Authentication and Authorisation 

Authentication versus authorisation: today I learned that authentication is signing into a service that you use whereas authorisation is controlling who has access to what content. So allow me to explain.

If for example I log in to LinkedIn or GitHub or Facebook (!!!) - authentication says that I am me, Susanna Chapman, or my GitHub username, or whatever. Or let's say I log into my Slack (an application that we use for messaging at work).

So once the service knows I am in... knows I'm Susanna Chapman... it then controls what I can see.

I CAN SEE my inbox on LinkedIn... I CAN'T see Jeffrey Bezos's inbox on LinkedIn... because I am not authenticated as Jeffrey Bezos.

Similarly so... on Slack I can see MY DMs... I can't see the secret channels for managers and different teams.

On Codecademy I can access courses because I have paid for them... Someone who is only using the free tier will not be authenticated to use paid for courses because they have not yet paid for them.



Tokens are to do with how long the users authentication lasts for once they have logged in.


But that is another story and a post for a different time. 😅