Join
5
2 Comments

Authentication vs. Authorization – What's the difference?

by Shrey

Authentication and authorization terms are often used interchangeably by many, but they are two completely different concepts. Both are crucial in ensuring the security of resources in any application or system. Businesses should efficiently configure both authentication and authorization in their application to ensure the utmost security.

Authentication

  1. Verifies the identity of a user or device
  2. Works based on passwords, OTPs, biometrics, security questions, etc.
  3. Takes place at the beginning of a session
  4. It is the first step in ensuring security, and it is essential for maintaining the integrity of an application
  5. Data generally moves through ID tokens
  6. Parts of authentication process is visible to users
  7. Users can change their authentication credentials
  8. Example: Consider the example of an Employee Portal in any organization. All employees of an organization can access this portal after providing their credentials

Authorization

  1. Grants or denies access to specific resources based on that verified identity
  2. Works based on assigned roles or permissions by admin or security user
  3. Takes place throughout the session as the user attempts to access different resources
  4. It is the second step, and it is essential for maintaining the confidentiality of an application
  5. Data generally moves through access tokens
  6. Entire authorization process takes place in the background
  7. Users can’t change their access level
  8. Example: For the same Employee Portal, the access levels of all employees are different depending on their roles, i.e., general employee, managers, account team, HR team, etc. For example, the HR team can see the personal information of all employees, the account team can access details of taxation of all employees, managers can see the basic information of their subordinates, and those subordinates can only access and view their own details.

Read the full blog in detail here: https://mojoauth.com/blog/authentication-vs-authorization/

Please comment down below what would you prefer for your organization Authentication or Authorization ???

Avatar for Shrey Shrey
posted to Icon for group Developers
Developers
 on January 25, 2023
Say something nice to sshreey…
Post Comment
  1. 1

    good write-up. this is why i don't like frameworks for entry-level devs. typically the framework will handle all those aspects behind the scenes using some sort of magical methods, thus not exposing the actual concepts except for those who dive deep.

    User Avatar firedance
    ·
    3 years ago
    ·
    Reply
  2. 1

    Great.
    In summary what I understand from this post is that Authentication is the process of verifying someone's identity, while authorization is the process of verifying someone's access to certain resources.

    User Avatar Kartikjhakal
    ·
    3 years ago
    ·
    Reply
Trending on Indie Hackers
Your SaaS Isn’t Failing — Your Copy Is. User Avatar 61 comments Solo SaaS Founders Don’t Need More Hours....They Need This User Avatar 45 comments Planning to raise User Avatar 18 comments The Future of Automation: Why Agents + Frontend Matter More Than Workflow Automation User Avatar 13 comments AI Turned My $0 Idea into $10K/Month in 45 Days – No Code, Just This One Trick User Avatar 13 comments From side script → early users → real feedback (update on my SaaS journey) User Avatar 11 comments