I’ve built a proof of concept which allows users to authenticate to my web app via Okta (using the Authorization Code Flow).
Now, I’d like to take things a step further, and use Okta for authorization – not just authentication.
In other words: say that my web app’s dashboard has a “Blog Posts” section. I’d like to control whether BobUser has access to this section of the dashboard from within Okta.
Is this possible?
If so, what mechanism should I use to accomplish this? What’s the keyword I should be searching for? I haven’t been able to find anything. I know that I can assign attributes to users – would this be the best way? Is that a typical use of user attributes, or would that be stretching their intended purpose?