You're on assignment part 1/2 for this lesson.
Here are a few of the most common authentication methods you'll see in the wild:
This is the most common type of authentication that requires a manual login from a user. When users use password managers, it's one of the more secure ways to authenticate users, unfortunately, many users don't, so it's not as secure as it could be.
That said, it's a valid choice.
3rd party authentication is a way to authenticate users using a service like Google or GitHub. 3rd party auth is great for user experience because it allows users to use their existing accounts to log in to your app, lowering friction.
It's also nice because you don't need to worry about storing passwords yourself, meaning you can outsource the security of your users' passwords to a company that, hopefully, does a good job.
The only real drawbacks to 3rd party auth is that you're trusting a 3rd party and if your users don't have an account with that 3rd party, they won't be able to log in.
Magic links are a way to authenticate users without a password. It relies on the assumption that the user's email is something that they have unique access to.
The webserver sends a link to the user's email and encodes a unique token in that link. When the user clicks the link, the webserver can decode the token and use it to authenticate the user. Eg:
https://example.com/login?token=...
API keys are a fantastic way to authenticate users and systems programmatically. An API Key is just a long, secure string that uniquely identifies a user or system, and that can't be guessed. Because they're intended to be used in code, they don't need to be memorized and, as such, can be much longer and double as an identifier. An API key might look something like this:
bd_JDS543J3n5NMKspDXNRlowiqw523lKHK32K43kl
Click to play video