| Last Updated | 22 March 2022 |
| Document Tag | tch-research-next-gen-authz |
| Author | simonm@thecyberhut.com |
| Part of Research Product | Next Generation Authorization Technology |
Auth0 is now part of Okta, as part of their May 2021 acquisition. However their brand is still separate and addresses different use cases.
The following is a collection of Auth0 product updates as they pertain to authorization focused capabilities that have occurred between 2019 – 2022. This is taken from their change log.
| Date | Feature | Details |
| March 2019 | Authorization Capabilities Added | Basic authorization capabilities were added to the platform. |
| June 2019 | Added Support for OAuth2 Device Authorization Grant | OAuth2 device authorization grant provides support to associated smart devices to a physical person via scoped access tokens. |
| April 2020 | Refresh Token Rotation and Reuse Detected Added | Added the ability to rotate the OAuth2 refresh token with a new token on use, typically within single page apps. |
| Dec 2020 | Changes to Refresh Token Expiration | Added ability to expire OAuth2 refresh tokens based on absolute expiration and inactivity. |
| Feb 2021 | Improvement to Dashboard RBAC capabilities | Improvements to admin dashboard roles admin, editor and viewer roles. |
| April 2021 | Organizations Capability Added | Organizations allow for the ability to create business to business environments and closed user areas. |
| Nov 2021 | SDK for Express for OAuth2 JWT Bearer | SDK support for Express applications to leverage JWT bearer token profile |
Auth0 capabilies for authorization can be described by their Access Management feature set. Here they describe the following main building blocks of capability
- API Authorization
- Support for Role Based Access Control
- Support for API Protection via OAuth2
In October 2021, Auth0 also announced the Zanzibar Academy. This is based on the Google research paper of the same name.
The aim of the project is to raise community awareness of the capabilities associated with Zanzibar and relationship based access control.
Source: https://zanzibar.academy/
The academy provides an interactive testing playground to understand the main components of Zanzibar and how this model of authorization could be applied to real world situations. The architecture has three main premises:
- Global Consistency
- Scalable
- Fast