Authorization is easy now (Microservices, Next.js, Cerbos)

ByteGrad26 minutes read

Authentication identifies users, while authorization determines permissions; roles like basic users and managers in an expense app dictate access. Centralizing authorization logic with Seros Hub helps avoid errors, while custom hooks ensure UI aligns with user permissions accurately.

Insights

  • Authentication identifies users, while authorization determines their access levels; in an expense management app, user roles like standard and manager dictate permissions, with frontend UI changes reflecting these roles.
  • Centralizing authorization logic with tools like Seros streamlines decision-making, enabling easy updates through GitHub and consistent enforcement of business rules, ensuring secure and error-free access control across services and UI components.

Get key ideas from YouTube videos. It’s free

Recent questions

  • What is the difference between authentication and authorization?

    Authentication is the process of identifying a user, confirming their identity, and ensuring they are who they claim to be. On the other hand, authorization focuses on determining what actions a user is allowed to perform and what resources they can access based on their identity and permissions. While authentication verifies the user's identity, authorization controls the user's level of access within a system or application.

  • How does authorization work in an expense management app?

    In an expense management app, different user roles such as basic standard users and managers are assigned specific access rights and permissions. Authorization in this context involves determining which actions each user role can perform, such as viewing, editing, or approving expenses. For example, managers may have the authorization to approve expenses, while standard users may only be able to submit expense reports for review.

  • What are some common frontend UI changes related to authorization?

    Authorization in frontend UI often involves displaying or hiding certain elements based on a user's permissions. For example, in an expense management app, managers may see an "approve" button next to each expense report, while standard users do not have access to this feature. These frontend UI changes help ensure that users only see and interact with elements that are relevant to their specific roles and permissions.

  • How can authorization logic be centralized to avoid duplication?

    To avoid duplication and maintain consistency in authorization logic, organizations can use solutions like Seros, an open-source tool that centralizes authorization rules. By centralizing authorization logic, organizations can define and manage access control policies in a single location, reducing the risk of errors and ensuring that all services and applications adhere to the same authorization rules.

  • How can changes in business requirements be easily implemented in authorization logic?

    Changes in business requirements can be easily implemented in authorization logic by centralizing the authorization rules in a policy file. By storing business logic and access control policies in a centralized location, such as a policy decision point like Seros Hub, organizations can quickly update and push changes to GitHub. This ensures that all services and applications using the authorization logic automatically reflect the updated business requirements, making it easy to maintain and adapt the authorization system as needed.

Related videos

Summary

00:00

"User Authentication and Authorization in Expense Management"

  • Authentication is about identifying the user, while authorization focuses on the user's permissions and access levels.
  • In an expense management app, different user roles like basic standard user and manager determine access rights.
  • Authorization involves frontend UI changes like displaying an "approve" button for managers.
  • Backend API routes, like GET and PUT, handle actions such as updating expenses.
  • Identity providers like Next.js or Okta verify user login status before proceeding with actions.
  • Authorization checks, like verifying user roles and department alignment, ensure only authorized actions are taken.
  • Business logic dictates specific rules, like managers only approving expenses up to $500.
  • Hardcoding authorization logic in multiple services can lead to errors and security risks.
  • Seros, an open-source solution, centralizes authorization logic to avoid duplication and maintain consistency.
  • Seros Hub offers a dashboard for creating and managing policy files with detailed business logic for authorization decisions.

12:32

"Deploy Docker for Policy Decision Point"

  • To deploy a decision point, a simple Docker container command is used, requiring the actual Secrets to be replaced with workspace secret, client ID, and secret.
  • Docker is installed from the desktop, making it easy to start. The Docker desktop app is opened, and the command is run in the terminal to start the seros policy decision point.
  • The policy decision point takes the policy file, makes decisions, and runs through a cicd pipeline, stopping if there are issues or passing decisions if all is well.
  • The app needs to be connected to the decision point to pass information. A separate file called seros server is created to connect with seros using a package from npm over grpc.
  • Logic for both put and get routes is added, using seros for decision-making. The decision is logged and displayed based on the policy file.
  • Changes in business requirements are centralized in the policy file, making updates easy by pushing changes to GitHub, which automatically updates the policy decision point.
  • The same policy file and business logic can be used on the front end with seros Hub creating a web assembly module for authorization logic, allowing for UI changes based on permissions.
  • A custom hook for seros is created on the front end to handle authorization decisions, ensuring the UI reflects the user's permissions accurately.
Channel avatarChannel avatarChannel avatarChannel avatarChannel avatar

Try it yourself — It’s free.