I’m writing this post for my own reference, because I always tend to forget
Authentication is the means of ensuring that a user is he who claims to be. Most common means of authentication is “login” system.
Authorization answers the question “Can the user perform foo action on my system” ?
Based on the answer, we either perform or reject the action. So authorization ensures that a user is allowed to perform an action on the system … So a user authenticates himself, then based on that , we may decide the actions he may or may not perform (Authorization)
More information here.