# Authentication and authorization recap and gems

Congratulations! You now know how to build a basic authentication and authorization system.

We would like to recap the Authentication and Authorization section by restating the definitions for the fundamental concepts and provide a list of gems commonly used to implement Authentication and Authorization.

## Core Definitions

* Identification: Obtaining an identity claim from the user. (e.g., my email is, my name is)
* Authentication: The process of verifying the identity claim of a user.
* Access Policy: A policy for what the user can and cannot see or do based on the identity and attributes of the resource being accessed and of the user requesting access.
* Authorization: Access privileges granted to a user or the act of granting those privileges.

## Commonly Used Authentication and Authorization Gems

### Authentication

* [Devise](https://github.com/plataformatec/devise)
* [OmniAuth](https://github.com/omniauth/omniauth)
* [Authlogic](https://github.com/binarylogic/authlogic)

### Authorization

* [CanCanCan](https://github.com/CanCanCommunity/cancancan)
* [Pundit](https://github.com/varvet/pundit)

You can browse the [Ruby Toolbox](https://www.ruby-toolbox.com/) for more Authentication and Authorization gem options.

## Resources

* Supplemental material: [Building your own Authorization with Metaprogramming](https://github.com/learn-co-curriculum/rails-video-review-building-authorization-and-metaprogramming)