Authentication vs Authorization (Explained in the Simplest Way Possible)

Njoki — Sat, 22 Nov 2025 15:35:02 +0000

Understanding authentication and authorization is essential for any backend, frontend, or full-stack developer. These two security concepts sound similar, but they solve completely different problems.

Let’s break them down in a simple, beginner-friendly way.

Authentication: Who Are You?
Authentication answers: Are you really the person you claim to be? If authentication succeeds the system already knows who you are.

It usually involve:

Providing a username/email
Providing a password

Authorization: What Can You Do?

Once the system knows who you are, it must decide:
“What are you allowed to do?”
Authorization controls:

Which endpoints you can access.
What actions you can perform.
Which resources you are allowed to modify.

Example:
A normal user can view their profile, but an admin can view all users.

*Examples of Authentication Methods
*

Bearer Token Authentication

A Bearer Token is a random string given to a user after they successfully log in.You store the token (usually in localStorage) and send it on future requests.

How it works:

You enter your email + password
Server verifies your credentials against the database
If correct, server generates a random token
The token is stored in the server database
On every future request, you send: Authorization: Bearer
Server looks up token in DB and checks: is it valid? is it expired? which user does it belong to? Key point: Server must check the token in its databse every time.

JWT Authentication

A JWT(Jason Web Token) is not random.It contains encoded information such as: userId, email ,Expiration time.
JWTs can be decoded and verified without checking a database.

How it JWT works:

User enters credentials
Server validates them
Server generates a JWT containing user data
Client sends the JWT on every request: Authorization : Bearer 5.Server verifies: JWT signature Expiration time Key point:JWT verification does not require a database lookup. Everything needed to validate the user is inside the token.

Session & Cookie Authentication

It is the most traditional web authentication method.

How Session/Cookie Auth Works

User logs in
Server verifies credentials
Server creates a session in the database
Server sends back a secure cookie
The browser stores the cookie
Every future request automatically includes that cookie
Server checks the session ID to identify the user

Key point: The browser handles cookies automatically perfect for SPAs and websites.

OAuth2 / Social Login (Google, GitHub, Twitter, etc.)

OAuth2 lets users log in using third-party accounts without sharing their password with your app.

How OAUTH2 works

User clicks “Log in with Google”
Your app redirects the user to Google
Google asks the user for permission
User approves
Google sends your app an authorization code
Your backend exchanges the code for an access token
Your server retrieves the user’s profile from Google
User is logged in no password shared

Key point:OAuth2 provides secure authentication without revealing user credentials.

My Journey into Web Development: React, JavaScript, Next.js, CSS, and HTML

Njoki — Tue, 25 Mar 2025 18:01:01 +0000

When I started my journey into web development, I had no idea where to begin. The sheer number of tools and technologies was overwhelming, but I was determined to turn my passion for technology into something meaningful. Through persistence and curiosity, I’ve come to appreciate the power of foundational web technologies like HTML, CSS, and JavaScript, and the versatility of frameworks like React and Next.js.

HTML: The Foundation of the Web

HTML was my first step into web development. Learning its tags and structure felt like building the skeleton of a web page. At first, it wasn’t as simple as it’s often made out to be. While many consider HTML one of the easiest programming or markup languages to learn, it took me nearly 3-4 months to truly grasp it—surprising, I know. But with time, consistency, and practice, it all began to make sense. Looking back, I’m proud that I stayed persistent and didn’t give up.

CSS: Styling the Web

Learning CSS was a challenging journey for me. There were moments of frustration—times when I cried because I couldn’t get my divs to look the way I wanted. However, with consistency and support from my friends, it became easier to add style and structure to my HTML tags. While I’m still not a CSS expert, I’m in a much better place now than when I started. CSS taught me an invaluable lesson: to be patient with myself.
CSS brought my projects to life. I learned how to use Flexbox and Grid to structure layouts, experimented with gradients to add depth, and eventually discovered the power of frameworks like Tailwind CSS. I realized that styling wasn’t just about colors and fonts—it was about creating an experience for users.

**_

JavaScript: Building the Foundation

_**
JavaScript was my entry point into the world of programming, and it felt like unlocking a new language that could make websites dynamic and interactive. Concepts like variables, functions, and event handling laid the foundation for everything else I would learn.
Grasping JavaScript concepts wasn’t easy. It challenged me and taught me the art of patience. Initially, I was overwhelmed because I wanted to understand everything all at once. Over time, I realized that it’s impossible to master everything at once—learning is a continuous journey in coding.
Reading You Don’t Know JS Yet by Kyle Simpson has been an invaluable resource in deepening my understanding of JavaScript. The book has helped me connect the dots and approach JavaScript with more confidence and clarity.

Fun Fact: JavaScript was originally developed by Brendan Eich in just 10 days back in 1995. It was initially named “Mocha,” then “LiveScript,” before finally becoming the JavaScript we know today.

**_

React: The Game Changer

_**
React was a turning point in my learning journey. At first, the concept of components, props, and state felt like climbing a mountain, but once I grasped it, everything clicked. I loved how React made it easier to build reusable and interactive UI elements. Each React app I built was a step toward mastering modern frontend development, and it only fueled my desire to learn more.

_**

Next.js: Taking Things Further

**_
As I’m diving deeper into React, I’ve started exploring Next.js. It’s adding a whole new dimension to my skill set with features like server-side rendering, API routes, and improved SEO. The ability to handle both frontend and backend logic within one framework is empowering. It feels like I’m stepping into the world of full-stack development, one component at a time, and I’m excited to see how much further I can go.

_**

Challenges and Triumphs

**_
The journey hasn’t been without challenges. Debugging issues, fixing API errors, and managing state were all part of the process. I learned the importance of persistence, using tools like console logs and detailed error messages to track down problems. Every bug I fixed became a lesson, and every project I completed was a milestone.

**_

Where I Am Now

_**
Today, I’m building projects that combine everything I’ve learned. From creating responsive layouts with CSS to developing dynamic and functional apps using Next.js, I’m proud of how far I’ve come. My next goal is to dive deeper into backend technologies like Node.js and PostgreSQL, and eventually, become a full-stack developer.

**_

Lessons Learned

_**

Start Small: Break down concepts into manageable pieces and build from there.

Embrace Errors: Debugging is frustrating but invaluable for learning.

Stay Curious: The tech world evolves rapidly—keep exploring and experimenting.

Be patient with yourself

DEV Community: Njoki