Authentication vs. Authorization

What is Authentication? 👀

Authentication is the process of verifying the identity of a user, system, or entity.

It answers the question, “Who are you?” by confirming that the claimed identity is legitimate.

Authentication methods include username and password, biometric scans (like fingerprint or facial recognition), smart cards, and more.

The primary goal of authentication is to ensure that users or entities accessing a system are who they claim to be.

Successful authentication grants access to the system, but it doesn’t necessarily determine what actions or resources the authenticated entity is allowed to access.

Authentication methods typically fall into three categories known as the “three factors of authentication”: something you have, something you know, and something you are.

Something You Have: This factor involves something physical or tangible that the legitimate user possesses.

Something You Know: This factor relies on knowledge or information that only the legitimate user should know.

Something You Are: This factor is based on unique physical or biometric characteristics that are inherently tied to the legitimate user.

What is Authorization:? 👀

Authorization, on the other hand, is the process of determining what actions, resources, or data an authenticated user or entity is allowed to access or perform within a system.

It answers the question, “What are you allowed to do?”

Authorization is typically based on roles, permissions, or access control policies that specify what actions or resources are permissible for different users or groups.

It defines the boundaries of access rights and privileges, ensuring that users can only perform actions or access resources that they have been explicitly granted permission.

PreviousAuthentication Flows NextOAuth 2.0

Last updated 1 year ago

Was this helpful?