Reputation: 786
What is the difference between Authentication and Authorisation in Laravel (7 or above)?
I am trying to make a login and registration page using Laravel, but I came across two concepts in the official Laravel Documentation - Authentication and Authorization. I am unsure as to which one to use to check login details with the ones in the database, since they sound very similar. If I use one of them to login users, then what is the use of the other one. Please explain with some examples and codes.
Upvotes: 3
Views: 1448
Answers (1)
Reputation: 2248
Authentication is a process of making sure your user is authenticated/logged in to do stuffs in your app.
Authorization is a process of making sure your authenticated user have access to any stuffs in your app.
I will try to explain it as a short story so you can understand better and easier. It going to be a bit longer but you will get the idea.
Imagine those are the guards of a military base, you want to get in to the base. "Mr. Authentication" stops you in front of the gate and said "Hey, who are you? Only registered users are allowed to get in the base. Please fill this form to verify that you have already registered. Otherwise, please register yourself as new user and show me the form you've filled".
You do register yourself and are allowed to get in. Now you are authenticated. Inside the base, you found a room with hazard symbol near the barracks. You are curious and decided to get in but then you met "Mr. Authorization".
He said.. "Good morning sir, I've never seen you yet before. This is our laboratory, only Professor have rights to get in here. Otherwise, I will need to get you out of here. Can I see your authentication pass, please?."
You shows your pass, he looks at it and realize you are a new member of that base and your role were limited to Temporary Member.
He holds your hand and drags you outside the room, and he said "Apologize sir, you have no rights to access this room, please explore the base wherever you like but not this place. If you are keep going back, I might drags you out like this again".
Back to topic
Laravel has built in authentication stuffs you can get by using php artisan:make auth command and you're probably no need to make it your own at some cases. This will do an Authentication stuffs like Logging in the user or Register a new one for you out of the box.
So, if you want to check login details with the ones in the database, this is exactly what you need. After the user can login, you might want to limit their access at some pages. Here is when the Authorization comes for the job.
Upvotes: 4
Related Questions
- Authorization and php
- What is the difference between auth and access in Laravel 5.7?
- How laravel `Auth:user()` or `Auth:id()` works
- Laravel authentication and authorisation
- what is the difference between Auth::routes() and Route::auth() in laravel
- Laravel - How to accomplish authentication by permission?
- What is the purpose of the authorize method in a Request class in Laravel?
- Laravel Authorize() confusion
- Laravel 5 Auth - What exactly is it?
- Two type of authentication - laravel 4