How is authentication different from authorization?
What do these terms mean and when to use which one?

    1 answer 1

    Authentication (authentication) verifies the authenticity (authenticity) of the user's identification data - login, password, or other equivalent data.
    When user Vasya sends a request to the server, the authentication mechanism checks that it is Vasya. Authentication may consist in requesting and verifying a password, verifying a session identifier, IP address, or other information that allows you to determine that the user is who he is.

    Authorization (authorization) - check user credentials. The user can perform only those actions for which he is authorized.
    For example, user Vasya can only read database records, and user Masha can also add new records.

    Usually authorization is performed for an authenticated user. During authentication, the user ID is found and confirmed, by which its list of privileges is determined.