After some thinking and some google searches I think I've found a very good analogy for representing authentication vs authorization. I'll stick to this, seems like a good mental model.
The analogy is found here: https://www.okta.com/identity-101/authentication-vs-authorization/
It roughly goes like this:
You go visit your neighbor. You knock at his door.
He looks through the peephole, and then he recognizes you (authentication).
He opens the door and invites you in.
You talk to him and start feeling comfortable, so you go sit on the sofa. He has no problem with this (you are authorized to do this).
You even use his toilet (still authorized).
After some time you feel hungry and try to open his fridge to have a look. He stops you and says that you are not allowed to do this (not authorized). Maybe his best friend is allowed... (he might be authorized)
Top comments (0)