10 Authorization

This chapter covers

Creating superusers and permissions
Managing group membership
Enforcing application-level authorization with Django
Testing authorization logic

Authentication and authorization have a tendency to be confused with each other. Authentication relates to who a user is; authorization relates to what a user can do. Authentication and authorization are often referred to as authn and authz, respectively. Authentication is the prerequisite for authorization. In this chapter, I cover authorization, also known as access control, as it relates to application development. In the next chapter, I continue with OAuth 2, a standardized authorization protocol.

Note At the time of this writing, broken authorization is number ...

Get Full Stack Python Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Full Stack Python Security by Dennis Byrne

10 Authorization

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly