Protecting your Sanic app with authentication
When many people think about a web application, what comes to mind is some type of platform on the web where they log in to do… something. The activity is not what we care about here. When you are done reading this book, you are going to go off and build some amazing applications. What we care about are the journey and the process. The part of the process that we care about right now is logging in.
To be more specific and correct, what we are about to look at is authentication, not authorization. While these two ideas are very closely related, they are not the same and are not interchangeable. Authorization usually presumes that authentication has already happened.
So, what's the difference?
- Authentication: This answers the question: who are you?
- Authorization: This answers the question: what are you allowed to do?
To confuse matters even more, when authentication fails, a
401 Unauthorized response occurs...