[croes]

But authentication and authorization are often used in the same context where confusion is lethal.

[coldtea]

Why would it be "lethal"?

As a dev you're either building or hooking up to either or both of them. And you know what each requires you to build / hook up to.

As a user, you just care "I put my login/password/api key here, and I get the capability to do several things in that webpage/service/etc". Both auth and the other auth are handed for you.

[croes]

Ever heard of a hyperbole?

And if the other dev made an error and confused authorization and authentication you have a problem.

Stupider mistakes have been made and it is a sign of overconfidence if you think you are immune to them.

[coldtea]

>Ever heard of a hyperbole?

Yes, primarily I've heard that it is to be avoided in technical discussions...

[numpad0]

The real problem is people don't have clear differentiation between authN and authZ. You being you doesn't mean you or they consent to something, those are separate, though very close.

Hence the confusion and ambiguous shorthand "auth". You auth and gets everything. You fail to auth and you don't have access. That covers ~80% of any authentication-authorization-accounting systems use cases, and that allows people to be care-free about differences.