Skip to main content

Questions tagged [authorization]

Ask Question

Authorization is the process of determining whether a user, program or device is allowed to access a protected resource in a particular way. Authorization is a key theme in computer security practices.

authorization
10,500 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
58 views

I have this bookUpdate() API and run it completely fine. But recently, I've added role to my User and ...
Lê Đức Quang's user avatar
  • 9
Advice
0 votes
1 replies
30 views

I lack experience with system design, and I’m struggling to understand how all the pieces fit together. I’d appreciate some help seeing the “big picture.” I’m building a web application with a ...
David Martínez Gil's user avatar
  • 363
Best practices
1 vote
1 replies
17 views

I’m implementing server-side route gating in a Next.js (v16+) App Router application where a user must complete a required step (e.g. identity verification or compliance flow) before accessing ...
Benjamin Campopiano's user avatar
  • 31
2 votes
1 answer
81 views

I’m building a Next.js application where users must complete a required step (for example, identity verification or a comprehension step) before being allowed to access certain protected routes. The ...
Benjamin Campopiano's user avatar
  • 31
0 votes
1 answer
64 views

A dynamic banner is placed on the page of the published post (the banner is taken from the database). Under an authorized user, it loads normally, but if I go to the URL without authorization, it ...
mogilka's user avatar
  • 143
Best practices
0 votes
0 replies
18 views

I’m building a music streaming platform (like Spotify) as a study project and I’m working on authen/author mechanism. Can I have some advices on what kind of authen/author I should use for the ...
John Smith's user avatar
  • 23
1 vote
1 answer
70 views

I was following the Advent of Agent and was building the multi-agent app with Firecrawl. When I am using this line FIRECRAWL_API_KEY: ...
Sudipta Deb's user avatar
  • 495
0 votes
2 answers
78 views

My goal is to restrict access for authenticated users to the /login and /register routes My Pinia Storage ...
dmytroshved's user avatar
  • 123
0 votes
0 answers
74 views

I am having problems understanding how to get .NET 8.0 session and authorization working together. Most of my controllers are decorated with the Authorize attribute,...
user517406's user avatar
  • 13.8k
Advice
3 votes
1 replies
88 views

I am writing a forum-like API and I want to protect private information from unauthorized users. Depending on the role of client that makes a request to ...
glassyellow0902's user avatar
  • 1
0 votes
1 answer
38 views

I guess the solution is quite easy, but I just dont see the point: We had a kerb auth working, but s'one destroyed it quite a while ago. Now I dont get it working again: kerb authentication works and ...
Synopsis's user avatar
  • 374
0 votes
1 answer
112 views

I am trying to do a POST request to an API endpoint api/auth/assign-role with this data: ...
bibashmanjusubedi's user avatar
  • 1,355
0 votes
0 answers
40 views

I have an application that is in production working with Cloudfront + Appsync with OICD Authorizer. In the Cloudfront configuration for some reason it is adding in the custom headers if API_KEY exists ...
Leonardo Campanha's user avatar
  • 297
-1 votes
1 answer
52 views

Hey i was building a DeviceService to know Connected Devices to an account after i builded every thing now i got issue with revoking device Main Confusion : that i decided to use IMemoryCache to ...
Braa gamer's user avatar
  • 1
Best practices
5 votes
2 replies
195 views

I’ve been working on an issue in our Spring Boot application for some time now: authorization. Because we have a more complex permission model — permissions depend not only on roles, but also on user-...
0xRelu's user avatar
  • 25
1 vote
0 answers
56 views

I have an ASP.NET Core Web API that accepts tokens from two JWT sources. I want to define an authorization policy that will accept a token from the first source if and only if it has a particular ...
jason44107's user avatar
  • 493
1 vote
1 answer
147 views

I am using django-ninja and django-ninja-extra for an api. Currently I have some Schema like so ...
sea's user avatar
  • 77
0 votes
0 answers
57 views

we want to migrate our LDAP users to SSO from our #synapse #matrix server and we have already many users, which are using Microsoft SSO Login. Matrix Synapse uses Authlib and there is a table (...
Denny Fuchs's user avatar
  • 1
3 votes
0 answers
140 views

I implemented a few lazy sort & merge functions that are used heavily in my ReBAC authorization library, EACL, to lazily "merge" & deduplicate ~1M datoms emitted from Datomic's ...
Petrus Theron's user avatar
  • 29.1k
0 votes
1 answer
128 views

I am looking for​ guidance on how to configure authorization token management with automatic routing enabled in the Viewer SDK. Our application sets up token refreshing using the ...
Anthony's user avatar
  • 1
1 vote
0 answers
72 views

I'm working with Keycloak and trying to fetch all permission details for a client, including the associated resources, policies, and scopes. So far, the only API I found is the following: ...
J_Max's user avatar
  • 45
0 votes
0 answers
50 views

I have an enum with permission values: ...
Adam A's user avatar
  • 30.8k
0 votes
1 answer
77 views

I am implementing 2 Factor Authentication TOTP (Time-based One-Time Password) for a login page. After enter id and password, it will go to TOTP checking. It can only get the first code and won't ...
Matthew's user avatar
  • 15
0 votes
1 answer
103 views

I’m trying to build my own Spring Authorization Server (for learning purposes and possibly to use across multiple projects in the future). I’m already familiar with Spring Security and resource server ...
Gaurav Kumar's user avatar
  • 65
0 votes
1 answer
345 views

I’m building a multi-tenant SaaS application with Django Ninja as the backend and Next.js as the frontend. I’m running into a problem around handling RBAC permissions and org-level feature ...
Tejas's user avatar
  • 37
0 votes
2 answers
362 views

