I want to share some learnings that explain the key differences in authentication vs authorization
Authentication is the process of the system verifying who you are and your credentials. Whereas Authorization are the permissions you may have been granted within given system.
For example: When you login with a username and password - this is the authentication process. Once logged in to the system you are usually granted certain permissions (or authorized) to access specific parts of that system.
Here is a list of basic factors that can help verify your identity- (remember this is part of the authentication process).
When you combine different forms of the above you get multiple layers of authentication. This is where terms like Two-Factor Authentication and Multi-Factor Authentication come from.
Authorization is done only after a successful authentication
In most systems each user has a role that allows them certain permissions. Or, maybe no permissions at all. The authorization to view and write to different parts of a given system depends on their role and permissions.
Be sure not to miss AfterAcademy's article on Authentication vs Authorization. It was a great resource in understanding the above. You can find it here.