Authentication and authorization is used to prevent unidentified and unauthorized users from gaining access to systems they don't have permission to use. In other words, keep the bad people out let the good people in. People often confuse authentication and authorization. The http standards didn't help things either (401 unauthorized, 403 forbidden), but i don't want to discuss that. Instead let's watch two short clips from popular movies that illustrate the differences between authentication and authorization first let's see an example of authentication using multi-factors to validate the identity of a user.
In this next clip we will see that although the user is a valid user and should have pretty broad authority that authority is not recognized by the gatekeeper and the user is denied passage or is not authorized to pass.
These clips demonstrate that authentication is used for identification and validation of a user and authorization is used for permissions or the authority of a user.