12

I was recently asked the difference between frontend user authetication and backend user authentication ( during an interview ). I could not come up with an answer to his question. He asked me if the authentication you see on the web all the time is done at frontend or backend, I answered backend. Then he asked what is frontend authetication then, I could not answer. I googled to find out, but could not get exact difference between the two, what is done at frontend vs what is done at backend. How, where and why each of them are used?

Any help would be appreciated.

EDIT : I read something related here: Authentication Mechanisms for HTTP. It talks about something called dual authentication. Still, I am not able to understand the concept of frontend authentication.

Improve this question
4
  • 1
    Well, I don't think I can answer it any better. In my opinion, it is unanswerable without context. In other words, what are "frontend" and "backend"?
    – Dark Falcon
    Commented Aug 21, 2015 at 15:22
  • 1
    I always considered authentication to be a backend function, whereas frontend was more concerned with validation (which, of course, should also be carried out at the backend). If it is possible (e.g. using OAuth via Javascript), I would have reservations about the security without at least some backend involvement. However, I'm open to correction on this, as it's not my area of expertise.
    – Michael McMullin
    Commented Aug 21, 2015 at 15:25
  • 1
    @MichaelMcMullin Yes, you are right. There is always some involvement of backend server. The link I have given in the question says the same. But, the point is what is frontend authentication then? What does it involve?
    – SaCh
    Commented Aug 21, 2015 at 18:05
  • 1
    The question is interesting and I have stumbled on it by myself. I do not post an answer because I also need to know exactly the differece. I just can point to Passport.js and Vue's FB login modules as to examples to backend and frontend. It really has to do with where you handle most of the verbose chatting with the auth server, but I'd really appreciate a clarification on the matter.
    – Ariel M.
    Commented May 4, 2020 at 23:22

2 Answers 2

Reset to default
9

My understanding is that after a user is authenticated on the backend, a unique cookie is issued to the browser. This might be considered frontend authentication, as it allows users to continue using a site without having to log in to every single page. The website recognizes the user from the cookie data for each subsequent call, subject to whatever limitations are put in place.

A simple example would be a cookie that stores the username and password, but obviously that wouldn't be very secure. More sophisticated methods would involve encryption, SSL, various flags (secure, http-only, expiry-date), and so on.

Improve this answer
0

The question is subjective and can have too many interpretations based on context.There's a type of user to system authentication and system to system authentication. The closest analogy of front end authentication in this case will be user to system authentication irrespective of the underlying protocol and whether or not an explicit back end stack being used. Whenever two systems have to authenticate against each other without a user involved can be analogous to Backend Authentication. Again this is subjective and very contextual

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.