a concise shot of dev knowledge
Become a Contributor
Concise shots of dev knowledge

RELATED TAGS

authorization
authentication
security
communitycreator

Authentication versus Authorization

Osinachi Chukwujama

Authentication

Authentication means giving a user basic access to an application.

Whenever you log in to Facebook, you get authenticated by Facebook’s backend. Only then will you be able to view posts, create posts, etc.

Authorization

Authorization means elevating a user’s access to certain parts of a system. An example of authorization is a subscription upgrade in a service like Educative.io.

Without a subscription, a user will be limited to free courses. A subscription elevates their access to paid courses.

Levels of authorization

Different levels of authorization exist within systems.

In Discord, for example, a user can be granted access to delete messages in a single channel. Another user may have access to delete messages in all channels.

Is authorization a subset of authentication?

We can’t speak about authorization without talking about authentication. Authorization depends on authentication, but it isn’t strictly a subset of it.

Authorization is usually present in apps; even simple ones like blogs and to-do lists. Without authorization in place, user A can view user B’s data. This is an infringement of privacy and must be avoided.

RELATED TAGS

authorization
authentication
security
communitycreator
RELATED COURSES

View all Courses

Keep Exploring

Learn in-demand tech skills in half the time

Copyright ©2022 Educative, Inc. All rights reserved.

soc2