Authentication Vs Authorization

Authentication Vs Authorization

Introduction

Authentication and Authorization are the two words used in the security world. They might sound similar but are completely different from each other. Authentication is used to authenticate someone's identity, whereas authorization is a way to provide permission to someone to access a particular resource.

Lets understand this with a real life example , A person has rang your doorbell it is your choice whether you want him to enter or not, if u allow him to enter you "Authenticate" him to your house. The same person tries to enter some private space in your home ,where he is not supposed to enter ,so he is not "Authorized" to enter that part of your house.

In this blog, lets discuss what authentication and authorization are and how they are differentiated from each other.

Authentication:

Authentication is the process of identifying someone's identity by assuring that the person is the same as what he is claiming for. It is used by server and client. The server uses authentication when someone wants to access the information, and the server needs to know who is accessing the information. The client uses it when he wants to know that it is the same server that it claims to be. The authentication by the server is done mostly by using the username and password. Other ways of authentication by the server can also be done using voice recognition, fingerprints, e.t.c. It is of many types: Single Factor , Two Factor , Multiple Factor

Authorization:

Authorization is the process of granting someone permission to do something. It is a way to check if the user has permission to access a resource or not. It defines that what data and information one user can access. The authorization usually works with authentication so that the system could know who is accessing the information.

Ways to authorize :

Json WebToken , Role based ,e.t.c

Conclusion

So we can say Authentication helps in verifying the user's identity, and Authorization verifies the user's access and permissions. Authentication Allows the user to enter a system and Authorization grants the user permission to do certain functions. I hope the concepts gets clear after your patient reading.

Thank You!! Happy Learning !!