https://cerbos.dev logo
#help
Title
# help
g

Glen A.

08/02/2023, 3:43 PM
Is the authorization server typically only used for authenticated requests, or also for unauthenticated (guest) requests?
s

Sam Lock (Cerbos)

08/02/2023, 4:30 PM
The general pattern we'd expect is for user/principal information to be gathered from the authentication/identity provider and used in subsequent requests to the PDP (most commonly, roles that the user can assume). That said, there's nothing saying that you couldn't implement (say) a default role and pass that in each request.
g

Glen A.

08/02/2023, 6:55 PM
Alright, thanks Sam.
2 Views