Key Differences between Authentication and Authorization
Authentication |
Authorization |
---|---|
In the authentication process, the identity of users are checked for providing the access to the system. |
While in authorization process, a the person’s or user’s authorities are checked for accessing the resources. |
In the authentication process, users or persons are verified. | While in this process, users or persons are validated. |
It is done before the authorization process. | While this process is done after the authentication process. |
It needs usually the user’s login details. | While it needs the user’s privilege or security levels. |
Authentication determines whether the person is user or not. | While it determines What permission does the user have? |
Generally, transmit information through an ID Token. | Generally, transmit information through an Access Token. |
The OpenID Connect (OIDC) protocol is an authentication protocol that is generally in charge of user authentication process. | The OAuth 2.0 protocol governs the overall system of user authorization process. |
Popular Authentication Techniques-
|
Popular Authorization Techniques-
|
The authentication credentials can be changed in part as and when required by the user. | The authorization permissions cannot be changed by user as these are granted by the owner of the system and only he/she has the access to change it. |
The user authentication is visible at user end. | The user authorization is not visible at the user end. |
The user authentication is identified with username, password, face recognition, retina scan, fingerprints, etc. | The user authorization is carried out through the access rights to resources by using roles that have been pre-defined. |
Difference between Authentication and Authorization in LLD | System Design
When building computer programs, especially when designing complex systems, it’s super important to understand two key things: authentication and authorization. Even though these words sound similar, they do different jobs to keep our systems safe.
Important Topics for Authentication vs. Authorization
- What is Authentication?
- User Authentication in Low Level Design (LLD)
- Authentication Methods
- How authentication information is passed between components in a low-level design
- Encryption in Authentication Processes
- Hashing in Authentication Processes
- What is Authorization?
- User authorization in Low Level Design (LLD)
- Authorization Models
- Key Differences
- Security challenges and best practices related to authentication and authorization
- Impact of Authentication and Authorization on System Scalability and Performance
- Conclusion