Authentication (AuthN) is very often mixed up with authorization (AuthZ). It generally takes multiple attempts to understand the difference and we still get confused. The source of confusion is that most people think the authentication provider and the authorization provider are the same. In our WordPress example, WordPress provides the authentication (has the username and password) and authorization (stores the users under admin or user roles, for example). The implementation in the code (at least initially) would be mixing up authentication and authorization also (if (admin) do this; else do that). Even the names can be confusing. OAuth is an authorization protocol, whereas we are using the oauth2_proxy for authentication.

Authentication deals with identity (who are you?), and in general requires a trusted provider (such as Google, GitHub, or Azure).

Authorization deals with permissions (what are you trying to do?), and is very implementation specific in terms of what application resources needs to be protected.

We are going to use Azure AD for authentication to our guestbook service.