Scroll to top

Authentication vs Authorization

octocode - May 6, 2021 - 0 comments

Very often we bring up the topic of user authorization and authentication. Especially when we  create projects based on the functionality hidden behind the login form. I noticed, however, that a  lot of people have a problem with distinguishing between these two concepts. 


This is the process in which we verify the identity of a particular user. In other words, we know  who is logged in. For this process we usually use login and password. So the login forms that you  create allow you to perform authentication

With authentication, you may encounter what is called 2FA (Two Factor Authentication). There is  also multifactor authentication, which simply has more factors needed to perform the authentication process. 

For example, authentication factors could be sms codes, apps like Google Authenticator, or even a  token (those were the days). 

You can let us know in the comments if you ever used a token. I remember my first bank account  where you had to enter numbers from a token. 


If we have already performed authentication and we know WHO the user is, we can think about what we can allow him to do. Authorization is nothing more than checking the permissions for a  particular user to perform a particular action.

Related posts

Post a Comment

Your email address will not be published. Required fields are marked *