How to Get Authorization Right
In the past few months, we have talked to over 100 engineers from both Fortune 500 companies and startups about their approach to authorization. The complaints were playing in tune.Everyone hated syncing and moving authorization data. Most engineers agreed that modeling is hard, especially when it comes to never ending product requirements. Also, no one liked the fact that authorization logic is cluttering the code base, and creating technical debt. And last but not least, Many developers told us testing & auditing haunt them at nights. Even thought everyone run into similar problems, there was no consensus over a solution. Each team keep reinventing the wheel. Some teams spend months to clean out their technical debt, and build a full fledged authorization service. Yes, building unified authorization is hard. Here’s why, and how to properly solve it.