Authorization and authentication are two related concepts in the field of information security and access control.
Authentication refers to the process of verifying the identity of a user or system. It involves confirming that the user or system is who or what it claims to be. Authentication mechanisms can include passwords, biometrics (such as fingerprints or facial recognition), tokens, certificates, or other credentials. The goal of authentication is to ensure that only authorized individuals or systems are granted access to resources or services.
Authorization, on the other hand, is the process of granting or denying access rights and permissions to authenticated users or systems. Once a user or system has been authenticated, authorization determines what actions or resources that user or system is allowed to access. It involves defining and enforcing policies and rules that specify the level of access or permissions granted to different users or user groups. Authorization can be based on roles, user attributes, or other criteria.
In summary, authentication is about verifying the identity of a user or system, while authorization is about determining what actions or resources an authenticated user or system is allowed to access based on their defined permissions or privileges. These two concepts work together to ensure secure access control and protect sensitive information and resources.
login time - token based -> authentication
authorisation-> hasperrmission -> to access page we need permissions
passport based authentication i used
sanctum -> https://laravel.com/docs/10.x/sanctum
jwt-json web tokens
No comments:
Post a Comment