Authentication vs Authorization

Posted Mar 25, 2026

By Yoan Ivanov

1 min read

Authentication is the act of proving an assertion, such as the identity of a computer system user.

Simply said: Who is this person / are they logged in?

In Ruby on Rails we usually do this with the device gem. With version 8.0 they introduced it built in.

Authorization is the function of specifying rights/privileges for accessing resources

Simply said: Does the user have access to this?

In Ruby on Rails we do this with the cancancan or pundit gems.

https://en.wikipedia.org/wiki/Authorization https://en.wikipedia.org/wiki/Authentication

This post is licensed under CC BY-NC 4.0 by the author.

Trending Tags