Provide a mechanism to provide a set of authorisation claims for a user on a website.
The service was introduced as a way to remove authorisation responsibility from a preexisting component in the solution space where the preexisting component was beginning exhibit signs of unnecessary complexity. The preexisting component was also deemed to be doing too much and considered a risk as it’s a generic solution which is in effect run as an on premise installation.
The website in question has two different user bases with differing user models, where the models differentiate on
The two user bases are segregated from each other via endpoint routes\paths.
A key approach to the implementation was to adhere to an existing process, and subsequently interface to reduce friction with the existing architecture, processes and flows of data.