In today's world of technology, it is highly unlikely that you have not heard the term "authentication" and "authorization." Either of the two is required to set up a new account or logging into an existing one. However, many people tend to mix the two and confuse them with one another.
Let's start by telling what authentication is. Authentication is the process of confirming the users' identification and validating that they are who they say they are. User password on a social network or any other thing is one of the most common examples of authentication. If the user's entered password and the password in the database is the same, then it is confirmed that the user is legit.There are several other ways to authenticate the user which are more preferred and reliable than passwords. Passwords can be hacked easily, and hence they are not the most secure method, but the security questions, one-time passcodes (OTP) via SMS or email, single sign-on (SSO), multi-factor authentication and biometrics are much more reliable than the others.
A few of the popular authentication techniques include:
· Password-based authentication
· Password-less (OTP) authentication
· Single sign-on (SSO)
· Social authentication
Authorization, on the other hand, is the process that happens after the user is authenticated. It is the process of checking which parts of a website or social media the user can have access to. One of the common examples can be given in terms of an organization's website. As a customer on an E-commerce website, the user can log in and can do what a customer does on an online shopping platform like surf for products and buy them. However, if that organization's employee has logged in, it is very much likely that the employee's dashboard is different than the customers, which include editing the pages and other accessible stuff.
Another example of authorization is your social media profile. Only you have access to edit and see the insights of your profile because you are authorized to do that. You cannot do that with someone else's profile.
Some popular authorization techniques include:
· Role-based access control
· JSON web tokens
· SAML where SSO is confirmed via digitally signed XML documents
· OpenID authorization
Have a look at the following infographic for more details on the concepts, differences, similarities, and techniques between the two.
Infographic by: loginradius.com