I don't know shite about:

Not all auth is equal

Difference between authentication and authorization

What's the difference between authentication and authorization. I often hear them used interchangeably, but they have separate meaning.


During authentication the user is identified. So we could call it Identification. But Authentication puts an emphasis on "Authenticity", on "proving the user is who they claim to be". Your travel passport is a common way of Authenticating yourself towards the authorities of foreign countries. (for example at the border control). In a digital context, a user authenticates themselves through a password, fingerprint, face-recognition. Because the system assumes, only this person has access to this identifier.


Authorization is the process of providing access to protected resources based on internal rules. After a user has been authenticated the system can decide what resources the user can access based on who they are. The president of a country has the right to look at super secret files because the laws dictate that he's got the "Authority" to do so. In a digital context, as user would gain access to certain configuration options or documents inside an app based on his user rights.