OAuth 2.0 Scopes Nedir
Açıklaması şöyle. Resource Server üzerinde farklı scope'lar için farklı endpoint'ler bulunabilir.
Açıklaması şöyle. Resource Server üzerinde farklı scope'lar için farklı endpoint'ler bulunabilir.
OAuth 2.0 scopes is a feature that lets users decide if the application will be authorized to make something restricted. For example, you could have “read” and “write” scopes. If an application needs the write scope, it should ask the user this specific scope.Role İçin Scope - Kullanmayın
Açıklaması şöyle
The very first authorization pattern developers implement involves differentiating “normal users” and “admins.” It’s very easy to create an OAuth2 scope to represent the “admin” permission. When a user that is determined to be an admin that logs in, developers rely on the authentication system to place this admin scope into the JSON Web Token (JWT) that is minted for that user. Every call to a protected resource checks the JWT for this “admin” scope, and life appears to be good. Except life is rarely that simple and any serious application quickly runs into four problems.
Bunun sebeplerinden birisi şöyle
Applications grow to have many types of resources, and each of these resources (documents, reports, projects, repositories) support a few different operations (create, read, update, delete, list). A fine-grained permission system often creates a cartesian product of these resource/operation tuples, resulting in dozens (or hundreds) of scopes. Injecting all of these scopes into a JWT isn’t possible, since the HTTP authorization header will eventually exceed size limits.
Hiç yorum yok:
Yorum Gönder