Authentication vs. Authorization Cheat Sheet

  • Authentication
    • prove that you are you, or, prove that you are who you claim to be
    • it’s about identity
  • Authorization
    • prove that you have permission to do something, or, check whether you have access to something
    • it’s about access

In real life those two things are usually separated. When you have your driver’s license or fingerprint you can prove who you are, but your job title will determine what you can do.

The same happens for software design. A user may act as an employee, then later promoted to a manager and acquire additional access. In this case the identity of the user remains the same, but its access may change.