Albert Starreveld
1 min readJan 31, 2024

--

Hi there,

Thanks for your response. You are correct in some cases. But in other cases, there is an important difference. Cases i've run into are applications where civilians log into applications. Like an overview for a pension fund for example. Every citizen in the country can *authenticate* in such an application. That's what i was trying to point out: the difference between authentication and authorization and the thin line between these two concepts.

Also, like you are pointing out: not providing a person credentials is also a way of authorizing a person to use a service. And that's where the lines get blurry. Have you authorized a person by granting permission? Or are those credentials for authentication purpose only? It's important to know that amongst the colleauges in a business.

I've learned in some businesses that it's important to be very explicit about the details of the authentication and the authorization flow because that's where things might go wrong..

Hope this makes the message i was trying to convey a bit more clear.

Again, thanks for your response!

Cheers.

--

--

Albert Starreveld
Albert Starreveld

Written by Albert Starreveld

Passionate about cloud native software development. Only by sharing knowledge and code can we take software development to the next level!

No responses yet