awesome-authorization
github.com/warrant-dev/awesome-authorization ↗A curated list of information and resources about authorization.
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me access control models resources from awesome-authorization"
Installation instructions →What's inside
Access Control Models
Authz In Practice
- Airbnb Himeji
Based on Zanzibar.
- Attribute-Based Access Control at Uber
Summary of Uber's internal, centralized ABAC system used within its microservices architecture.
- Authorization at LinkedIn’s Scale
Summary of LinkedIn's high-performance authz system used within its microservices architecture.
- Authorization Solutions for Microservices Architecture
How AppsFlyer approaches authz in their microservices architecture.
- Carta AuthZ
Also based on Zanzibar.
- GitHub Secret Scanning
How GitHub scans repos to search for exposed secrets.
Useful Articles & Tutorials
- API Tokens: A Tedious Survey
An overview of different approaches to API security.
- Ask HN: Best Practices for Web Authorization? (2016)
HN discussion about application authorization best practices.
- Authorization in a Microservices World
Covers approaches to authorization in microservices.
- AWS - Authz & Access Control for SaaS Multi-tenant Apps
How-to/implementation guide for authz in multi-tenant apps using AWS.
- Best Practices for Building Secure API Keys
Covers hashing, storage and key retrieval.
- Feature Flags and Authorization Abstract the Same Concept
A blog post comparing the many similarities and subtle differences between feature flagging and authorization.
Authentication vs. Authorization
- Authentication
Determines
- Authorization
Determines
- Understanding Authentication, Authorization, and Encryption
Quick comparison of authn, authz and encryption.
Security Concerns
- Broken Function Level Authorization
API incorrectly relies on the client to use the correct access level making it susceptible to hackers.
- Broken Object Level Authorization
- Building a Modern Zero Trust Strategy
Overview of 'zero trust' security by
- Identity Thieves Bypassed Experian Security to View Credit Reports
- Millions of people's data stolen because web devs forget to check access perms
CISA, NSA and the Australian Cyber Security Centre alert on the prevalence and danger of IDOR attacks.
- OWASP API Security Top 10 2019
List of the top 10 security risks for APIs.
Videos & Talks
- Deloitte - How Zero Trust Architecture Can Be Strengthened with ABAC (2022)
How Zero Trust Architecture Can Be Strengthened with ABAC (2022)
- Hashicorp - Microservice Authentication and Authorization (2019)
Microservice Authentication and Authorization (2019)
- How Netflix Is Solving Authorization Across Their Cloud (2017)
- @Scale 2019 - Zanzibar: Google’s Consistent, Global Authorization System
Zanzibar: Google’s Consistent, Global Authorization System
Overview
- NIST Authorization Definition
"The process of verifying that a requested action or service is approved for a specific entity".
Best Practices
- OWASP Authorization Cheat Sheet & Recommendations
Keep an authorization log (allow/deny) to track access and conduct audits where necessary.
Showing a sample of 54 resources. View the full list on GitHub →