'How to implement project based authorization for different application
We are using auth0 for authentication and also for simple authorization. We would like to extend our permission system to allow us to assign certain rights for different applications per project.
| User | Project | Permission |
|---|---|---|
| auth0-001 | 000001 | application1:x:read, application1:y:create, application2:x:read |
| auth0-001 | 000002 | application1:x:read |
| auth0-002 | 000003 | application1:x:read, application2:y:create |
I don't see any chance to map something like this in auth0. If I add every project-permission, the JWT is way too large. Our alternatives are to distribute the information asynchronously via pub/sub. But then every service needs to consume these topics.
Do you know software or have an idea how you could implement something like that?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|