If you've been around the identity space for any length of time you've probably heard the terms AuthN and AuthZ thrown around. If you're like me then you've probably felt silly for not knowing what these terms mean. In this post I'll briefly explain the two terms and what they mean.
AuthN
AuthN is a contraction of Authentication.
Authentication is verifying your user is who they say they are. More often than not this is logging in with a username and password (Hopefully with MFA) or OAuth using a provider like Google or Facebook.
Authentication as a concept is fairly general there are great solutions like Auth0 that can be dropped into your application to provide authentication.
AuthZ
AuthZ is a contraction of Authorization.
Authorization is verifying that your user is allowed to perform actions of view content based on who they are (validated in Authentication).
Authorization is more application specific than Authentication. Roles and permissions are often decided by the domain that you're operating in. Custom applications typically require custom Authorization but can work quite well with general purpose Authentication.
TLDR;
AuthZ and AuthN are just contractions of Authorization and Authentication. Authentication is general purpose and can be plugged into your application. Authorization is more complex and needs to take into account your application domain.
Top comments (0)