Authorization and Roles

So far, you’ve seen how to confirm that users are who they say they are and how to retrieve information about those authenticated identities. This gives your application the basic ability to distinguish between different users, but it’s only a starting point. To create a truly secure web application, you need to act upon that identity at various points using authorization.