Authentication and authorization are analogous to users and groups. In this chapter, you’ll learn about authentication by creating users; in a later chapter, you’ll learn about authorization by creating groups.
Note
At the time of this writing, broken authentication is number 2 on the OWASP Top Ten (https://owasp.org/www-project-top-ten/). What is the OWASP Top Ten? It’s a reference designed to raise awareness about the most critical security challenges faced by web applications. The Open Web Application Security Project (OWASP) is a nonprofit organization working to improve software security. OWASP promotes the adoption of security standards and best practices through open source projects, conferences, and hundreds of local chapters worldwide.
You’ll begin this chapter by adding a new user-registration workflow to the Django project you created previously. Bob uses this workflow to create and activate an account for himself. Next, you’ll create an authentication workflow. Bob uses this workflow to log in, access his profile information, and log out. HTTP session management, from the previous chapter, makes an appearance. Finally, you’ll write tests to verify this functionality.