https://supertokens.com/ logo
authorization check
h

hamzatrq

04/07/2023, 5:32 AM
Hello everyone. I just started building an application with super tokens and Nestjs. Authentication documentation is awesome. But is there a way to implement authorization to check if user can only update his own data?
r

rp

04/07/2023, 5:44 AM
hey @hamzatrq - can you elaborate on the use case please?
h

hamzatrq

04/07/2023, 5:51 AM
Hi @rp I am creating a boilerplate for Nestjs as a starting point for any application I work on in future. For authentication I choose firebase initially but then decided to go with super tokens. For authorization I was going for cerbos or openfga. But since most of the applications I develop have very basic roles and checks I thought it would be better if I can find a good way of implementing authorization using just super tokens. 1. Role based access which super tokens provide 2. Make sure that a comment created by user can only be updated or removed by the same user. Like if user.id === article.userId
I tried searching for blog posts if anyone shared something about it. But the only thing I found was a comparison between ABAC and RBAC.
r

rp

04/07/2023, 6:11 AM