Laravel Authentication vs Authorization

Updated November 6, 2020・1 minute read Post By tnylea
Laravel Authentication vs Authorization

Laravel provides some really great features out of the box. Authentication and Authorization are just a few of them.

If you are fairly new to application development and/or Laravel, these two features might get confusing to distinguish them apart. In this quick article, you will learn the basic difference between the two.

First, let’s cover authentication.

What is Authentication

authentication-header.png

Authentication is the process of verifying (authenticating) a user in your application. To verify a user in your application will require the user to login with an email and password. This is authentication in its simplest form.

When a user is authenticated, your application knows the user who is making requests. The user has been authenticated via your application and they can now perform actions they would not be able to perform if they had not logged in.

After a user has been authenticated they will typically have permissions to visit specific pages of your app. Granting or denying access to these specific pages is referred to as Authorization.

What is Authorization

authorization.png

Authorization allows an authenticated user to specific areas in your app. In most cases, your application will be authorizing that an authenticated user can access certain areas of your application.

A simple example would be an administration section. When a user tries to access an admin section, your application will be responsible for verifying (authorizing) the authenticated user has the correct permissions to visit the admin. If the user has permission they will be authorized and granted access to the admin; otherwise, they will be denied access.

Conclusion

It’s pretty simple to distinguish the difference between authentication and authorization after you have a simple definition of each one.

The simplest way to think of these two is that authentication will verify that a user is logged in and authorization will determine whether that logged in user can visit certain areas of your application.

I hope this helps clear up any uncertainties on these two terms ✌️

Still have a question?

Get help or discuss anything development/design related.

Start a discussion