Authorization scopes
#7938
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
Hi guys, we are evaluating Hasura for a user content based platform. To avoid double implementations of access control in Hasura and our react app, we would like to implement a scope based authorization. For example: User Y is author of post X and gets access to delete and view the post through the scopes [post_edit, post_view]. User C who isn't the author gets access to view the post through the scopes [post_view]. With a scope based access control we could simply check for the given scope on the requested post in the frontend app, otherwise we need to check whether the user is the author or not in Hasura and our frontend app.
Do you have any ideas how to implement a scope based authorization or any other implementations to avoid double implementation of access control logic in frontend and Hasura?
Beta Was this translation helpful? Give feedback.
All reactions