Authentication vs Authorization
I have long struggled with the difference between authentication and authorization. They both revolve around user permissions and signing in and out. But I recently found out the difference and made a small mnemonic for keeping them straight:
- Authentication is about proving you are who you say you are i.e., you are authentic.
- Authorization is about permissions. We know who you are and no you’re not authorized to go backstage. Sir… Sir!