Authorization
Authorization
Authorization with OAuth2
Simple guide
Roles
Third party client app: it needs to access users' protected resource
Resource server: a web server which expose users' protected resource to outside users
Authorization server: issue access token to client app after resource owner grant the permission
Resource owner: the owner of a resource who wants to share it with third party apps.
OAuth 2 modes
Good reference: Ruanyifeng overview - http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
Choose between OAuth modes:
Role-based Access Control (RBAC)
Policy-based access control (PBAC)
Last updated