Authentication (authn) = proving identity ("who are you?").
Authorization (authz) = determining permissions ("what can you do?"). Authentication always happens first.
A classic exam trick: authentication and authorization are separate steps. You can be authenticated but not authorized (valid credentials, no permission). AAA adds accounting to track actions.