What do authorization and authentication actually mean?

Julianna Roen
May 26, 2020 · 3 min read

Perhaps you are not comfortable or don’t know much about either of these two terms other than they start with the same four letters “auth”. Well, were you aware that the prefix “auth” is actually Greek for “self”? Both operations refer to being able to do things on one’s own behalf, but there are important distinctions between them that I will break down in plain English.

Image for post
Image for post

In the context of programming, authorization refers to checking that a user or entity has the ability to access specific resources based on their permissions.

Authorization is not the same thing as authentication. Authentication refers to a user or entity being able to prove their identity in order to access specific resources.

In as few words as possible:

Authorization — having permission to do something

Authentication—verifying identity in order to do something

Example of authorization

What does this mean in terms of authorization? It means that when admin Adrian at Company A tries to look at Bryn’s Social Security number at Company B, then Adrian should be prevented from doing so. She is unauthorized to perform this action. Adrian can look at Anoushka’s SSN, though, because Anoushka works at Company A as an employee. Only Bryn and admins at Bryn’s company can look at her SSN because that is how the app’s authorization scheme is structured.

Example of authentication

When a user logs in to Gmail or any other site with a username and password, they are authenticating their identity by entering the correct combination of these fields. This type of authentication is established on the premise that only the user themselves should know their own unique set of inputs and therefore providing the proper information is sufficient enough to allow them to access their profile. Two-factor authentication (or 2FA) is the practice of reproving identity by entering a code received as a text message or some other means of doubly confirming an individual’s credentials to access their account.

Authorization and authentication used together

With authorization, a user is simply either allowed do something or not. With authentication, the user has to prove that they can do something in order to do it. When developing applications, it’s important to ensure that both of these processes are accounted for in order for data to be safely accessible. Users need to confirm that they have access to their accounts before being let in and should not be able to retrieve or edit data that is off limits to them.

The Startup

Medium's largest active publication, followed by +756K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store