First of all, thank you, Srinath. The way you explain each IAM concept with a demo is really good and very easy to follow. After the Authentication vs Authorization and RBAC lessons, the Auth0 example you showed in the video gave me the idea to build my own version the same way. Here is what I did: 1. I Set up my app in Auth0 as a Single Page Application. 2. After that, I made two users, one admin and one normal user. 3. Made two roles (admin and user) and assigned them to the users. 4. Added a Post-Login Action so each user's role goes into their login token. 5. Built a small app with four pages (Public, Profile, Protected, Admin) that checks the role. Result: both users can log in (authentication), but only the admin can open the Admin page. The normal user logs in fine but gets a clear "Access Denied" (authorization). This proves: being logged in is not the same as being allowed to access everything.