Authentication is the process of determining whether a user is who they claim to be. For example, for whatever username they supply, they have another determining factor that proves that they are who they say there are. Most often, this is done by supplying a secret that only the user would know, such as a password.
In most applications, this username and password combination will return or create a token that will be stored somewhere with the user, so all future interactions within the application won't need to be re-authenticated with the same username and password. This token is usually stored in a cookie.
In both cases, we would usually take the password, token, or any other form of access key from the request to our application by parsing headers or cookies, depending on the type of authentication, and compare it with some data which is stored in our database. For those of you familiar with authentication, you may recognize the authentication protocols that have been described...