Authentication vs Authorization - jellyfish-tom/TIL GitHub Wiki

[SOURCES]

• https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

What are authentication and authorization?

In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

Comparing these processes to a real-world example, when you go through security in an airport, you show your ID to authenticate your identity. Then, when you arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to the plane.

Authentication vs. authorization

Here's a quick overview of the differences between authentication and authorization:

In short, access to a resource is protected by both authentication and authorization. If you can't prove your identity, you won't be allowed into a resource. And even if you can prove your identity, if you are not authorized for that resource, you will still be denied access.