Best of Authorization — 2024
- 1
- 2
System Design Codex·2y
How LinkedIn Authorizes 10 Million API Calls Per Second
LinkedIn utilizes Access Control Lists (ACLs) to manage access control at scale, facing challenges such as quick authorization checks, prompt ACL changes delivery, managing a large number of ACLs, and monitoring ACL data. They handle these challenges by running an authorization client module on every service, periodically refreshing ACL data, storing ACLs in a database with a cache, and logging authorization checks for monitoring purposes.
- 3
Hacker News·2y
Permify/permify: An open-source authorization as a service inspired by Google Zanzibar, designed to build and manage fine-grained and scalable authorization systems for any application.
Permify is an open-source authorization service inspired by Google Zanzibar, designed to implement fine-grained, scalable access controls quickly. It centralizes authorization logic, supports granular permissions, and offers fast response times for access checks. Start using it locally with a simple Docker command and contribute to its codebase, documentation, or playground for improvements.
- 4
Cerbos·2y
How to use ReactJS for secure Role Based Access Control
ReactJS simplifies building interactive user interfaces through reusable components. By integrating Cerbos, a modern Authorization-as-a-Service solution, developers can efficiently handle authorization for an internal admin dashboard. Cerbos provides a flexible Policy Decision Point (PDP) that can be deployed in various environments, ensuring secure Role Based Access Control (RBAC). Using Docker, developers can test and implement policies to manage roles and permissions precisely, preventing unauthorized access to sensitive information and streamlining user role management.
- 5
Awesome Go·2y
Microservices Authentication and Authorization Using API Gateway
Learn about the challenges of authentication and authorization in a microservices architecture, the benefits of using an API Gateway for access management, and how JSON Web Tokens (JWTs) are used for authentication in microservices.
- 6
Community Picks·2y
Build a Login and Logout API using Express.js (Node.js)
Learn to build a secure login and logout system using Express.js in Node.js. The tutorial covers setting up development files, installing dependencies, and creating a MongoDB database. It explains the basics of authentication and authorization, the logic for user registration and login, password hashing, and session management using JWT tokens. Additionally, it shows how to implement middleware for verifying user sessions and roles, and how to handle user logout securely.
- 7
Authentication vs Authorization
Understanding authentication and authorization is key to securing applications. Authentication verifies user identity, while authorization determines what authenticated users are allowed to do. Authentication methods include passwords and biometrics, whereas authorization relies on access control lists and roles. Effective authorization systems need to be scalable and flexible. Services like Cerbos offer robust, scalable solutions that enhance security by ensuring only permitted users access sensitive data.
- 8
- 9
better-auth/better-auth: The most comprehensive authentication library for TypeScript
Better Auth is a comprehensive, framework-agnostic authentication and authorization library for TypeScript. It aims to reduce the need for extensive additional code by offering a rich set of features out of the box, while prioritizing best practices and type safety. Currently in beta, the project focuses on simplicity, consistency, and predictability across different platforms. It supports plugins for advanced functionalities like 2FA and multi-tenant support, and is licensed under the MIT License.
- 10
Dave Gray·1y
Permissions & Authorization in a Next.js Full Stack Project
Dave provides a lesson on applying permissions in a Next.js full stack application. He explains how to set up permissions for users, employees, managers, and admins, emphasizing the importance of restricting access based on roles. The tutorial includes integration with Sentry for error reporting and performance monitoring. Detailed walkthroughs guide users through installing required packages, setting up Kind for user management, and configuring permissions using Kind's management API. The tutorial also addresses compatibility issues with using Next.js 15 and React 19.
- 11
How to Build a Request Access Approval System using Next.js
Next.js is a robust React framework for building web applications. Creating a Request Access Approval (RAA) System is essential for managing access to sensitive data within organizations. By using Permit.io, Next.js applications can handle complex access requests and manage approvals efficiently. The guide walks through setting up a Next.js project, integrating Permit.io for authorization, and implementing user management and access request components to safeguard critical information.
- 12
3 Most Common Authorization Designs for SaaS Products
Authorization is essential for securing SaaS applications, ensuring only authorized users access specific resources. This post details three common authorization models: Access Control List (ACL), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). ACL is simple and quick but may require manual updates as the system scales. RBAC is more scalable, using roles to grant permissions, but can suffer from 'role explosion' as granular control increases. ABAC is the most complex and powerful, using contextual information and attributes to manage access dynamically. Organizations with complex needs might consider third-party solutions like Cerbos for easier implementation.
