Authorization Series
1 min readAug 31, 2019
This post contains links to all the articles about authorization that I have written.
The word authorization is used to describe several different concepts that are very similar, but distinct. These include:
- Authorization decision for application access: Coarse Grained Authorization
- Authorization decision for application access: Fine Grained Authorization
- Token issuance
- Delegated access (as described in the OAuth2 RFC)
Confusing these concepts can lead to messy architectures, insecure systems, and really confusing conversations.
In the following blog posts, I describe these topics and more.
- What is Authorization?
- OAuth2 Access Token Usage Strategies for Multiple Resources (APIs) Part 1
- OAuth2 Access Token Usage Strategies for Multiple Resources (APIs) Part 2
- OAuth2 Access Token Usage Strategies for Multiple Resources (APIs) Part 3
- Authorization Decision Input Parameters
- An Alternative to Delegated Access in the Enterprise
- Delegation: A General Discussion
- Making Authorization Decisions
- Applications Front-Ends Must Not Make Authorization Decisions
Image: dr.larsbergmann / green pattern
