Given you’re reading this article, you’ve likely heard someone talk about Auth as it relates to software. Somewhat confusingly, Auth as an umbrella term can describe two related but distinct concepts: Authentication and Authorization. I’ll do my best here to explain both concepts without technical details.
You’ll see Gavin stroll into the Hooli offices with confidence, ID badge in hand. But when he scans the ID badge, Hooli’s systems reject his access! A moment later, Jack’s ID badge unlocks the boardroom door without a hitch.
Now, both of their ID badges equally communicate their identities. Gavin’s ID badge proves that he’s actually Gavin. Jack’s ID badge does the same thing; it tells the system who he is.
So what’s the difference between Gavin and Jack here? Their identities confer different permissions. Since the Hooli board has fired Gavin, the security system knows not to unlock the door for him.
The security system essentially asks two questions for every badge swipe: Who is this person? Does this person have access privileges?