination of characters used to access a protected system or account.
Password Manager
A software tool that stores all your passwords and secrets in one secure place. As well as remembering your passwords for you, a password manager can also generate strong passwords for you. This makes your online accounts more secure and easier to manage.
Redirect URI
Location where the authorization server sends the user’s browser after the OAuth consent process.
Resource Owner
The user giving access (these are called granted authorities) to their data in an OAuth context.
During the OAuth flow, the user interacts with the authorization server to provide consent, authenticate themselves, and authorize the client to access their protected data.
Resource Server
The server that hosts and protects the resource owner’s data in an OAuth context.
This server verifies access tokens presented by the client application, granting or denying access.
Search Operator
Words or symbols used to filter a search query.
Shared Secret
A piece of data usually only known by two parties, used to verify later communication.
Time-Based One-Time Password
A short-lived 6 digit code used alongside a password when you log into a website, often referred to by its acronym TOTP.
Two-Factor Authentication
A method of proving your identity both with your password and an additional step.
Sometimes referred to by its acronym, 2FA and also known as multi-factor authentication (MFA).
Vault
In the context of password managers, a vault is a digital container that stores and manages passwords, credit card information, API keys, tokens, and more. Vaults protect that stored data using encryption. This protects the vault from access without the main password.