cover image: Photo by Erik Mclean on Unsplash
We will talk about the basics of authentication and authorization in this blog. I hope to write a blog series on IAM (Identity and Access Management). Understanding authentication and authorization is essential for IAM. So, this is the first article of my IAM blog series.
1. What is Authentication?
Authentication is the process of verifying the identity of someone or something. Simply authentication means proving identity.
Let's consider traveling from Sri Lanka to Germany by airplane. We use passports to prove our identity at the airport before leaving Sri Lanka and after arriving in Germany. This process of proving the identity using a passport is an example of authentication.
2. Authorization
Authorization is the process of verifying permission of someone or something to take some action. Simply that means checking whether someone can access a resource or not.
Let's go to our airplane traveling example again. Even though we have a passport, we cannot leave or enter a country. We should have legal permission to leave or enter the country. As an example, some countries have banned the passports of certain nations. So, those passport holders cannot enter the country. Our permission for leaving or entering a country is checked at the airport. This process of verifying having legal permissions is an example of authorization.
3. Authentication vs Authorization
Many people have a confusion about authentication and authorization. Even though authentication and authorization are related to each other in many use cases, they are different terms with different meanings.
Authentication | Authorization |
---|---|
Verifying the identity of the user | Checking whether the user has permission to access a resource |
Password, PIN, biometrics, and authentication apps are a few ways for authentication | Access policy and security settings are a few ways for authorization |
Usually done before authorization | Usually done after authentication |
OpenID Connect can be used for authentication | OAuth 2.0 can be used for authorization |
Usually, transmit information through ID tokens | Usually, transmit information through Access token |
Summary
We talked about the basics of authentication and authorization in this blog. These basics will help to understand the next blogs of this IAM blog series.
Top comments (0)