What's the difference between Authentication and Authorization?
Authentication - Let in. Authorization - Give Powers.
2 min read
Both terms are common in Web Development but they can confuse some.
In this post let us look at each, understand the difference and get to know the sort of skills we need.
- 🗝️ Authentication is How to let users in the system. It's like using a key to get into the house. Commonly we ask for a username/email, password/code, and/or to complete a puzzle.
If correct details are provided we assume it's the rightful individual and they're let in. For small Apps and some use cases Authentication is just enough.
It is popularly used in Web Apps, Mobile Apps, and RESTful APIs.
- Authorization is an extra layer of security that is added on top of Authentication.
It's like giving someone more keys to allow them some but not all rooms in the houses.
Authorization is implemented as Acess Control Levels.
a). Roles in Authorization
These are defined and assigned to put a limit of access to some areas of the Application. Super Admin, Admin, Editor, Author, and Subscriber are some common Roles.
b). Permissions in Authorization.
Permissions describe the limits of a Role.
This helps reduce the complexity of Role management.
Newer/custom Roles can be created and assigned to individuals who need unique Permissions. To implement Authentication and Authorization, You need working knowledge of:
- Data Persistence
- Unit Testing and Integration Testing
- Third-party Authentication
- User Acceptance Tests
- Big O, if necessary
Conclusion. We've looked at the theory behind Authentication and Authorization. We've seen that Authorization comes after Authentication. When implementing Authorization we can either use Roles or Roles and Permissions. Authorization is used to bump up the security in the Apps you develop.
Have you found this helpful?
Help me create and share more content like this for Free.
- Follow me on Twitter @davidofug
- Share this Post
- Subscribe to my NewsLetter newsletter.davidofug.com
- Join me on Hashnode hashnode.com/@davidofug/joinme