Authorization Questions

The question still remains where do we have to store the jwt tokens so that our ajax requests from javascript can use them in the authorization

I'm using react and trying to handle password change by the user. i'm sending a post request like this:

I am investigating security plugins using sfauthorizationpluginview under mac osx and as a first step looking at the nameandpassword sample

What is the best way to authorize all users to one single page in a asp.net website. for except the login page and one other page, i deny

When designing a rest api or service are there any established best practices for dealing with security (authentication, authorization, identity

I'm designing a restful web app that will provide an authentication system for several other apps. the other apps will query this app through http

I tried to filter who can edit/delete on my app using policies but it's not working. trying to use it on blade. questionpolicy.php

This is a perennial question for me that i've never really resolved so i'd like your input. if i have actions that i know a user will not be able

In my country we have a mfa service that for instance, can take in your mobile phone number, and then pings your phone, you enter a pin and you're

I made a spa with react and asp .net core. the authentication is done via bearer-tokens (using identityserver4 and oidc-client) and authorization

Creating a new aspnet core project using dotnet new react --name myproject --auth individual sets up a new react project with

I am trying to set up spotify authorization using authorization code flow ( as from

I am having a hard time to get things to work as they are supposed to with jwt on node js. let me first say that my goal

I am developing an internal management system for my company. some api route will be check for the user's role, and the rest of routes will check

I have following error when trying to authorize some newspolicy: too few arguments to function

Currently i use the default laravel login/auth controllers, routes, views and no custom logic. we are building an app where if you logout and

I have update and store method like this public function update(contactrequest $request) { if

I have update method like this public function update(contact $contact) { $this->authorize('ownitems',

I want to use authorization in retrofit2. i've choosen interceptor way because almost all methods require

I have a key named social-public.key, which i am using to decode jwts, but the problem is i am having an error as below

I am a beginner to software development. i am trying to build a react web application which will be used at a clinic. currently the application

I'm currently creating a blazor server application that uses azure ad for authentication. the authentication works perfectly but i want to set up

I am trying to send notifications to the user after registration with the default auth of laravel 6. i tried using the notification facade, but it

Based on a user model and table already created, what is the best practice to create a route based on user type? usertype is a model and

I am trying to implement protected routes using polka js. i tried to implement it using a middleware but i keep getting unauthorized even for the

I have 2 roles, which is admin and user. now when logging in, the admin goes to the dashboard route while

I'm kind of new to rest api and flutter. i wanna login with the username and password and get the token response. how

I'm making axios call to my php api (which shows user data when a valid token is sent back to api server) and sending a valid jwt token in request

I am using policies and gate (roles - role_user users) to assign permissions to users in my laravel project, everything works fine. but i don't

There were a question about update() vs

Const jwtstrategy = require('passport-jwt').strategy, extractjwt = require('passport-jwt').extractjwt; const user =

Every time i run the test, i'm getting a 403 response status, what am i doing wrong in here? i have tried to remove passport authorization from

I have the following cloudformation stack. 2 lambdas (greeting and auth) with api gateway configured to use the auth lambda for authorisation.

I am setting up a new project and i want to use gates and policies. i know how to use it by laravel documentation but i want to go

I'm using express/node.js, with mongodb. when a user login/registers, they are giving a json web token (jwt) and they are

I have a laravel controller that returns an image when the user is logged in: public function show($file) { $path =

I want to set a token in authorization header on my post request using dio. i have tried to set the header using two options. and both dont

I've got users able to log in, and log out, sign up, password reset - all using aws amplify in my react.js code. after they are signed

I'm using nodejs loopback 4 to build api project and using jwt token for authentication component. but when i explore built-in swagger of loopback

I generated a policy with php artisan make:policy studentpolicy --model=student. in this policy you have a view and viewany method. when i test it

How to disable edit/delete button on nova index page and still allow in detail page, if i will create a policy, that will disable the operation

i am following jeffrey way's laracasts from scratch and he mentions registering the projectpolicy.php in authserviceprovider.php. however, i

In my laravel 5.8 project i am implementing a reputation system similar to stack exchange's one: for example, users can reply to a discussion only

I tried to navigate admin user to a special page by using following code bu it gives the nosuchmethoderror this is the code

In my application, user's will have their accounts created for them by other people, so i want to send a password reset email to them so they can

In order to get data from an api, i need to send a jwt token in the header of the call. i save it in local storage after i get it in my

I have created a custom multi-auth system in laravel-5.8 for a college website where every user registers for a specific role: admin, faculty, or

I have an app that has admin, manager and employee roles. a manager can edit fields a, b, c of all employees. an admin can edit fields a, b, d, e

User trying to access /hello url in the browser via a reverse-proxy. "500 error: cannot exchange code for grant in

I have a laravel application using the built-in basic laravel auth, but in addition to being able to authenticate users, i also need to be able to

