Introduction to Authentication and Authorization

cover image: Photo by Erik Mclean on Unsplash

We will talk about the basics of authentication and authorization in this blog. I hope to write a blog series on IAM (Identity and Access Management). Understanding authentication and authorization is essential for IAM. So, this is the first article of my IAM blog series.

1. What is Authentication?

Authentication is the process of verifying the identity of someone or something. Simply authentication means proving identity.

Let's consider traveling from Sri Lanka to Germany by airplane. We use passports to prove our identity at the airport before leaving Sri Lanka and after arriving in Germany. This process of proving the identity using a passport is an example of authentication.

2. Authorization

Authorization is the process of verifying permission of someone or something to take some action. Simply that means checking whether someone can access a resource or not.

Let's go to our airplane traveling example again. Even though we have a passport, we cannot leave or enter a country. We should have legal permission to leave or enter the country. As an example, some countries have banned the passports of certain nations. So, those passport holders cannot enter the country. Our permission for leaving or entering a country is checked at the airport. This process of verifying having legal permissions is an example of authorization.

3. Authentication vs Authorization

Many people have a confusion about authentication and authorization. Even though authentication and authorization are related to each other in many use cases, they are different terms with different meanings.

Summary

We talked about the basics of authentication and authorization in this blog. These basics will help to understand the next blogs of this IAM blog series.

Reference

1. https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization
2. https://www.okta.com/identity-101/authentication-vs-authorization