What is the difference between authentication and authorization?

What is the difference between authentication and authorization?

Authentication is about who somebody is.
Authorization is about what they’re allowed to do.

  • Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.
  • Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.

Example: Authentication is, I am an employee of the company. Here is my ID badge. Authorization is, as an employee of the company, which resources I am allowed access.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store