Best of AuthorizationDecember 2025

  1. 1
    Article
    Avatar of portkeyportkey·21w

    Understanding MCP Authorization

    MCP (Model Context Protocol) requires authorization controls as it moves from local experimentation to production deployments. The protocol enables AI models to interact with external tools and APIs dynamically, but without authorization, every connected client can access all exposed tools. Authorization in MCP works through server-side enforcement at request time, not connection time, using patterns like token-based authorization, scoped capability access, and role-based policies. Best practices include applying least privilege, using short-lived scoped tokens, authorizing every tool call individually, and making all access auditable. Strong authorization boundaries are essential for safely deploying MCP in shared environments and production systems.

  2. 2
    Article
    Avatar of nordicapisNordic APIs·20w

    AuthZEN: A New Standard for Fine-Grained Authorization

    AuthZEN is a new OpenID Foundation specification that standardizes fine-grained authorization through a JSON-based decision API. It decouples policy enforcement points from policy decision points, allowing organizations to use any authorization model (RBAC, ABAC, ReBAC, etc.) behind a consistent interface. This approach reduces vendor lock-in, enables dynamic context-aware decisions for zero-trust architectures, and simplifies authorization across microservices, API gateways, and data systems. AuthZEN aims to bring the same level of standardization to authorization that OAuth and OpenID Connect brought to authentication.

  3. 3
    Article
    Avatar of auth0Auth0·23w

    Next.js 16: What’s New for Authentication and Authorization

    Next.js 16 introduces three key changes for security: renaming middleware.ts to proxy.ts to clarify its role as lightweight routing logic, making components dynamic by default with opt-in caching to prevent accidental data leaks, and adding the updateTag() API for immediate cache invalidation after permission changes. These updates establish clearer boundaries between edge-layer traffic control and downstream authentication logic, reduce risks of serving stale authorized content, and ensure permission changes take effect instantly through read-your-writes semantics.

  4. 4
    Article
    Avatar of microservicesioMicroservices.io·22w

    Authentication and authorization in a microservice architecture - Part 5 - implementing complex authorization using Oso Cloud

    Authorization in microservices becomes complex when decisions require data from multiple services. Authorization-as-a-service platforms like Oso Cloud solve this by centralizing policy logic written in declarative languages (Polar) and evaluating authorization decisions via API calls. Services populate Oso with facts about roles and relationships through events (CQRS pattern), then delegate authorization checks instead of implementing complex conditional logic and database joins. This approach supports RBAC, ReBAC, and ABAC while reducing per-service implementation burden. The article demonstrates Oso integration in a security system application, showing how policies express role inheritance across resource relationships and how unification evaluates permission queries.

See all Authorization archives