Authentication and authorization are the two core components for securing applications. Authentication is the process of verifying a user's identity by obtaining credentials and using those credentials to verify their identity, whereas authorization is done after a successful authentication and it validates if the authenticated user has sufficient rights to access a particular resource of an application. A typical example is the shopping cart application, where a user can sign in to choose products, check out, and make payments; whereas some information is still hidden from registered users, and features such as manipulating items, managing user access, and other administrative permissions are only given to admin users.