# 
## Authentication

**Authentication** means giving a user basic access to an application. 

Whenever you log in to Facebook, you get authenticated by Facebook's backend. Only then will you be able to view posts, create posts, etc.

# 
## Authorization

**Authorization** means elevating a user's access to certain parts of a system. An example of authorization is a subscription upgrade in a service like Educative.io. 

Without a subscription, a user will be limited to free courses. A subscription elevates their access to paid courses. 

## 
### Levels of authorization

Different levels of authorization exist within systems. 

In Discord, for example, a user can be granted access to delete messages in a single channel. Another user may have access to delete messages in *all channels*. 

# 
## Is authorization a subset of authentication?

We can't speak about authorization without talking about authentication. Authorization depends on authentication, but it isn't strictly a *subset* of it.

Authorization is usually present in apps; even simple ones like blogs and to-do lists. Without authorization in place, user A can view user B's data. This is an infringement of privacy and must be avoided.

Authentication versus Authorization

 Authentication Authentication means giving a user basic access to an application. Whenever you log in to Facebook, you get authenticated by Facebook s backend. Only then will you be able to view posts, create posts, etc. 