[{"data":1,"prerenderedAt":184},["ShallowReactive",2],{"term-a\u002Fauthorization":3,"related-a\u002Fauthorization":168},{"id":4,"title":5,"acronym":6,"body":7,"category":148,"description":149,"difficulty":150,"extension":151,"letter":152,"meta":153,"navigation":154,"path":155,"related":156,"seo":161,"sitemap":162,"stem":165,"subcategory":166,"__hash__":167},"terms\u002Fterms\u002Fa\u002Fauthorization.md","Authorization","AuthZ",{"type":8,"value":9,"toc":142},"minimark",[10,15,19,23,26,30,131,135,138],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"Authorization is deciding what you're allowed to do after you've proven who you are. The bouncer let you in (authentication), but now the VIP host decides if you can sit in the VIP section (authorization). You're in the building, but not everywhere in it.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"Authorization determines what resources or actions an authenticated user is permitted to access. It typically involves roles, permissions, and access control lists (ACLs) that define what each user or group can do.",[11,27,29],{"id":28},"show-me-the-code","Show Me The Code",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F Checking if user has permission to delete\nif (!user.roles.includes('admin')) {\n  throw new Error('Not authorized to delete posts');\n}\n","javascript","",[38,39,40,49,97,125],"code",{"__ignoreMap":36},[41,42,45],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"sHwdD","\u002F\u002F Checking if user has permission to delete\n",[41,50,52,56,60,64,67,70,73,75,79,82,85,89,91,94],{"class":43,"line":51},2,[41,53,55],{"class":54},"s7zQu","if",[41,57,59],{"class":58},"sTEyZ"," (",[41,61,63],{"class":62},"sMK4o","!",[41,65,66],{"class":58},"user",[41,68,69],{"class":62},".",[41,71,72],{"class":58},"roles",[41,74,69],{"class":62},[41,76,78],{"class":77},"s2Zo4","includes",[41,80,81],{"class":58},"(",[41,83,84],{"class":62},"'",[41,86,88],{"class":87},"sfazB","admin",[41,90,84],{"class":62},[41,92,93],{"class":58},")) ",[41,95,96],{"class":62},"{\n",[41,98,100,103,106,109,112,114,117,119,122],{"class":43,"line":99},3,[41,101,102],{"class":54},"  throw",[41,104,105],{"class":62}," new",[41,107,108],{"class":77}," Error",[41,110,81],{"class":111},"swJcz",[41,113,84],{"class":62},[41,115,116],{"class":87},"Not authorized to delete posts",[41,118,84],{"class":62},[41,120,121],{"class":111},")",[41,123,124],{"class":62},";\n",[41,126,128],{"class":43,"line":127},4,[41,129,130],{"class":62},"}\n",[11,132,134],{"id":133},"when-youll-hear-this","When You'll Hear This",[16,136,137],{},"\"The endpoint needs authorization — only admins should call it.\" \u002F \"Authorization error: you don't have permission to view this.\"",[139,140,141],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":51,"depth":51,"links":143},[144,145,146,147],{"id":13,"depth":51,"text":14},{"id":21,"depth":51,"text":22},{"id":28,"depth":51,"text":29},{"id":133,"depth":51,"text":134},"security","Authorization is deciding what you're allowed to do after you've proven who you are.","beginner","md","a",{},true,"\u002Fterms\u002Fa\u002Fauthorization",[157,158,159,160],"Authentication","CORS","Token","OWASP Top 10",{"title":5,"description":149},{"changefreq":163,"priority":164},"weekly",0.7,"terms\u002Fa\u002Fauthorization",null,"sGVwaw80-Rxckq2OEOuv0Wac3sED4YHv31S6EmnmdWw",[169,173,177,180],{"title":157,"path":170,"acronym":171,"category":148,"difficulty":150,"description":172},"\u002Fterms\u002Fa\u002Fauthentication","AuthN","Authentication is proving you are who you say you are.",{"title":158,"path":174,"acronym":158,"category":148,"difficulty":175,"description":176},"\u002Fterms\u002Fc\u002Fcors","intermediate","CORS (Cross-Origin Resource Sharing) is the browser's built-in protection that prevents random websites from making API calls to your backend using the vis...",{"title":160,"path":178,"acronym":166,"category":148,"difficulty":150,"description":179},"\u002Fterms\u002Fo\u002Fowasp-top-10","The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked.",{"title":159,"path":181,"acronym":166,"category":182,"difficulty":150,"description":183},"\u002Fterms\u002Ft\u002Ftoken","vibecoding","In AI-land, a token is a chunk of text — roughly 3\u002F4 of a word.",1776518256771]