Authentication (AuthN): Verifying identity. "Who are you?" Typically username/password, OAuth, biometrics, or certificates.
Authorization (AuthZ): Verifying permissions. "What can you do?" Typically role-based (RBAC) or attribute-based (ABAC) access control.
Authentication happens first. Authorization happens after. A user might authenticate successfully but still be denied access to a resource they don't have permission for.