DEV Community


Posted on

Authentication vs Authorization

As a developer, authorization and authentication are two terms that you might have come across. Although they are related, they mean different things, confusing if the basic idea is not well understood.

To define it, authentication answers the question, 'Who are you?' while authorization answers the question; 'What are you allowed to do?'.

Authentication can be defined as the process of verifying that the user is whom they say they are.

Some common examples of authentication are

  • password authentication
  • biometric authentication
  • multi-factor authentication

Authorization is the process of allowing users to perform specific actions based on the permission(s) they have. An example is a role-based authorization. Allowing different users to perform specific actions based on their roles; user or admin.

We can try to understand these concepts better with this scenario.

Before you board a plane, you have to show a means of identification along with your boarding pass to show that you are whom you say you are; this is authentication. The flight attendant verifies the details you give them, and then if it matches, you are allowed to board.
Once you have successfully boarded, you cannot tell the crew member you would like to fly the plane because you are not allowed to as a passenger. You do not have the permission and the authorization to do so. Only an authorized pilot can do so.

So this explains the difference between authentication and authorization.

Top comments (4)

guadalupe182 profile image
Guadalupe Rosas

excelente !, muchas gracias hacia falta este tipo de aclaración

beec00des profile image
Bolarinwa Ajayi

This is simple and straightforward. Nice write up.

beansnation profile image
David Adegborioye

Accurate. Nice one

segebee profile image
Segun Abisagbo

very clear and explanatory!