What is the difference between authentication and authorisation?
Let's start with the difference between authentication and authorisation as this can sometimes be a bit confusing for new developers.

Authentication is the process of determining if someone is who they claim to be.

This can be done in many different ways, but the most common for web applications is a username and password check. Another example of authentication is using your pin code with your debit card at a ATM.

Whatever the mechanism, authentication verifies you are who you say you are. But what it doesn't do is define what you have access to, that is where authorisation comes in.

Authorisation is the process of checking if someone has the rights to access a resource.

Authorisation occurs after an identity has been established via authentication and determins what parts of a system you can access. For example, if you're have administrator rights on a system you can access everything. But if you're a standard user, you may only be able to access specific screens.

-----------------汉语分割线------------------

认证和授权的区别是什么？
让我们从认证和授权之间的区别开始，因为对于新的开发者来说，这有时会让人有点困惑。

认证是确定某人是否是他们所声称的人的过程。

这可以通过许多不同的方式来完成，但对于网络应用来说，最常见的是用户名和密码检查。另一个认证的例子是在ATM机上使用你的借记卡的密码。

不管是什么机制，认证都能验证你是你说的那个人。但它并不能定义你有什么权限，这就是授权的作用。

授权是检查某人是否有权利访问资源的过程。

授权发生在通过认证建立身份之后，并决定你可以访问系统的哪些部分。例如，如果你有系统的管理员权限，你可以访问所有的东西。但如果你是一个标准用户，你可能只能访问特定的屏幕。