Authentication and Authorization
Control of user access to an app scope, and to the resources used by the app scope, can be divided into two separate but related processes:
- Authentication determines a user's identity by a principal / secret pair, which often corresponds to a username / password combination.
- Authorization checks permissions for a user's role, based on the user's authenticated identity, and determines whether to allow the user access to a resource. A resource is an endpoint whose access is controlled by an app scope.
As part of building a client app or deploying app scopes on the Akula Server, you must consider authentication and authorization issues at design time. For example, will your client app support different types of users with different types of access? In that scenario, some users could have read-only access to a data source while others have read/write access. You have to make sure that your client app, and the app scope, are implemented correctly to handle different user types.
This section contains the following documents: