Authentication是一个验证的过程:

系统中的用户身份(用户名、登录名、电话号码、电子邮件……)，通过提供证明(密钥、生物识别、短信……)作为扩展的多因素身份验证。 使用数字签名检查电子邮件[关于] 校验和

授权是身份验证之后的下一步。它是关于资源的权限/角色/特权。OAuth(开放授权)是授权的一个例子

混淆是可以理解的，因为这两个词听起来很相似，而且概念经常密切相关并一起使用。此外，如前所述，常用的缩写Auth也没有帮助。

其他人已经很好地描述了身份验证和授权的含义。这里有一个简单的规则来帮助区分这两者:

身份验证验证您的身份(或真实性，如果您喜欢) 授权验证您的权限，即您访问和可能更改某些内容的权利。

正如身份验证vs授权所言:

Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers to the questions: Who is the user? Is the user really who he/she represents himself to be? Authorization, by contrast, is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. For example, a database management system might be designed so as to provide certain specified individuals with the ability to retrieve information from a database but not the ability to change data stored in the datbase, while giving other individuals the ability to change data. Authorization systems provide answers to the questions: Is user X authorized to access resource R? Is user X authorized to perform operation P? Is user X authorized to perform operation P on resource R?

参见:

Wikipedia上的身份验证与授权

我发现这篇文章中的类比对我很有帮助。

Consider a person walking up to a locked door to provide care to a pet while the family is away on vacation. That person needs: Authentication is in the form of a key. The lock on the door only grants access to someone with the correct key in much the same way that a system only grants access to users who have the correct credentials. Authorization is in the form of permissions. Once inside, the person has the authorization to access the kitchen and open the cupboard that holds the pet food. The person may not have permission to go into the bedroom for a quick nap.

因此，简而言之，认证是关于用户身份的，而授权是关于用户权限的。

身份验证是验证您的登录用户名和密码的过程。

授权是验证您是否可以访问某些内容的过程。

我试图用最简单的语言来解释这一点

1)身份验证意味着“你是你所说的那个人吗?”

2)授权意味着“你能做你想做的事吗?”

这在下图中也有描述。

我试图用最好的术语来解释它，并创造了一个相同的图像。