In my previous article, I've exposed user identification solutions, and how we can make it simple and clean. In this article, I'm just going to talk briefly about the next step after a successful authentication, which is called : User authorization
.
To summarize, user authentication is the process to check and retrieve the user object based on its credentials, as shown below:
++++++++++++++++++
+ +
Credentials ---> + Authentication + ---> User?
+ +
++++++++++++++++++
But, what should happen after a user has been successfully identified ?
In most cases, we have to check the user's ability to access the resource and reject the incoming request, with a 403 Forbidden
error, if not authorized.
I don't have yet a clear vision about the implementation, but it will follow the same philosophy as authentication, where the boolean
result indicates whether or not the the user is granted:
+++++++++++++++++
+ +
User ---> + Authorization + ---> boolean
+ +
+++++++++++++++++
I'm open to any suggestion, idea or article, on how to make the implementation as clean as possible. So, don't hesitate to share it in comments.
Thanks.
Top comments (0)