Our application has the concept of Users and Clients. A User can be given permission to access a specific Client and do some, none, or all the operations on the Client. The Client is created manually by an Administrator who also grants a User permission to a Client. What is the best way to handle this in the Authorization Extension?
From browsing the tutorials, it seems the best approach is to use the Management API to create a Client specific permission once a Client is created in our app. For example, if I create Client A (with ID 1) in the app, we’ll fire off a request to create Permissions for that Client ( client-a-1:read
, client-a-1:edit
, client-a-1:other-permission
. The Administrator then grants the respective users the permission for that Client.
Is there a better approach or is this the best way to go about it?