- 13
Building Secure Private Screens in React
Modern applications often require fine-grained access control for private or restricted pages, documents, or features. Permit.io simplifies this by providing embeddable UI components for access sharing. This guide outlines the integration of Permit.io's Access Request Element into a React application, allowing users to request access to restricted resources, with admins being able to approve or deny these requests. The article also covers the necessary setup for authentication, the creation of backend routes, and the embedding of iframe components in a React app.
- 14
Please stop using middleware to protect your routes
The post discusses the use of middleware for route protection and argues against its usage. It highlights the drawbacks of using middleware for authorization and suggests alternative approaches for implementing route protection based on user roles.
- 15
A Complete Guide to Next.js Authorization
Learn about authorization in Next.js using Cerbos, an open-source authorization project. Understand how authorization works, how to integrate it into a Next.js application, and implement attribute-based access control (ABAC) and role-based access control (RBAC).
- 16
gitconnected·2y
Complete Guide to Building Authorization Systems using RBAC, ReBAC and ABAC
Building a robust and scalable authorization system requires understanding various models like Role-Based Access Control (RBAC), Relationship-Based Access Control (ReBAC), and Attribute-Based Access Control (ABAC). Using examples from GitHub, the post explains the complexities of managing permissions and dynamically updating them in real time. It covers how OpenFGA can be used to model these relationships declaratively for ReBAC and briefly introduces ABAC for attribute-driven access control.
- 17
Why low latency is important in authorization
Fast authorization checks are critical for ensuring smooth user experiences across applications. High latency can lead to user frustration, system performance issues, and increased costs. Solutions like Cerbos offer innovative approaches to mitigate latency, including running authorization checks close to the application, utilizing stateless systems, and optimizing policy management. These practices improve scalability and reliability, crucial for sectors like e-commerce, fintech, and streaming services.
- 18
How to Learn Kubernetes (Complete Roadmap & Resources)
Learn about the prerequisites, architecture, setting up a cluster, pods and associated resources, securing a cluster, configuration management, the operator pattern, deploying microservices, online resources, and real-world case studies for Kubernetes.
- 19
Implement authorization and access control in an Express application
Learn how to implement role-based access control (RBAC) in an Express application using Cerbos PDP. This guide covers necessary installations, setting up a project, defining roles and permissions through policy files, and configuring routes to enforce RBAC. The example uses a learning management system to demonstrate the process.
- 20
What is dynamic authorization and why is it important?
Dynamic authorization controls access in real-time, adapting permissions based on context, which is ideal for complex, modern systems like microservices. Unlike static methods, it evaluates factors like user role, location, and device type to ensure secure and flexible access. This approach enhances security, scalability, and regulatory compliance, as seen in industries such as healthcare and finance. Solutions like Cerbos facilitate the implementation and management of dynamic authorization, strengthening overall security and adaptability.
- 21
Access control for RAG and LLMs - live demo
As more businesses adopt Retrieval Augmented Generation (RAG) models to enhance their AI systems, managing access control becomes crucial. The live demo by Alex Olivier illustrated how Cerbos PDP can implement authorization in RAG architectures. Key challenges include unauthorized data exposure and the need for dynamic data access. Cerbos provides context-aware authorization decisions, safeguarding sensitive data and ensuring compliance.
- 22
Just Java·2y
what is Spring Security for real 🤔
Spring Security is a powerful framework for securing Java applications, handling authentication and authorization. It protects against vulnerabilities like CSRF and XSS, offers customizable security policies, and integrates seamlessly with other Spring projects. Features include security context propagation, custom authentication providers, method-level security, and configuring security headers for enhanced protection. A real-world example shows how to secure a RESTful API with role-based access.
- 23
- 24
DEV·2y
Modeling Authorization in Prisma - No Theory, Just Code
This post provides examples of different authorization patterns using Prisma and ZenStack. It covers the Access Control List (ACL), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and multi-tenancy patterns. The examples show how to implement these patterns and highlight the benefits of using ZenStack for declarative authorization rules.
- 25
