Join
5
2 Comments

Authentication vs. Authorization – What's the difference?

by Shrey

Authentication and authorization terms are often used interchangeably by many, but they are two completely different concepts. Both are crucial in ensuring the security of resources in any application or system. Businesses should efficiently configure both authentication and authorization in their application to ensure the utmost security.

Authentication

  1. Verifies the identity of a user or device
  2. Works based on passwords, OTPs, biometrics, security questions, etc.
  3. Takes place at the beginning of a session
  4. It is the first step in ensuring security, and it is essential for maintaining the integrity of an application
  5. Data generally moves through ID tokens
  6. Parts of authentication process is visible to users
  7. Users can change their authentication credentials
  8. Example: Consider the example of an Employee Portal in any organization. All employees of an organization can access this portal after providing their credentials

Authorization

  1. Grants or denies access to specific resources based on that verified identity
  2. Works based on assigned roles or permissions by admin or security user
  3. Takes place throughout the session as the user attempts to access different resources
  4. It is the second step, and it is essential for maintaining the confidentiality of an application
  5. Data generally moves through access tokens
  6. Entire authorization process takes place in the background
  7. Users can’t change their access level
  8. Example: For the same Employee Portal, the access levels of all employees are different depending on their roles, i.e., general employee, managers, account team, HR team, etc. For example, the HR team can see the personal information of all employees, the account team can access details of taxation of all employees, managers can see the basic information of their subordinates, and those subordinates can only access and view their own details.

Read the full blog in detail here: https://mojoauth.com/blog/authentication-vs-authorization/

Please comment down below what would you prefer for your organization Authentication or Authorization ???

Avatar for Shrey Shrey
posted to Icon for group Developers
Developers
 on January 25, 2023
Say something nice to sshreey…
Post Comment
  1. 1

    good write-up. this is why i don't like frameworks for entry-level devs. typically the framework will handle all those aspects behind the scenes using some sort of magical methods, thus not exposing the actual concepts except for those who dive deep.

    User Avatar firedance
    ·
    3 years ago
    ·
    Reply
  2. 1

    Great.
    In summary what I understand from this post is that Authentication is the process of verifying someone's identity, while authorization is the process of verifying someone's access to certain resources.

    User Avatar Kartikjhakal
    ·
    3 years ago
    ·
    Reply
Trending on Indie Hackers
How are you handling memory and context across AI tools? User Avatar 112 comments Do you actually own what you build? User Avatar 66 comments Code is Cheap, but Scaling AI MVPs is Hard. Let’s Fix Yours. User Avatar 34 comments I Think MCP Will Punish Thin API Wrappers User Avatar 27 comments What AI Is Actually Changing in IT Certification Prep User Avatar 19 comments Cloud vs Cybersecurity Certifications | 2026 Path Makes More Sense User Avatar 18 comments