Let's say we have action in the policy for our model that can return false in bunch of different scenarios: class

The target is sending a post request with autorization header contains token. it's function: export function authheader()

I am trying to implement a user registration system in laravel 5.7 where i am facing an issue. i have two tables for users- admin(created

My user model has different roles which have inheritance relationship between each other, for example: admin is a child

I have problem with stopping progress dialog. the backgroundworkeractivity is used for user authorization and registration. when user fills

I'm making a project in which i want to create user through laravel auth() but don't want to get it auto logged in on creation of account. i have

I have changed the register page of laravel 5.7 auth() to the studentregister page to register a new student, but it is inaccessible when i'm

Struggling with node.js and google cloud. i am trying to upload a file to a bucket in google cloud storage. basically i am using the code in this

I have a node.js express web application where a user can log in by posting his email address and password to a route /signin and

I'm integrating eventkit in an ios app, but i am experiencing a weird crash which i'm not able to debug. in the app i've got

So i'm trying to prevent an already logged-in user to log-in in different browser or another computer. i'm thinking that i need to add an ip

I have middleware groups: route::group(['middleware' => ['auth:admins','web']], function

I'm trying to add an authorization layer to an api, and the current design i have results in more sql queries than it feels like should be

I have to show a custom(json) response body when the authorization fails in my api. by default i have this message : unauthorized. but i would

I am using laravel 5.7. for security reasons, i set my laravel application to automatically logout after one hour inactivity. but i want the user

I have a lot of functions that perform actions based of the permissions of the user. for the web, everything works fine. but i am slowly changing

I want to authorize my api of my laravel application. my structure right now is like this: users belong to an organization, and the

I have a resource named post. every post is related to a single user, and a user may have

I'm starting my first laravel project (first mvc / oophp project infact) and could use some help with routes. i followed the guide at

I'm trying to make an api call using react. my code looks similar to the below one. when i try it, i'm getting an logging error(404-page not

How can i create a policy/gate to restrict users from accessing nova tools (e.g. spatie nova backup tool)?

I'm doing a authorization check from a winforms application with the help of the azman authorization provider from enterprise library and am

I create a policy called letterpolicy , this is the code namespace app\policies; use app\letter;

I'm trying to check if a user is allowed to view a page using gates and policies in laravel. in my web.php, i have within a

I'm trying to hide a button and show it only to the admin, i think i writed the code well but still can't get the result i want, i can't see the

I have a laravel api using laravel passport (oauth2 with password grant). when i access an endpoint with postman, it responds correctly. when i

I am trying to use the standard laravel auth related functionality. i have the standard login, register, logout, etc... working fine.

As the title suggests, i can't get the delete() option to work. i've struggled through a lot of posts online but the right answer just isn't

I know, how to use laravel policies and everything works, but i am stuck with create(...) method. my app is a training

How can i send authorization credentials using fetch? it worked using postman but on chrome i keep receiving this message:

I have a laravel web application for a restaurant with its own user base. i have another web application for a bookstore with its own different

I'm trying to call auth::user() in my routes/api.php file. but the auth::user() returns

When a user logs in, i give them a cookie named auth with a value that is a guid, which expires in 2 weeks. i save the hashed guid in the database

I'm using identityserver4 and have a scenario where i need to initiate a call to a secured api during a password reset process. identityserver4

I'd like to create a web service architecture that can be called by various platforms such as mobile devices, winforms applications, iphone,

A simple api endpoint, with a cognito user pool authorizer, when using the authorizer test button ( or using

I am new to angular/node js, and i am doing a project for university where i am trying to implement authorization/authentication in my frontend

I had a very basic idea for a simple algorithm that would allow a user to reset their password by requesting a random code sent to their e-mail.

In my database, there is two table members and services. in that table, there are 5 column members username, rank, name,

I am trying to authenticate users and admin form user table and admin table

When a user tries to register i require them to enter an organization id, i want that organization id to be checked against my organization table

I'm trying to use the code provided by the documentation of entrust in a controller but save() method wont execute and gives me the

Is it ok that static content that normally would load only on an authorized user's page be publicly requestable? let's say there are two

I'm using jwt web token system. i was able to generate tokens successfully. i'm creating jwt tokens in laravel as follows

I'm trying to authorize a users character to delete/update post. i was using policies to do so, but i could only pass one parameter to the policy

I am using laravel 5.2. so i'm learning about how to deal with roles and permissions

I installed the authentication on laravel 5.2, jenssegers/laravel-mongodb with make:auth. registration, login works fine. the only

I am trying to implement authorization in laravel, following this

I'm new to laravel and cartalyst/sentinel, but for this project i'm facing out an authorization problem: i have to set user crud permissions for

I have set a bit different login logic in authcontroller provided by laravel 5.2. the code is protected function