It’s Sunday fun day, let’s take a casual look at authentication vs authorization. More importantly, what's the difference? Since it’s Sunday and is football season, I’m going to give you a loose analogy. I think that we need to nail down our idea of both authentication and authorization. So let’s break this down: Authentication verifies who the user is while Authorization determines what resources a user can access. I’m a Las Vegas Raiders fan. Let’s say I’m going to a Raiders home game. I’m at the Allegiant Stadium gate, I show them my ticket. I walk in at that point I become authenticated. The next step is I want to go and see where my seat is located. When I sit down in my seat then I become authorized for this seat. I realize that I have some time before the game so I want to walk around. I’m authorized to get concessions, souvenirs, stores, other permitted areas, and even the restrooms. I’m only permitted to the men’s restroom or family bathroom. I’m not authorized to go to the women’s restroom. There are a lot of places that I’m not authorized or permitted to go to. Unfortunately, I don’t have access to the owner’s box. I can’t tell Mark Davis my thoughts about the team and what he should do next. I think though I’ve played enough Madden that I think I would be an amazing general manager or at least an offensive coordinator. There are a lot of places that I can’t go to, locker rooms, sidelines, and various locations. When you think about authentication this verifies who the user is. Think this is my login. I have access to this website. Authorization determines what resources a user can access. I hope everybody's prospective team wins, except the The Chief they are paying the Raiders. It’s Raider Nation For Life over here.
Until the next time #KeepBringingThatFullStackEnergy
Top comments (0)