Skip to content
~/sph.sh

authorization

12 posts

AWS Cognito + Verified Permissions for SaaS Authorization4/4

A deep dive into building SaaS authorization with AWS Cognito and Verified Permissions. Covers Cedar policy language, multi-tenant patterns, JWT token flow, cost analysis, and common mistakes with TypeScript examples.

authorizationawscognito+4
External Authorization Management Systems: Choosing the Right Platform for Your Architecture3/4

A vendor-neutral evaluation of external authorization platforms including AWS Verified Permissions, SpiceDB, OpenFGA, Cerbos, and OPA. Covers architecture patterns, cost analysis, and a decision framework for engineering teams.

authorizationsecurityarchitecture+5
Cedar vs Rego vs OpenFGA: Policy Language Comparison2/4

A deep technical comparison of Cedar, Rego, OpenFGA DSL, and Cerbos YAML/CEL policy languages. Covers syntax, performance benchmarks, formal verification, tooling, and integration patterns with TypeScript examples for each language.

authorizationsecurityarchitecture+3
SpiceDB vs Auth0 FGA: Relationship-Based Authorization Compared1/4

A deep technical comparison of SpiceDB and Auth0 FGA (OpenFGA) -- two Zanzibar-inspired authorization systems with different trade-offs in schema design, consistency models, deployment, and scalability.

authorizationsecurityarchitecture+3
Centralizing Authorization with a Service Layer6/6

Refactor scattered permission checks into a centralized service layer, add Next.js middleware guards, and build a defense-in-depth authorization architecture.

typescriptnextjsauthorization+2
Role-Based Access Control: Type-Safe RBAC in TypeScript5/6

Build a type-safe RBAC system with TypeScript, create a unified can() function, synchronize permissions across UI and backend, and understand when RBAC reaches its limits.

typescriptnextjsauthorization+3
Attribute-Based Access Control: Building a Policy Engine4/6

Build an ABAC policy engine in TypeScript with the builder pattern, conditional permissions, and type-safe policy evaluation that replaces RBAC's limitations.

typescriptnextjsauthorization+3
Advanced ABAC: Field-Level Permissions and DB Integration3/6

Extend ABAC with environment-based rules, field-level read and write permissions, and automatic database query filtering that eliminates duplicate permission logic.

typescriptnextjsauthorization+3
Multi-Tenancy, Permission Libraries, and Architectural Decisions2/6

Add multi-tenant isolation to your permission system, evaluate CASL as a library alternative, and use decision frameworks to choose the right authorization architecture.

typescriptnextjsauthorization+5
Authorization Fundamentals and Why Permissions Break1/6

Authentication vs authorization, common permission pitfalls, the fail-closed principle, and the goals every permission system should meet.

typescriptnextjsauthorization+2
Authentication & Authorization Strategies by Business Domain: When Banking Security Meets Social Media Chaos

Working with authentication systems across various industries has revealed that one-size-fits-all authentication is a myth. Each business domain has unique requirements that dramatically shape your auth architecture choices.

authenticationauthorizationsecurity+8
Migrating from Serverless Framework to AWS CDK: Part 5 - Authentication, Authorization, and IAM1/1

Implement robust authentication with Cognito, API Gateway authorizers, and fine-grained IAM policies when migrating from Serverless Framework to AWS CDK.

authorizationaws-cdkcognito+3