Questions tagged [authorization]
The authorization tag has no summary.
183 questions
3 votes
1 answer
699 views
RBAC vs PBAC vs ACL
I’m trying to clarify the difference between Role-based Access Control, Policy-based Access Control, and Access Control List when designing an authorization system. I have two scenarios: Scenario A I ...
- 43
2 votes
3 answers
419 views
Handling authorization and authentication with an API gateway
Recently, I’ve found myself designing a microservices system, and I’m currently facing some challenges with authentication and authorization. Context All my microservices will be placed behind an API ...
- 165
4 votes
1 answer
179 views
Next Auth Flow For Use with Ruby on Rails API
I plan to have a frontend web app written with Next.js using the AuthJS library to provide user authentication using Oauth. This frontend application depends on a backend API. I want to make sure my ...
- 149
0 votes
1 answer
291 views
How to design permission-based authorization for individual resources for individual users?
I need to design a system that handles multiple types of resources, each having their own business logic and different types of actions available for those resources. The requirements are a natural ...
0 votes
0 answers
118 views
Avoiding conflicts with Microsoft Two-factor authentication across multiple web applications help
I'm designing a web application and using Microsoft's out of the box Identity and its default Two-Factor Authentication (with Asp.net core MVC and .NET 8). While setting up and testing the 2FA ...
- 147
4 votes
1 answer
954 views
In a web application, should "private" user images be protected with authentication/authorization?
When creating a web application that will allow users to upload images and mark them as private, should those images be protected by authentication and authorization mechanisms against access by other ...
- 185
1 vote
0 answers
212 views
OpenID Connect and User Management Best Practices
Currently my company has 2 applications that use Identity Server for SSO. Not every client we have uses both applications but some do. The part I'm uneasy about is that both apps have a user ...
- 146
1 vote
1 answer
129 views
Is my security pattern correct for authenticating principal users to my microservices?
We are trying to implement an authorization and authentication service for our product. Now, we would have to cater to different kinds of IAM systems like SSO, LDAP and Basic Username+Password in ...
- 19