DEV Community

Abdessamad MOUHASSINE
Abdessamad MOUHASSINE

Posted on • Updated on

From Scratch : User Authentication (Part 2)

In my previous article, I've exposed user identification solutions, and how we can make it simple and clean. In this article, I'm just going to talk briefly about the next step after a successful authentication, which is called : User authorization.

To summarize, user authentication is the process to check and retrieve the user object based on its credentials, as shown below:

                      ++++++++++++++++++
                      +                +
    Credentials --->  + Authentication +  ---> User?
                      +                +
                      ++++++++++++++++++

But, what should happen after a user has been successfully identified ?

In most cases, we have to check the user's ability to access the resource and reject the incoming request, with a 403 Forbidden error, if not authorized.

I don't have yet a clear vision about the implementation, but it will follow the same philosophy as authentication, where the boolean result indicates whether or not the the user is granted:

               +++++++++++++++++
               +               +
    User --->  + Authorization +  ---> boolean
               +               +
               +++++++++++++++++

I'm open to any suggestion, idea or article, on how to make the implementation as clean as possible. So, don't hesitate to share it in comments.

Thanks.

Top comments (0)