At my work, I have a task to search and find solutions to implement the ABAC authorization in our microservices organized in a monorepo. We have some products a
I have an application behind an SAML Service Provider. That means, the SP does authentication for me and I get user data in HTTP request headers (like SP_USER_N
We are switching to new Java 17 and new WildFly 26. Using older Java, we had a custom login module class which extended org.jboss.security.auth.spi.DatabaseServ
I have a Google apps script project which I use as a web application to save some data gathered from a web page (JavaScript only) to My Google sheets (think of
I have an MSAL app that creates authentication tokens for accessing various Microsoft APIs. I provide the app specific scopes, and it creates a corresponding au
I have admin pages in Next js that only authorized users should have access to. I have a cookie verification service: import { NextApiRequest } from 'next' impo
So I have a simple flask app. Logging in creates a token: token = jwt.encode({'user': token_data}, app.config['SECRET_KEY']).decode('utf-8') The middleware loo
I read the article from link and understand there are 3 ways to define abilities. But I have no clue to combine them together. For example, In the three struct
I am trying to properly implement Authorization Code flow for a 3rd party REST api for my users to use. However, I am not sure if I am doing it correctly with t
It is supposed to get all the guilds a user is joined in. It gets the bearer auth right, but it always errors with code 401. When using a external API (https://
I am currently working with a group of applications that are running on two separate, but equivalent, environments (Referred to as ENV1 and ENV2). I have been u
I'm having a problem getting a user to be authorized. I'm making a web Api and in the controller where the login method is, it creates a token (JWT Token / Bear
In the web application I'm currently working on there is a requirement for all users to be authenticated. This is currently handled by using an AuthorizeFilter.
Having a few minor issues with role based authorization with dotnet core 2.2.3 and Keycloak 4.5.0. In Keycloak, I've defined a role of 'tester' and a client rol
I am using this GitHub's API to generate an access token for the user (mobile app), using this tutorial: https://developer.github.com/apps/building-oauth-apps/
I would like to know whether there is any security benefit to using OAuth2 for authorization where all clients are developed, owned and controlled by the API de
I would like to know whether there is any security benefit to using OAuth2 for authorization where all clients are developed, owned and controlled by the API de
In my spring boot Application i have a scheduler which calls an API to generate token which expires in 15 min. Time of scheduler is also 15 min. please find bel
I'm looking to create a property that will track the user's notification authorization setting for the application. (The ultimate goal here is to alert the user
Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1. [Authorize(Policy = "Limited,Full")] public class FooBarControll