Very often we bring up the topic of user authorization and authentication. Especially when we create projects based on the functionality hidden behind the login form. I noticed, however, that a lot of people have a problem with distinguishing between these two concepts.
This is the process in which we verify the identity of a particular user. In other words, we know who is logged in. For this process we usually use login and password. So the login forms that you create allow you to perform authentication.
With authentication, you may encounter what is called 2FA (Two Factor Authentication). There is also multifactor authentication, which simply has more factors needed to perform the authentication process.
For example, authentication factors could be sms codes, apps like Google Authenticator, or even a token (those were the days).
You can let us know in the comments if you ever used a token. I remember my first bank account where you had to enter numbers from a token.
If we have already performed authentication and we know WHO the user is, we can think about what we can allow him to do. Authorization is nothing more than checking the permissions for a particular user to perform a particular action.