jung
Reputation: 37
what is best way for resource authentication in openid connect
i have a web api that transfers files and checks user permissions.
Each user has read permission to the file.
eg.)
user 1 can read file1 and file2
user 2 can read file1 and file3
What's the best way to check user permissions on a file using Openid Connect in web API?
my idea :
- Add the all readable file name to UserClaims and send as Token.
- In Web API, check the permission with the file name included in Userclaims.
Upvotes: 0
Views: 287
Answers (1)
Gary Archer
Reputation: 29301
When you want to authorize dynamically like this, the answer is usually to use a claim in the access token as you suggest. This might represent the owner of the file or some kind of group permission.
You may be dealing with domain specific claims here. This Claims Best Practices article discusses this type of claim and will maybe give you some ideas for your own solution.
Upvotes: 1
Related Questions
- Implementing OpenID along with your own authentication
- OIDC OAuth 2.0 Authentication and Authorization
- How to secure REST API with OpenID Connect
- Cross user interaction in decoupled resource and authentication servers
- OpenID Connect - should the id token be sent to the protected resource in this case?
- Open ID Connect - What token is best to be used for authentication
- OpenID Connect with embedded resources
- OpenID Connect: Resource Owner Password Credentials
- OpenId Connect authentication for UI and service access
- Is this the proper use of OpenID Connect for this use case?