In my previous article, I've exposed user identification solutions, and how we can make it simple and clean. In this article, I'm just going to talk briefly about the next step after a successful authentication, which is called :
To summarize, user authentication is the process to check and retrieve the user object based on its credentials, as shown below:
++++++++++++++++++ + + Credentials ---> + Authentication + ---> User? + + ++++++++++++++++++
But, what should happen after a user has been successfully identified ?
In most cases, we have to check the user's ability to access the resource and reject the incoming request, with a
403 Forbidden error, if not authorized.
I don't have yet a clear vision about the implementation, but it will follow the same philosophy as authentication, where the
boolean result indicates whether or not the the user is granted:
+++++++++++++++++ + + User ---> + Authorization + ---> boolean + + +++++++++++++++++
I'm open to any suggestion, idea or article, on how to make the implementation as clean as possible. So, don't hesitate to share it in comments.