What is the difference between Authentication and Authorization?

Beginner

Answer

Authentication (AuthN) verifies "who you are" - confirming the identity of a user, system, or entity.
Authorization (AuthZ) determines "what you can do" - deciding what resources or actions an authenticated entity is permitted to access.

Key differences:

  • Authentication happens first and establishes identity
  • Authorization happens after authentication and grants permissions
  • Authentication is binary (you are or aren't who you claim to be)
  • Authorization is granular (different levels of access to different resources)

Real-world analogy: Think of entering a secure building:

  • Authentication: Showing your ID badge at the entrance to prove your identity
  • Authorization: The badge determines which floors, rooms, and systems you can access