what is the difference between authentication and authorization
Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.
The purpose of authorization is to determine whether an identity should be granted the requested type of access to a given resource