Overview

Read about the Authentication Service

The Authentication service (also known as AuthN service) provides a secure and reliable mechanism for verifying the identity of users. Authentication is a vital component in nearly every application’s operations. Authentication ensures a person is who they claim to be and ensures that data is not exposed to the wrong person. In an application, authentication is most commonly used for login and access to restricted, personal, or more sensitive areas of the application.

Pangea’s AuthN service

Pangea’s AuthN service is a cloud-based authentication service providing secure login, session management, and user management through hosted pages and APIs. The AuthN service allows you to build an authentication flow with the right amount of friction to meet your security requirements while also seamlessly matching the look and feel of your application.

Quick view

What it does	Provides secure login, session management, and user management via hosted pages and APIs
Supported Languages	Node.js SDK Golang SDK Python SDK Java SDK C# SDK
Capabilities	Provides multiple authentication methods via: Username & password Social authentication (via OpenID Connect) Email Magic Links Email or SMS Code Time-based One-Time Password FIDO passkeys SAML2 Additional factors coming soon: WebAuthn Manage users from within the Pangea Console Brandable hosted pages allow to match your organization's brand Drop-in client-side components for more native integration of auth flows into your app Easy integration with Secure Audit Log

Terminologies

The security and authentication-related terminologies are not limited to the following:

1. Access control: The process of granting or denying access to a resource based on the verified identity of the entity.

2. Authentication factors: The information or evidence used to prove the identity of the entity, such as a password, security token, or biometric data.

3. Authentication protocols: The procedures used to verify the identity of the entity, such as username/password authentication, multi-factor authentication, or single sign-on (SSO).

4. Auditing: The process of recording and monitoring events to ensure the security of the system and detect any unauthorized access attempts.

5. Callback URI: The URL called by the social authentication provider after the OAuth process is complete. The account information is not returned directly to the callback, but instead a code used to access account information.

6. Code: A one-time use code that can be exchanged for login session information at the end of a login flow.

7. Developer Environment Settings: The developer environment settings will help you get started with the AuthN service settings quickly in a non-production environment.

   • Use default redirect: The development redirect is a hosted page that stands in for your applications page. It shows authentication results after a login. When ready this should be updated to your application domain.
   • Use development OAuth credentials for social providers: The development OAuth credentials allow users to log in through shared OAuth applications. When ready this should be updated to use your own configured OAuth applications.

warning

Do not move to the production environment with the developer settings configured.

8. Identification: The process of identifying the entity requesting access, such as a username or email address.

9. Identity management: The process of managing the identity and authentication of users within an organization or system.

10. Multi-factor authentication (MFA): A security method that requires the user to provide two or more authentication factors to verify their identities, such as a password and a fingerprint scan.

11. Password: A secret code or phrase that a user creates to authenticate their identity.

12. Redirect URL: A redirect URL is a callback used to transfer control flow back to an application after performing some operations for the application.

13. Revocation: The practice of invalidating a token or session so it no longer grants access to applications or related data.

14. Session: A session represents a logged-in user. It is valid as long as the user is logged in. Sessions end when the user logs out or is logged out after the session lifetime is exceeded.

15. Session token / Refresh token: A user token is a short-lived token for an active logged-in user. A session token is a long-lived token for a logged-in user. Refreshing a session generates a new user token.

16. Single sign-on (SSO): A method that allows users to log in to multiple applications or systems with a single set of credentials.

17. State: A random, unpredictable parameter chosen by the application and used to maintain redirects across multiple page loads during a flow. This parameter must be at least 8 characters long, and when received in callbacks, should be verified against the original value chosen by the application.

18. Token: A token refers to a unique string which proves your identity. For example, there are user tokens, session tokens, and service tokens.

19. Two-factor authentication (2FA): A security method that requires the user to provide two authentication factors, typically a password and a one-time code sent to a device.

Was this article helpful?

Contact us