Authentication and Authorization are 2 confusing terms in the world of tech. It is not difficult to use them interchangeably when you do not understand their meanings. This is a very common problem.
In this tutorial, I will be teaching you the difference between these terms using a real life scenario. Let's get to it.
Imagine that you are visiting a house and you knock or ring the door bell.
Someone comes and open the door, seeing that you are someone they know, they let you in (i.e. authentication)
But While in the house, you can only seat on the floor and no where else (i.e. authorization)
You can login to an App (i.e. authentication) but you can access only the features of a “user” because you are not “authorized” to use other features.
Authentication tells that you are an approved user of an app while Authorization tells if you can use a particular feature.
I have shown how Authentication can be achieved using nodejs and mongoDB in my series entitled: "Authentication with Nodejs and mongoDB". Check them out below:
We have so far seen that even though these terms are related, they are indeed different. I hope it makes sense now. I will be making a code example of authorization in the future hopefully.
Meanwhile, see you around.