Question: Since checking the scope is not enough (as it isn't a subset of the user's privileges), what is the most efficient way to access/validate the user's privileges? Amazing content by the way! This is the clearest explanation I've seen around this topic for years.
👋Okta Dev Advocate here. Thank you so much for the feedback. To answer your question - How you perform these checks honestly depends on how you intend to use the user’s permissions in an application. If you do use Auth0 you can add permissions to your access tokens, and check these in your APIs or backend. We also have some code samples that demonstrate this on the Auth0 Developer Center. Hope this helps! Happy to talk offline if it that would be useful.
Thanks,@@coreylweathers ! You can explore one approach to run these checks using the Auth0 Developer Center Resources: developer.auth0.com/resources/code-samples/api Check out the ones for “Role-Based Access Control”.
Why in every IT company we have some philosophers who decide what is Privildge, Permission, Scope etc? Why we cannot have common understanding of the same things?
![The relationship between URLs, URIs, and URNs [The Confused Developer]](http://i.ytimg.com/vi/iUzyy8CnPVY/mqdefault.jpg)
![The relationship between URLs, URIs, and URNs [The Confused Developer]](/img/tr.png)
What an amazing video! The pacing, the voice, the soft background music, the clear animations, they are absolutely perfect! Instantly subscribed!
Glad you enjoyed it! Thanks for your kind feedback.
Question: Since checking the scope is not enough (as it isn't a subset of the user's privileges), what is the most efficient way to access/validate the user's privileges?
Amazing content by the way! This is the clearest explanation I've seen around this topic for years.
👋Okta Dev Advocate here. Thank you so much for the feedback. To answer your question - How you perform these checks honestly depends on how you intend to use the user’s permissions in an application. If you do use Auth0 you can add permissions to your access tokens, and check these in your APIs or backend. We also have some code samples that demonstrate this on the Auth0 Developer Center. Hope this helps! Happy to talk offline if it that would be useful.
Thanks,@@coreylweathers ! You can explore one approach to run these checks using the Auth0 Developer Center Resources: developer.auth0.com/resources/code-samples/api Check out the ones for “Role-Based Access Control”.
This is a very useful, clear and succinct overview :)
What an amazing video, thanks for that.
Thanks for the feedback! We're glad to hear you found it helpful.
Why in every IT company we have some philosophers who decide what is Privildge, Permission, Scope etc? Why we cannot have common understanding of the same things?
Very helpful. Thank you.
This video was extremely useful!
Great to hear! Thanks for the feedback
Excellent