Dominick Baier is an independent consultant specializing in identity & access control. He helps companies around the world designing & implementing authentication and authorization for their distributed web and native applications. He’s the co-author of the popular OpenID Connect & OAuth 2.0 framework called IdentityServer, has written a couple of books, blogs at https://leastprivilege.com and tweets as @leastprivilege.
Modern applications are multi-client/platform distributed applications powered by (micro) services. Once you have solved the identity problem, you will inevitably deal with the question “what is this user allowed to do?”.
It is very tempting to blur the lines between identity, authorization and business logic – but this will lead to problems down the line. As part of our work for PolicyServer (https://policyserver.io) we have developed a reference architecture that brings together OpenID Connect, OAuth 2.0, tokens and claims in a healthy way that allows for future growth and separation of concerns. Learn how!