AuthZ and AuthN
The difference between authorization, abbreviated called “AuthZ”, and authentication, also known as “AuthN”, is really simple. Authentication describes who is allowed, whereas authorization describes what is allowed.
By example
To make the distinction clearer we can look at a real world example. Say you develop an API, then you want to control the following things, among many others.
- AuthN: who is allowed to access your service; this can be done by using JWT as an authentication method
- AuthZ: what services exactly can be accessed; some consumers might only be allowed to access preview data, while other have elevated privileges and can also modify content via requests; this can be done server-side by checking the provided UID against a map of privileges
Identity Access Management
Related to this topic is “Identity Access Management”, or shortly called IAM. IAM exactly takes care of who can do stuff (for example, user accounts in your admin console) and what resources they can access, as some users could be allowed to manage the database but aren’t given access to the analytics component of the service.
That was quick!
This was a quick explanation of what the difference between authorization and authentication is. For more detailed information, check out the link in the addendums.
