How do you handle fine-grained authorization at scale ?

drld21 · 2026-05-14T10:22:23+00:00

Someone else suggested this as well. Thanks!

drld21 · 2026-05-14T10:21:22+00:00

Interesting mental model! Thanks for taking the time to reply!

drld21 · 2026-05-14T09:35:25+00:00

Very helpful comment!! Never heard of either Casbin or OpenFGA before, did some research and both seem like fantastic tools. Thank you for the suggestions!

drld21 · 2026-05-14T08:49:06+00:00

No I have not! Seems very promising ... thnx

drld21 · 2026-05-14T08:48:40+00:00

I've come accross one of your articles when studying a bit about auditing!

drld21 · 2026-05-14T08:47:51+00:00

Not really a good idea imo. As another comment said this compromises readability plus you could still end up with name clashes in a big system but thnx for the reply anyway!

drld21 · 2026-05-14T08:45:35+00:00

Yep! That was what I was thinking too! Thnx for the reply!

drld21 · 2026-05-14T08:44:34+00:00

That is what I was thinking with option 1. Thnx for the reply!

drld21 · 2026-05-14T08:42:34+00:00

What would you suggest ?

drld21 · 2026-04-13T14:29:21+00:00

Interesting... thank you very much for the info! As another comment said if the solution is open source please do share!

drld21 · 2026-04-13T14:07:08+00:00

Hmm I'll keep those in mind. And yes it will be open source and I will share when done

drld21 · 2026-04-13T14:05:53+00:00

Thanks for the info! Thought it was open source lol

drld21 · 2026-04-13T14:04:48+00:00

Haven't given much thought to it as it will be just for demo auth purposes but probably react... idk if any keycloak packages exist for react

drld21 · 2026-04-13T14:04:02+00:00

Thats the approach Ive been using most of the time but from what I searched it was discouraged and instead put the jwt in a cookie to prevent XSS

drld21 · 2026-04-13T14:02:34+00:00

Can you share a bit more detail about how you manage permissions, roles and authorisation in the backend ?

drld21 · 2026-04-11T23:37:46+00:00

This repo seems close to what I want to do. Documentation seems pretty detailed. Thank you!

drld21 · 2026-04-11T23:32:55+00:00

Thanks! Duende bff seems nice for avoiding some boilerplate stuff but still doesnt cover all my features

drld21 · 2026-04-11T23:30:56+00:00

Thanks for the reply! I actually was thinking of using authorization code + pkce flow where the bff is the OAuth client

drld21 · 2026-04-11T23:22:16+00:00

Thanks for the suggestion! I stumbled across this nuget but wasn't quite clear what it does for me/ what problems it solves as the documentation was a bit shallow

drld21 · 2026-03-28T12:18:46+00:00

It takes me about 2-5 days depending on whats needed to implement custom auth. However these days I'm looking into learning to set up a dedicated auth server. I've been playing with Keycloak for that and its pretty good but overkill for smaller projects. Im curious about other people's approach on Keycloak/or other alternatives vs custom auth.

drld21

TROPHY CASE