OAuth2 authorization for custom project role and custom project
I am new to OAuth2 and am trying to figure out what is the best practice for the following scenario:
- I am implementing a "ToDo" web service (CRUD for "tasks")
- I am using OAuth2 and Google as my auth provider to get user details (email, name)
- Now I need to implement project-specific roles for users ('admin', 'user')
In terms of OAuth2 - Google doesn't "own" my service, so it can't help me with storing / providing "ToDo" -special roles, is that correct?
What is the general / best approach to implement it, I need to create my own authorization service where I will need to store relationships like userinfo -> project role?
source to share
Well, it depends on what exactly you want to do.
If you have users and those users have specific roles that you have already assigned to them, you simply use Google OAuth as your identity service. You don't need to implement your own authorization service, but you will need to track (usually in your own database) the relationship between the user ID and the roles for those users.
If the goal is to create a service where the user can delegate certain permissions to a third party service, you will certainly need to implement your own OAuth server. This will allow the user to restrict the areas required for the third party to work.
source to share
It's easy for you to set up your own authorization and resource server, not depending on google services. On your own authentication server, you have more control over your roles and the users you specify. The configuration and authentication server can be used with a spring boot application and use dependencies like Spring-starter-security, Spring-security-oauth2, etc.
source to share