Yes, you are right Authentication and Authorization can sometimes be confusing. That's why I'm writing this series to explain What, and various part of Authentication.
If we want to understand Authentication and Authorization in simple terms, Authentication is validating/identifying that is the user is correct or not and Authorization is giving users rights/privileges to use resources.
For example, You go to the cinema hall to watch a movie, while entering guard check your ticket and authenticate that you pay for the ticket or not. Ok, now while roaming around you see VIP lounge but you are not authorized to go there. But if you are a good friend of the owner and he Authorize you to go to the VIP room then that is authorization.
In real life it is not always to map this for various reasons.
But let's say you have an identity card and you give to a clerk in the town hall. Only card(token) validation happens. It is actually much more complicated because you are in context of federation. But I don't want to confuse you. In any case, authentication happened once when the card was issued. I'm referring to countries where the card is electronic.
Yes, you explained it very well. Only the initial step is authentication after that everything is authorization till the ID gets expires. Session-ID stored in Cookie or JWT Token is just an authorization ID provided by the server which allows us to perform various functions on server resources. But on the initial steps, I have categorized stateful, stateless and everything else.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes, you are right Authentication and Authorization can sometimes be confusing. That's why I'm writing this series to explain What, and various part of Authentication.
If we want to understand Authentication and Authorization in simple terms, Authentication is validating/identifying that is the user is correct or not and Authorization is giving users rights/privileges to use resources.
For example, You go to the cinema hall to watch a movie, while entering guard check your ticket and authenticate that you pay for the ticket or not. Ok, now while roaming around you see VIP lounge but you are not authorized to go there. But if you are a good friend of the owner and he Authorize you to go to the VIP room then that is authorization.
That's why I tried to expand.
In real life it is not always to map this for various reasons.
But let's say you have an identity card and you give to a clerk in the town hall. Only card(token) validation happens. It is actually much more complicated because you are in context of federation. But I don't want to confuse you. In any case, authentication happened once when the card was issued. I'm referring to countries where the card is electronic.
Yes, you explained it very well. Only the initial step is authentication after that everything is authorization till the ID gets expires. Session-ID stored in Cookie or JWT Token is just an authorization ID provided by the server which allows us to perform various functions on server resources. But on the initial steps, I have categorized stateful, stateless and everything else.