Skip to main content
HashnodeFaheem's Blog

Command Palette

Search for a command to run...

Authentication vs Authorization Explained!

Published
3 min read
Authentication vs Authorization Explained!
F
Faheem Khan

Fullstack Web Developer . Interested in Machine Learnig.

I have gone through 6 interviews till now, out of which I was asked about Authentication and Authorization in 4 of them. So, It is very important for you to have a clear understanding of this topic.

Now It's time to begin.

1. Authentication

Authentication is a process to check & identify a user against what he claims to be. For example, suppose you have a website and You have divided all Users into two categories.

  1. Admin User
  2. Customer

If a user visits your web, tries to log in as an admin then your web app checks if the user is an Admin. If Yes, then the user gets authenticated successfully otherwise it fails.

Similarly, If a user tries to log in as a customer then your web app checks if the user is a customer. If Yes, the user is authenticated as a customer else authentication fails.

Recall, what I said, it’s a process to check and identify a user against what he claims to be.

2. Authorization

Once a user is authenticated, authorization comes into play.

Authorization tells what part of the app can be accessed by a user, also up to what extent he can access it. Let's take an example to understand it better.

A customer can view and edit his details but can not view or modify the details of anyone else but an admin can view details of all the customers.

Note that even admin can not see passwords of users. Why? because he is not authorized to. That is why I told you earlier to consider up to what extent one can have access.

Another point

A customer can view his details including his cart of purchased items but he can’t modify the total cart amount. ( Imagine if we were allowed to modify our cart amount, then I would have purchased all products of Amazon for free).

Similarly, an admin can view users but not necessarily be allowed to modify their details.

Such restrictions are imposed by the programmer who developed the app.

So the conclusion is, Authorization allows us to restrict users from performing any action that isn't supposed to be done by him.

Summary

  • Authentication is done first then only Authorization comes into play.

  • Authentication is about identifying the user, Authorization is about imposing the restrictions on users.

  • Authorization tells which user can do what and what he/she will not be allowed to do.

If you got any questions or doubts, feel free to ping me on Twitter.

twitter.com/faheem_khan_dev

I hope it was a great read for you. If you have any feedback please share it in the comment below. Also, if you find it helpful, please like and hit the follow button on the right top corner.

#interview#authentication#authorization#auth#7daystreak
586 views

Comments (3)

Join the discussion
B
Bittu Kumar4y ago

amazing example faheem, this is can be understood more better with this below example. To comparison with real life example, one of the good example is when some person goes to hotel with pre-registration. in reception, they match his details in their system, if matches then that person is authenticated for the entry in hotel.

now that person get card/key to open the room. now in whole hotel, he is authorised to go some specific room or specific area.

K
Kolawole Ogunfowokan4y ago

This is a super article

1
F
Faheem Khan4y ago

Thank you, Kolawole.

1
M
Mahima gupta4y ago

Easy to understand⚡Great work, as always.....

F
Faheem Khan4y ago

Thank you for your support, Mahima.

1

More from this blog

Faheem's Blog

17 posts

I'm a Full Stack developer, loves to code in JavaScript , React and Node. I also create content on Web development related stuff.