|
|
|
|
|
|
by ogazitt
1582 days ago
|
|
|
Auth0 is a great developer API for authentication, and Aserto picks up where Auth0 leaves off. The "contract" between the authentication system (Auth0) and the authorization system (Aserto) is a signed JWT. You can get away with very simple access control using scopes embedded in a JWT token, but that approach runs out of room pretty quickly [0] With Aserto, you can write authorization rules that are evaluated for every application request, and reason about the user attributes, the operation, and any resource context that is involved in the authorization decision. [0] https://www.aserto.com/blog/oauth2-scopes-are-not-permission... |
|
|