Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Some security methods combine the two, such as OAuth. Other security methods just assume an authenticated user is fully authorized to access everything. The pros and cons of these methods is worthy of another article. The main takeaway here is to understand the caveats of each implementation and to avoid the mistake of treating authentication the same as authorization (or vice-versa).

Enabling Authentication

Regardless of the method(s) of authentication being used, the Enable Authentication option needs to be set. Otherwise, all SRP HTTP Framework will automatically authenticate each request as valid (although any internal authorization logic will still work as normal). To set this option, just make sure