Have you heard people toss around the terms Authentication and Authorization? If so, you might have thought to yourself, “wait what’s the difference?” Don’t worry, you’re not alone, a lot of people who are confused about the topic.
In this article, I’ll break it down and do my best to keep things simple and relatable.
What is Authentication?
Think of authentication like going through airport security. When you arrive at the airport, the TSA checks your ID and boarding pass. This ensures you are who you claim to be and that you have a valid ticket. This ensures that only legitimate passengers get through to the gates.
This is a great way to think about authentication. Authentication is the process of verifying a user is who they claim to be. This could involve using an email and password or using a 3rd party auth service like Google, GitHub, etc. Like TSA, authentication is a 1st line of defense, ensuring only authorized users can access our app or system.
For a quick video on authentication check out this short I made: Secure Your App: Authentication as Middleware.
What is Authorization?
Authorization is the process of determining what an authenticated user can do once they are in the app or system. This could be which routes, pages, or services one has access to.
Let’s go back to the TSA example to break it down. Once you are verified you now have access to a part of the airport that other visitors may not have access to. However, even though you may have access to the gate area, you’re not authorized to hang out in the pilots lounge or enter the flight controller’s office.
For a quick video on the differences of Authentication and authorization check out this short I made: Demystifying User Authentication and Authorization .
Wrapping Up
In short, authentication and authorization work hand in hand to keep your information secure and ensure proper access. Understanding these concepts is key for dealing with app security.
If you like this article, want to discuss code & tech or just want to say hi, feel free to connect with me on one of my social media channels.