I'm currently developing a microservices application consisting of a dozen separate services. I'm currently focusing on managing authorization within the application. The goal is to handle users, roles, and permissions in a customized, configurable way, allowing specific operations based on resource attributes.
I've considered using a relational database to store information about users, roles, and permissions, integrating an imperative approach recommended by Microsoft called Resource-based authorization. A concrete example would be allowing the deletion of a book only if the user has the contributor role in the library where the book is held.
My current challenge is determining the best structure for this service. After consulting various guides and online documents, it seems that the most suitable approach might be using a class library, to be referenced in the various services.
I wonder if anyone has experience or advice on effectively structuring an authorization service in a microservices-based environment, especially when adopting the Resource-based authorization approach. What best practices or tips could you share regarding code organization and dependency management in this situation?
Thank you in advance for any contributions!