Virtually all of the systems we are building today share data via public networks. We rarely want that data to be available to everyone, so we restrict access to it.| securityblog.omegapoint.se
In the previous article, we talked about what information we require to achieve strong access control. This article looks at how we transfer information on what scopes and audiences the user has approved, their identity and details on their login, plus rights we use for access control.| securityblog.omegapoint.se
In the first two articles, we discussed how to design your system in order to build strong access control. We looked at how you can strike the right balance in terms of what information is associated with your access token, and we looked at balancing identity and local permissions. This article will take a look at how to configure a client in order to get a token, and how we handle sessions.| securityblog.omegapoint.se