Definition

Authentication

Authentication is the process of verifying the identity of a user or system, typically by validating credentials such as a username and password, a token, or a biometric factor, to confirm they are who they claim to be.

Understanding Authentication

Authentication answers the question: who are you? It is the first gate in any application that handles user-specific data. Common authentication methods in web applications include email and password login, social login through providers like Google or GitHub, magic link emails, and passwordless authentication using passkeys.

Authentication is one of the most security-sensitive parts of any application, and getting it wrong can have severe consequences. Common issues in AI-generated authentication code include passwords stored without proper hashing, session tokens that do not expire, login forms vulnerable to brute force attacks, and password reset flows that can be exploited.

QA testing of authentication should cover more than just the happy path of logging in successfully. Testers should verify behavior with wrong passwords, locked accounts, expired sessions, simultaneous logins from multiple devices, and password reset flows. These edge cases in authentication are where security vulnerabilities tend to hide.

Example usage

The login worked fine, but we discovered that expired session tokens were still accepted, meaning anyone with an old token could access the account indefinitely.

Related terms

authorizationJWTOAuthsecurity vulnerability

Learn more

Authorization

Authorization is the process of determining what actions, resources, or data an authenticated user is permitted to access within an application, based on their role, permissions, or other access control rules.

Read more

JWT (JSON Web Token)

A JWT, or JSON Web Token, is a compact, URL-safe token format that encodes identity claims and metadata as a JSON object, signed digitally to ensure integrity, and used to securely transmit authentication and authorization data between a client and a server.

Read more

OAuth

OAuth is an open authorization framework that allows users to grant third-party applications limited access to their accounts on other services, such as Google or GitHub, without sharing their passwords directly with the third-party application.

Read more
← Back to Glossary