| AUTHENTICATION | AUTHORIZATION |
| the identity of users are checked for providing the access to the system | user's authorities are checked for accessing the resources. |
| AuthN done before authorization | AuthZ always happens after authentication |
| It needs usually user's login details | It needs user's privilege or roles |
| If authentication fails, usually we will get 401 error response | If authorization fails, usually we will get 403 error response |
| in order to perform actions in app, we need to prove our identity | Once logged into the application, my roles, authorities will decide what kind of actions I can do |
Authentication 🆚 Authorization