Answer the question
In order to leave comments, you need to log in
How to pass permissions for API?
Hey!
Building an API. We write in Symfony. Symphony voter. OAuth2 On the server, each service has its own logic implemented with access rights. The server throws a 403 error if access to the action is denied. However, the frontend developer still asks to display permissions for the user. So that on one request it was possible to obtain the permissions of a particular resource and display certain buttons, links, blocks on the page ..... He sees it like this:
api/article/1234/permission
Tell people who know how to issue permissions correctly? When authorizing, it is not very convenient to transfer all permissions. Because they are subject to change. I would like to hear your competent answer on the implementation of such a task. Thanks to!
Answer the question
In order to leave comments, you need to log in
Offhand:
1. Learn about Hypermedia (HAL, HATEOAS) - Glory of rest . There are few implementations, but my team and I did it and it’s very cool when it works
2. JWT has Scope
3. Rummage around what is there in the OpenID / OAuth2 protocols for this (I remember it was, but I don’t want to go so deep)
An extra endpoint is obviously wild
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question