Skip to main content

Command Palette

Search for a command to run...

What's the difference between Authentication and Authorization?

Authentication - Let in. Authorization - Give Powers.

Published
2 min readView as Markdown
What's the difference between Authentication and Authorization?
D

My journey as a self-taught developer began with a burning curiosity. Growing up in Uganda, where resources were scarce, I couldn't afford a formal education. Instead, I relied on handwritten notes from friends and online tutorials. As time went on, I got good at building websites for local businesses, each project proving my self-taught skills. But my dream of joining a major tech company seemed unreachable. Rejections piled up, all due to my academic background and self-doubt crept in. Then, a turning point. A friend I had shared my knowledge with landed a job at a promising startup in Kampala. He believed in me and recommended me. For five years now, I've been working remotely for that very company. They saw the potential in passionate, self-taught talent. But my heart is saddened by the millions in Uganda and the world facing the same challenges. That's why I am sharing my knowledge on this platform and other social platforms. My expertise is in PHP, JavaScript, WordPress, Technical Writing and business leadership. If you want to learn from me or collaborate, consider to follow or send me a on X.com/davidofug

Introduction.

Both terms are common in Web Development but they can confuse some.

In this post let us look at each, understand the difference and get to know the sort of skills we need.

  1. 🗝️ Authentication is How to let users in the system. It's like using a key to get into the house. Commonly we ask for a username/email, password/code, and/or to complete a puzzle.

If correct details are provided we assume it's the rightful individual and they're let in. For small Apps and some use cases Authentication is just enough.

It is popularly used in Web Apps, Mobile Apps, and RESTful APIs.

  1. Authorization is an extra layer of security that is added on top of Authentication.

It's like giving someone more keys to allow them some but not all rooms in the houses.

Authorization is implemented as Acess Control Levels.

a). Roles in Authorization

These are defined and assigned to put a limit of access to some areas of the Application. Super Admin, Admin, Editor, Author, and Subscriber are some common Roles.

b). Permissions in Authorization.

Permissions describe the limits of a Role.

This helps reduce the complexity of Role management.

Newer/custom Roles can be created and assigned to individuals who need unique Permissions. To implement Authentication and Authorization, You need working knowledge of:

  1. Data Persistence
  2. Array/Lists
  3. Dictionary/Objects
  4. Encryption/Hashing
  5. Unit Testing and Integration Testing
  6. Third-party Authentication
  7. User Acceptance Tests
  8. Big O, if necessary

Conclusion. We've looked at the theory behind Authentication and Authorization. We've seen that Authorization comes after Authentication. When implementing Authorization we can either use Roles or Roles and Permissions. Authorization is used to bump up the security in the Apps you develop.

Have you found this helpful?

Help me create and share more content like this for Free.

  • Follow me on Twitter @davidofug
  • Share this Post
  • Subscribe to my NewsLetter newsletter.davidofug.com
  • Join me on Hashnode https://hashnode.com/@davidofug/joinme

More from this blog

David Wampamba

30 posts

David is a passionate teens and youths trainer, STEAM evangelist, employment advocate, entrepreneur and Acumen Fellow whose mission is empower young generations through tech, creation of jobs and enhancing education.