HLDsystem_design~12 mins

Authentication vs authorization in HLD - Architecture Patterns Compared

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

System Overview - Authentication vs authorization

This system explains the difference between authentication and authorization in a typical web application. Authentication verifies who the user is, while authorization determines what the user can do. The system ensures secure access by checking identity first, then permissions.

Architecture Diagram

User
  |
  v
Load Balancer
  |
  v
API Gateway
  |
  +-------------------+
  |                   |
  v                   v
Auth Service       Resource Service
  |                   |
  v                   v
User Database      Permissions Database
  |
  v
Cache (for sessions and tokens)

Components

User

client

Person or system trying to access resources

Load Balancer

load_balancer

Distributes incoming requests evenly to API Gateway instances

API Gateway

api_gateway

Entry point that routes requests to authentication or resource services

Auth Service

service

Handles user identity verification (authentication)

Resource Service

service

Handles user permissions and resource access (authorization)

User Database

database

Stores user credentials and profile data for authentication

Permissions Database

database

Stores user roles and permissions for authorization

Cache

cache

Stores session tokens and permission data for faster access

Request Flow - 14 Hops

User → Load Balancer

Load Balancer → API Gateway

API Gateway → Auth Service

Auth Service → User Database

User Database → Auth Service

Auth Service → Cache

API Gateway → Resource Service

Resource Service → Cache

Resource Service → Permissions Database

Permissions Database → Resource Service

Resource Service → Cache

Resource Service → API Gateway

API Gateway → Load Balancer

Load Balancer → User

Failure Scenario

Component Fails:Auth Service

Impact:Users cannot log in or verify identity, blocking access to resources

Mitigation:Use multiple Auth Service instances with load balancing and failover; cache valid session tokens to allow continued access for logged-in users

Architecture Quiz - 3 Questions

Test your understanding

Which component verifies the user's identity?

AAPI Gateway

BResource Service

CAuth Service

DLoad Balancer

Design Principle

This architecture clearly separates authentication (identity verification) from authorization (permission checking), improving security and scalability by using dedicated services and caching to optimize performance.