Designing Authentication and Authorization
Designing a high-quality authentication and authorization system without frustrating the end user is a difficult problem to solve. Authentication is the act of verifying the identity of a user, and authorization specifies the privileges that a user must have to access a resource. Both processes, auth for short, must seamlessly work in tandem to address users’ needs with varying roles, needs, and job functions.
On today’s web, users have a high baseline level of expectations from any auth system they encounter through the browser, so this is an important part of your application to get right the first time. The user should always know what they can and can’t do in your application. If there are errors, failures, or mistakes, the user should be informed about why they occurred. As your application grows, it will be easy to miss how an error condition could be triggered. Your implementation should be easy to extend or...