This feels stupid, but I have to clarify for myself (again) the difference between these two terms. Maybe this is clear for English natives, but in German, those are just two words that sound very similar AND that also have a similar meaning, which is very confusing. So…
authentication
It’s done to identify a person or user.
Examples:
- „Who“ are you.
- Are you „authentic“
- password login
- two factor authentication
authorization
allowing him to do certain actions. Often people need to be authenticated before they can be authorized.
Examples:
- The police is authorized to control people