Hi everyone, when building an application, you will inevitably come across two key security terms: Authentication and Authorization. Although they may sound similar, they serve different roles in ensuring the security of our applications. It is crucial for developers to have a clear understanding of these terms. I often notice that many developers are confused about the distinction between the two. In this explanation, I will strive to make it easy to comprehend. So, without further ado, let's get started.
Authentication: Essentially, Authentication is all about proving your identity to the application. It could be done with the help of a username and password. It can also be done with the help of advanced methods like biometrics. Whenever you provide your username and password to log in to a website, it signifies successful authentication and confirms your identity to the system.
Authorization: Once you have logged in to a website, Now system knows who are you (thanks to authentication). However, it needs to know what you can do within it. This is where authorization comes into play. Authorization is all about permission. It helps the user determine what resources they can access and what action they can take. for example, there are many software where there are different roles such as user and admin. such as the WhatsApp group.
In the simplest terms, authentication is about proving your identity, while authorization is about determining what actions you can perform in the system.
That's it for now. I hope you have a clear understanding of authentication and authorization. If you enjoyed this article, consider subscribing to my newsletter. Every Friday, I will publish new articles where I share what I've learned or revisit important concepts.
Thank you for investing your time in reading this blog, and I wish you nothing but success and happiness in your coding journey! Happy coding! ๐๐.