FE Interview Hub
categories.security Basic

Authentication vs Authorization

AI Practice

Distinguish authentication from authorization and explain common implementations.

Conceptual Difference

Authentication: Verifies who you are. Example: username/password, Google OAuth login.

Authorization: Determines what you can do. Example: only admins can delete posts.

Common Authentication Methods

  • Session/Cookie: Server maintains session state; Cookie stores the Session ID.
  • JWT: Stateless token; server does not store session state.
  • OAuth 2.0: Authorizes third-party apps to access resources; commonly used for social login.

Common Authorization Models

RBAC (Role-Based Access Control): Grants permissions based on roles (admin, editor, viewer).

ABAC (Attribute-Based Access Control): Dynamically determines permissions based on user, resource, and environment attributes. More flexible but complex.

Best Practices

Authenticate before authorizing. Re-verify identity for sensitive operations. Apply the principle of least privilege.

✦ AI Mock Interview

Type your answer and get instant AI feedback

Sign in to use AI scoring

← Previous

HTTPS and TLS Encryption

Next →

Database Query Optimization Strategies

Copyright © 2026 Wood All Rights Reserved · FE Interview Hub

GitHubAdmin