I am working on an identity and users service in a microservices system for which a passwordless, SMS-based authentication is a hard requirement, i.e.User enters their phone numberSystem sends the ...

I’m trying to clarify the difference between Role-based Access Control, Policy-based Access Control, and Access Control List when designing an authorization system.I have two scenarios:Scenario AI ...

We are designing a backend system for a large platform where users can interact with multiple products on behalf of different companies.We plan to use Keycloak as an external identity provider. The ...

Recently, I’ve found myself designing a microservices system, and I’m currently facing some challenges with authentication and authorization.ContextAll my microservices will be placed behind an API ...

So I just fell in a project where microservices are inside private subnets and therefore aren't reacheable through the internet.There is a balancer that can reach this microservices and this balancer ...

I plan to have a frontend web app written with Next.js using the AuthJS library to provide user authentication using Oauth. This frontend application depends on a backend API. I want to make sure my ...

Let's say a user is authenticated to a website and can access a given page only if authorized to access it specifically, e.g. if the website has only these 2 pageshttps://my-classified-docs.com/page=...

I need to design a system that handles multiple types of resources, each having their own business logic and different types of actions available for those resources. The requirements are a natural ...

Context: I have an API (using DDD) with an entity lets call it "Content" that only can be update by certain users.For example Content with Id = 1, can only be modified by User Id = 1, ...

I'm designing a web application and using Microsoft's out of the box Identity and its default Two-Factor Authentication (with Asp.net core MVC and .NET 8). While setting up and testing the 2FA ...

Hi I have following structure :Client App (layer 1)Business logic Services ( Layer 2)Business Logic layer consists of many microservices . Access token can be created and passed from APP layer to ...

When creating a web application that will allow users to upload images and mark them as private, should those images be protected by authentication and authorization mechanisms against access by other ...

Let's say we want to return a paginated list of document id that a user can view. In DB, we have:doc_iduser_idABCuser_1defuser_1......We use an external authorization service, so we can query ...

Currently my company has 2 applications that use Identity Server for SSO. Not every client we have uses both applications but some do. The part I'm uneasy about is that both apps have a user ...

I’ll try my best to explain, but for the closest context I could think of, imagine that I am building an analytics platform that allows paying users to sign up, place a tracking script on their ...