· Nov 3, 2017

define access rights on authorization server

Hi, team

i configure my authorization server and client and i want define access rights  for different users , how can i do it?

knowing that  we have our own database with different users ID and access privilege ?

is there any one who can help us? thank's

Discussion (1)0
Log in or sign up to continue

There is no simple answer.  There are a number of choices depending on how you handle users and your security concerns.

First let me point you to the documentation at http://localhost:57774/csp/docbook/DocBook.UI.Page.cls?KEY=GOAUTH

I'll mention two approaches:

1. In the authorization server authentication callback routine, you can setup a property which will later be included in the JWT which acts as the access token.  This property would specify the access rights.  In this case, the JWT must be signed.

2. On the client machine Cache security roles may be associated with the users which control their access rights.  Then ZAUTHENTICATE may be used to log in the appropriate user based on the user associated with the access token.

Their are lots of possible variation here.  I suggest a read of the documentation and some experimentation.  At that point if all is not clear, a call to support to talk through the options in your specific situation would be the next step.