Authentication vs Authorization

Authentication and authorization are two closely related concepts, but they are not the same. They are both used to protect resources, but they do so in different ways.

In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.

Comparing these processes to a real-world example, when you go through security in an airport, you show your ID to authenticate your identity. Then, when you arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to the plane.

• Authentication

  • Authentication is the process of verifying the identity of a user. This is typically done by asking for a username and password, but it can also be done using other methods, such as biometric data or security tokens.
  • The goal of authentication is to ensure that the person accessing a resource is who they claim to be.

• Authorization

  • Authorization is the process of verifying what a user has access to. This is typically done by checking the user’s permissions and comparing them to the resource they are trying to access.

Conclusion

• Authentication: 认证
• Authorization: 授权

以现实中住酒店为例，假设你定好了酒店并来到前台，接待员会要求你出示身份证，以确认你的身份，这就是认证。确认你的身份合法后，他们会给你一张房卡，用这张卡你就可以进入你的房间，这就是授权。

最后的最后

我已经彻底明白认证和授权的区别了，但是，这两个单词实在是太像了，我怎么区分他们呢？

• 从操作步骤上来说，认证在授权之前。
• 从单词上来说，如果按照字母顺序排序，authentication 在 authorization 之前。

这样就能记住了，你学会了吗？