Authentication & Authorization - rohit120582sharma/Documentation GitHub Wiki

Both the terms are often used in conjunction with each other in terms of security, especially when it comes to gaining access to the system.

Authentication means confirming your own identity, while Authorization means granting access to the system. In simple terms, authentication is the process of verifying who you are, while authorization is the process of verifying what you have access to.


Authentication

Authentication is about validating your credentials like User Name/User ID and password to verify your identity. The system determines whether you are what you say you are using your credentials.

Authentication is usually done by a username and password, and sometimes in conjunction with factors of authentication, which refers to the various ways to be authenticated.

Authentication factors determine the various elements the system use to verify one’s identity prior to granting him access to anything from accessing a file to requesting a bank transaction.

Based on the security level, authentication factor can vary from one of the following:

  • Single-Factor Authentication - It’s the simplest authentication method which commonly relies on a simple password against a username to grant user access to a particular system such as a website or a network.
  • Two-Factor Authentication - As the name suggests, it’s a two-step verification process which not only requires a username and password, but also something only the user knows, to ensure an additional level of security, such as an ATM pin.

Authorization

Once your identity is verified by the system after successful authentication, you are then authorized to access the resources of the system.

It is the process to determine whether the authenticated user has access to the particular resources. It verifies your rights to grant you access to resources such as information, databases, files, etc. Authorization usually comes after authentication which confirms your privileges to perform. In simple terms, it’s like giving someone official permission to do something or anything.


APIs

  • User registration
  • User login
  • Password reset
  • Email verification

⚠️ **GitHub.com Fallback** ⚠️