Authentication is the process of determining whether someone or something is, in fact, who or what they say they are. A big part of the security of a web application is therefore to verify the identity and credentials of a user accessing the system. This helps preventing unauthorized users from accessing sensitive data.
These credentials usually consist of a username and password. Different types of authentication such as 2-factor authentication, multiple factor authentication or certificate-based authentication offer different ways to authenticate oneself. They add another layer of complexity to the authentication process such as one-time passwords, PINs or tokens generated on a registered device.
There are different methods that can be used for the communication between server and client (browser) for the authentication process. Common ones include HTTP Basic and Digest, cookie-/session-based authentication, token-based authentication (JWT/Bearer token) or third-party tools such as OAuth and OpenID.