Auth, OAuth, and Auth0: What is what?

Cracking the Auth Puzzle: A Tale for Survivors and Learners

Prince Singh
4 min readSep 8, 2024
Auth > OAuth > Auth0

Oh, is this going to be another OAuth Guide? Not at all! This will be more like what is what session? So, you know what you are going to deal with. The terms, which you have seen and heard 100 times, Auth, OAuth, Auth0…what do they mean?

Alright, mate! If we have cleared the confusion about what we will be covering here — let's Buckle up. We’re diving into the world of Auth.

It might seem like a rollercoaster for beginners but don’t worry, It is not. It is more like a toy train set, yeah, It's as simple as that.

So, let’s check it out, one by one so that you can master it.

“Auth”: first things first

Auth is short for authentication and sometimes authorization, which are two distinct but related concepts in computer systems security.

  • Authentication: Process of verifying the identity of a user or system — This is like showing your ID to prove who you are. When you log in to a website with your username and password, the website checks if it’s really you.
  • Authorization: Process of determining what an authenticated user is allowed to do — After proving who you are, this step decides what you are allowed to do. For example, after logging in, it decides if you can see certain pages or make changes.

Now, you say, Ok, it is pretty much straightforward up to here but…

What about “OAuth” and “Auth0”? Are they the Same?

OAuth and Auth0?

Nah. Not the same things, but I get why folks mix them up.

It’s like confusing the Hindi film industry (a.k.a. Bollywood) with the Indian film industry.

What is “OAuth”?

OAuth is an open standard authorization framework that allows third-party applications to access a user’s resources without needing to know their credentials.

Let's make it straight —

OAuth is a protocol for authorization.

“Ever clicked ‘Login with Google’ on a website? That’s OAuth doing its thing!”

A little bit of history to make you more aware and confident -

It’s been around since 2006 — yeah when we were probably more worried about our School Homework and WWE superstars playing cards!

OAuth 1.0 was the OG, but it had its flaws. Kind of like that over-engineered utility app that seemed cool but was a pain to use.

Then came OAuth 2.0 in 2012 — when most of us had just joined university or were preparing for it.

It’s like OAuth 1.0’s cooler, more chill cousin. Easier to use, and more flexible. It’s what most devs use these days.

Think of it like upgrading from a Nokia 3310 to a shiny new iPhone.

Want to dive deep more into OAuth, without reading the full article — here you go — OAuth.Net and Modern Guide to OAuth

Now, What is “Auth0”?

This is a whole different game, or not so different. It’s a company that provides authentication and authorization as a servicie. They use OAuth 2.0, but they’re not OAuth itself.

It’s like saying Swiggy is food — nah, they just deliver it!

They support various identity protocols, including OAuth 2.0, OpenID Connect, SAML, and more. Want to check more about Auth0 — here you go again — Auth0

Are there more platforms like Auth0? Definitely Yes!

  • Okta (In 2021, Okta acquired Auth0 for $6.5 billion)
  • Amazon Cognito and Firebase Authenticationprovided by Google

Why all this confusion?

When you are new to these terms they all may sound the same to you. And of course, they are just juggling those few letters while naming :)

But, I can bet when I first stumbled upon these terms. My head was spinning faster than yours! Trust me, once you get it, it clicks. ✌

In Conclusion

So there you have it, folks! We’ve cracked open the Auth puzzle box and peeked inside.

From the OG OAuth to the slick Auth0. , we’ve covered the basics without frying our brains. Remember, it’s not as scary as it seems — it’s just a bunch of tech trying to keep your stuff safe and sound.

Next time someone throws around “OAuth” or “Auth0” at a meetup, you can nod knowingly instead of scratching your head. And hey, if you’re still feeling a bit lost in the auth jungle, no worries! We’re all on this wild tech ride together.

Keep coding, keep learning- until next time, and may your tokens always be fresh and your auths never fail!

As always, if you’ve enjoyed this article — please feel free to leave a clap, and if you have any questions or comments feel free to leave those as well. Thanks for reading!

Got any specific auth headaches you’re dealing with? Or any other tech terms making you go “Huh?”? Shoot, and let’s untangle this mess together!

~ Prince Singh (LinkedIn isinghprince)

--

--

Prince Singh

I specialize in architecting enterprise-scale web applications and intuitive data visualizations from zero. Expertise - TypeScript, Rest APIs, Postgres DB