Microservices.io

Authorization in microservices becomes complex when decisions require data from multiple services. Authorization-as-a-service platforms like Oso Cloud solve this by centralizing policy logic written in declarative languages (Polar) and evaluating authorization decisions via API calls. Services populate Oso with facts about roles and relationships through events (CQRS pattern), then delegate authorization checks instead of implementing complex conditional logic and database joins. This approach supports RBAC, ReBAC, and ABAC while reducing per-service implementation burden. The article demonstrates Oso integration in a security system application, showing how policies express role inheritance across resource relationships and how unification evaluates permission queries.

Authentication and authorization in a microservice architecture - Part 5 - implementing complex authorization using Oso Cloud

Motivation: why use an authorization service? §

An overview of authorization-as-a-Service §

A simple example: managing customer employees §

A more complicated example: managing security systems §

Integrating Oso Cloud into the RealGuardIO application §

Need help with accelerating software delivery? §