Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

authorization
authentication
security
communitycreator

Authentication versus Authorization

Osinachi Chukwujama

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code

Authentication

Authentication means giving a user basic access to an application.

Whenever you log in to Facebook, you get authenticated by Facebook’s backend. Only then will you be able to view posts, create posts, etc.

Authorization

Authorization means elevating a user’s access to certain parts of a system. An example of authorization is a subscription upgrade in a service like Educative.io.

Without a subscription, a user will be limited to free courses. A subscription elevates their access to paid courses.

Levels of authorization

Different levels of authorization exist within systems.

In Discord, for example, a user can be granted access to delete messages in a single channel. Another user may have access to delete messages in all channels.

Is authorization a subset of authentication?

We can’t speak about authorization without talking about authentication. Authorization depends on authentication, but it isn’t strictly a subset of it.

Authorization is usually present in apps; even simple ones like blogs and to-do lists. Without authorization in place, user A can view user B’s data. This is an infringement of privacy and must be avoided.

RELATED TAGS

authorization
authentication
security
communitycreator

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code
Keep Exploring