Question
What is the difference between Authentication and Authorization?
Answer
Authentication verifies who the user is, while Authorization determines what the user can access.
Authentication
- Verifies user identity
- Usually done using username/password, OTP, OAuth, biometrics
- Example: Logging into an application
Authorization
- Determines permissions after authentication
- Example: Admin can access dashboard, normal users cannot
if (user.role === "admin") {
showAdminPanel();
}
Key Points
- Authentication happens before authorization
- JWT and sessions are commonly used
- Role-based access control improves frontend security