For my Django projects, I am used to creating a custom user model and managing what my user can do for a specific route using a roles field like this: ...
Fazle Rabbi Faiyaz's user avatar
  • 1
1 vote
1 answer
71 views

I have a spring application, where users can have various authorities and where some of those authorities can be scoped. For example, the READ_ALLOWED authority is ...
elcye's user avatar
  • 413
0 votes
0 answers
77 views

Good morning, I have a question regarding the use of Flex Gateway in MuleSoft. I would like to know if it's possible to configure, at the level of an experience API published on Flex Gateway, a way to ...
claudia2014's user avatar
  • 1
1 vote
0 answers
92 views

I'm building an authorization/access control system in a Python application that uses PyMongo to access MongoDB. I need to dynamically decide—at runtime and for arbitrary query shapes—whether a given ...
GuyEternal's user avatar
  • 17
0 votes
2 answers
318 views

I’m working on a Next.js 14 app with the App Router and next-auth@5. I followed the official Next.js Learn guide on authentication, except I replaced ...
Noctyris's user avatar
  • 3
-1 votes
1 answer
140 views

I'm building a Blazor web app using .NET 9 and targeting interactive client render mode (InteractiveWebAssembly) and authenticating with Entra ID (and using Entra ...
Dennis Jones's user avatar
  • 213
0 votes
1 answer
127 views

We have a Blazor Server app that requires authorization on all its components (internal business app): ...
micka190's user avatar
  • 1,013
0 votes
1 answer
51 views

In certain Identity Providers (IDPs), users can change their email addresses. Therefore, relying on email addresses for user identification on the Service Provider (SP) side is not feasible. When ...
Fuyda's user avatar
  • 1
0 votes
0 answers
285 views

In my Next.js application, I have these roles: manager technician front-desk ...
Assad Rajab's user avatar
  • 141
1 vote
1 answer
88 views

I'm implementing Google OAuth2 for my Django REST API with a React frontend. The basic flow is set up correctly. I have routes for: ...
kryx's user avatar
  • 108
0 votes
0 answers
71 views

I am currently browsing official repository of OpenSearch Dashboards and documentation for a while. I am developing my OpenSearch Dashboards plugin. My plugin does have built-in Node.js server, that ...
Some_ Person's user avatar
  • 92
0 votes
0 answers
51 views

I am working on a MinIO cluster that receives around 20k RPS. I am using a custom authorization service, which is essentially a proxy, that contains all the authorisation logic. If a request is marked ...
jahnestacado's user avatar
  • 603
0 votes
0 answers
91 views

I am trying to implement permify authorisation in my spring boot application. I want to know how can I upload schema to permify database inorder to create relationships. Can someone provide the ...
Sooraj Sureshkumar's user avatar
  • 1
0 votes
0 answers
37 views

I am trying to send an FCM message through my .net API. I was originally trying to use FirebaseAdmin sdk, but was unsuccessful. I have been able to get it to work using a POST request. However, I am ...
Robert Smith's user avatar
  • 13
0 votes
0 answers
74 views

I'm developing a .NET Core Identity API using the following setup: ...
enes durmuş's user avatar
  • 77
0 votes
0 answers
172 views

I'm experiencing a persistent issue with Google Apps Script in Google Sheets on my primary Google account. Whenever I try to run any Apps Script, including a very basic "Hello World" type ...
קובי י's user avatar
  • 9
0 votes
0 answers
27 views

On this page - https://developer.android.com/identity/authorization For authentication, we recommend using the Credential Manager API. For authorizing actions that need access to user data stored by ...
nightlytrails's user avatar
  • 2,742
0 votes
0 answers
44 views

The goal of my API is to allow a batch PATCH of asset statuses in ACC. When I run my code, I am getting error code 403 which is "The request was not accepted because the client is authenticated, ...
Ben Drill's user avatar
  • 1
0 votes
1 answer
82 views

There is a website where I need to log in requests with authorization are sent to https://auth.dikidi.ru/ajax/check/auth/ This is my code: ...
SY DIE's user avatar
  • 3
1 vote
1 answer
124 views

I have written an apps script connected to my google spreadsheet to export it to a JSON file. The data is need in an android application that I am building and access via the Web App "/exec" ...
dennisklad's user avatar
  • 139
2 votes
1 answer
68 views

The pundit documentation suggests that when using namespaced policies for something like Admin views, it can be useful to override the authorize helper in your AdminController to automatically apply ...
KenB's user avatar
  • 6,807
1 vote
2 answers
710 views

I'm currently working on a blazor webassembly app, to which users get to authenticate themself using Microsoft Entra ID. This all works fine and dandy, but I'm trying to optimise the experience. ...
Kiiiieeeeuuuw's user avatar
  • 141
0 votes
2 answers
69 views

In a typical React web app, after a successful login via JWT, I often store user details like firstName, lastName, ...
Dennis Otwoma's user avatar
  • 70
0 votes
1 answer
790 views

I'm working on a Strapi v5 server and have set up the following tables: Referrant – has many Agents. Agent – has many Referrants. ReferrantToAgent – a conjunction table to handle the many-to-many ...
Itay Tur's user avatar
  • 1,962
0 votes
0 answers
69 views

I have a docker-compose setup with Keycloak (v.25), postgres and nginx. Nginx is a proxy-server. The setup works fine for the admin; but for the authorization, I can't get the login screen to redirect ...
amelongo's user avatar
  • 123

1
2 3 4 5
210