https://kuelzer.ca/tags/authorization/Recent content in Authorization on ilikeorangutansHugoen© 2026 Jakob KülzerSun, 12 Apr 2026 14:27:24 -0400https://kuelzer.ca/posts/2013/08/15/thoughts-on-authorization-schemes/Thu, 15 Aug 2013 13:59:40 -0400https://kuelzer.ca/posts/2013/08/15/thoughts-on-authorization-schemes/<p>Today I was experimenting with some new tools (<a href="http://prose.io/">Prose</a>) and was confronted with a screen that probably everybody that owns a smartphone or uses any kind of connected online service has seen before: an authorization screen where the user is expected to either approve or deny an application based on list of permissions. Here&rsquo;s how Github&rsquo;s screen looks like:</p> <p> <img src="https://kuelzer.ca/assets/images/github-authorization.png" alt="Github Authorization Screen"></p> <p>Android has a similar screen when you install an app, IOS probably has one as well. Pretty much every connected system, be it Facebook, Github, Stackoverflow, pretty much everything that uses OAuth or similar technologies will have a screen like this. From a technology and development point of view it makes a lot of sense; at least initially. You break down privileges in a system into a few neat categories and if an application wants to use this service, it has to declare what it uses. Ideally the system would enforce that the application can only use the declared permissions and in theory that would make everything safer…</p>