Wednesday, 31 January 2018

Diving Deeper in Nodejs: Authorization (not Authentication)

Ok, I'm in the process of refining my knowledge of the node.js world. I have learned about express.js, routing, db connections (i'm using postgreSQL), knex.js, migrations, seeding, objection.js etc. I have learned about authentication and implemented an authentication system using passport.js and bcrypto (using hashing and salting).Now I am at the point where I want to add authorization to my app, and I am hitting a wall since I cannot find a very good package out there that simply lets me add it.In particular, I have found something that allows me to perform role-based authorization, but I want to be able to have something more refined. Role-based authorization is ok when we need to give a set of users the permission to do some common things. For instance, we could have admins that are able to see everyone's information, or users that are able to post comments. BUT often times, this is not enough.What I am looking for is a resource-based authorization system, where a user have permission to work on a specific resource but not on others. For instance, the creator of a post can be the only one to edit it. Other users must not be permitted.What are best practices and best packages to perform this? Is there any good tutorial on this?

Submitted January 31, 2018 at 09:02AM by honestserpent

No comments:

Post a Comment