Authentication vs Authorization
-
Authentication
- Checking if a user exists
- This is the first step in any security process.
-
Authorization
- Comes into play when authorizing a user for private/protected routes.
- This term is often used interchangeably with access control or client privilege.
Authorization comes after authentication in my understanding.
Authentication confirms that users are who they say they are. Authorization gives those users permission to access a resource. -source