Understanding the concepts of access control [The Confused Developer]
Рет қаралды 12,107
Күн бұрынPermissions, privileges, and scopes in the context of authorization, access control, and delegated authorization - what's the difference? Understanding the basics will help you better communicate a system's needs, and design solutions that minimize bad surprises.
Access control is a complex thing. It involves users, resources, and applications, and you have to set it up properly to prevent bad surprises. However, setting up access control is not just a matter of writing code or configuring a system. It includes (or better, it relies on) understanding a few basic concepts. Things can get even more complicated when delegated authorization comes into the picture, such as when using OAuth. In this video Ben breaks down the differences between permissions, privileges, and scopes and details their relationship to one another.
Read the accompanying blog post to this video, which includes an illustration that summarizes the content: auth0.com/blog/permissions-pr...
Read the article on the nature of scopes: auth0.com/blog/on-the-nature-...
Chapters:
0:00 Welcome
00:23 Overview
01:03 What is Access Control?
01:41 What are Permissions?
02:54 What are Privileges?
03:53 An analogy of Access Control
04:49 An analogy of Delegated Authorization
05:50 How these analogies align to computer systems
06:45 How Scopes make Delegated Authorization possible
09:36 Common Myth 1: Scopes are not Privileges
10:54 Common Myth 2: Permissions and Scopes have a natural mapping
11:39 Common Myth 3: Privileges and Scopes have a natural mapping
12:27 Summary
___________________________________________
Learn with Auth0 by Okta
Try for free - a0.to/auth0
The Auth0 by Okta blog - a0.to/blog
Ask questions on the Community Forum - a0.to/community ___________________________________________
Follow Us on Social
Twitter - / oktadev
LinkedIn - / oktadev
@saylorsedell2380 Жыл бұрын
What an amazing video! The pacing, the voice, the soft background music, the clear animations, they are absolutely perfect! Instantly subscribed!
@OktaDev Жыл бұрын
Glad you enjoyed it! Thanks for your kind feedback.
@jamstawildman Жыл бұрын
This is a very useful, clear and succinct overview :)
@LawrenceKersten 7 ай бұрын
Very helpful. Thank you.
@vasylvoina6663 Ай бұрын
Why in every IT company we have some philosophers who decide what is Privildge, Permission, Scope etc? Why we cannot have common understanding of the same things?
@user-fd3yr5eo4g 8 ай бұрын
What an amazing video, thanks for that.
@OktaDev 8 ай бұрын
Thanks for the feedback! We're glad to hear you found it helpful.
@amerjabar7825 9 ай бұрын
This video was extremely useful!
@OktaDev 9 ай бұрын
Great to hear! Thanks for the feedback
@louie7847 Жыл бұрын
Question: Since checking the scope is not enough (as it isn't a subset of the user's privileges), what is the most efficient way to access/validate the user's privileges? Amazing content by the way! This is the clearest explanation I've seen around this topic for years.
@coreylweathers Жыл бұрын
👋Okta Dev Advocate here. Thank you so much for the feedback. To answer your question - How you perform these checks honestly depends on how you intend to use the user’s permissions in an application. If you do use Auth0 you can add permissions to your access tokens, and check these in your APIs or backend. We also have some code samples that demonstrate this on the Auth0 Developer Center. Hope this helps! Happy to talk offline if it that would be useful.
@OktaDev Жыл бұрын
Thanks,@@coreylweathers ! You can explore one approach to run these checks using the Auth0 Developer Center Resources: developer.auth0.com/resources/code-samples/api Check out the ones for “Role-Based Access Control”.
@rodneydias9586 7 ай бұрын
Excellent
Marusya Outdoors
Рет қаралды 63 МЛН
footballfixed-modsweb
Рет қаралды 160
NDC Conferences
Рет қаралды 1,5 М.
Nordic APIs
Рет қаралды 6 М.
Nir Gaming
Рет қаралды 2,9 МЛН