Authentication (AuthN) verifies "who you are" - confirming the identity of a user, system, or entity.
Authorization (AuthZ) determines "what you can do" - deciding what resources or actions an authenticated entity is permitted to access.
Key differences:
- Authentication happens first and establishes identity
- Authorization happens after authentication and grants permissions
- Authentication is binary (you are or aren't who you claim to be)
- Authorization is granular (different levels of access to different resources)
Real-world analogy: Think of entering a secure building:
- Authentication: Showing your ID badge at the entrance to prove your identity
- Authorization: The badge determines which floors, rooms, and systems you can access
