Human-in-the-Loop for AI Agents: Best Practices, Frameworks, Use Cases, and Demo
Learn how to safely integrate AI agents with human-in-the-loop (HITL) workflows. Explore best practices, frameworks, real-world use cases, and a live demo.
Read More
Gabriel L. Manor
Full-Stack Software Technical Leader | Security, JavaScript, DevRel, OPA | Writer and Public Speaker
Implementing Fine-Grained Nuxt Authorization
Learn how to implement Attribute-Based Access Control (ABAC) and Relationship-Based Access Control (ReBAC) in a Nuxt application. This guide covers defining policies, syncing user data, and enforcing permissions in a scalable way.
Read MorePrisma ORM Data Filtering with ReBAC
Learn how to implement Prisma ORM data filtering using ReBAC (Relationship-Based Access Control) to control which database records each user can access, without manual filtering logic.
Read MoreDelegating AI Permissions to Human Users with Permit.io’s Access Request MCP
Learn how to build secure, human-in-the-loop AI agents using Permit.io’s Access Request MCP, LangGraph, and LangChain MCP Adapters. Enable AI agents to request access and delegate sensitive permissions to human users for policy-backed decision-making.
Read MoreImplementing Multi-Tenant RBAC in Nuxt.js
Learn how to integrate Role-Based Access Control (RBAC) in a multi-tenant Nuxt.js application with continuous user syncing using Permit.io. This guide walks through defining roles, enforcing permissions, and managing access dynamically.
Read MoreThe Challenges of Generative AI in Identity and Access Management (IAM)
Explore how AI in Identity Access Management (IAM) is changing to address the complexities of generative AI. Learn about the challenges and solutions for managing AI-driven identities, permissions, and access control.
Read MoreIntroducing the New Permit.io CLI: A New Era of Access Control Developer Experience
The new Permit.io CLI brings developer-first workflows to access control. Define, test, deploy, and enforce fine-grained authorization using AI, CI/CD, GitOps, and OpenAPI — all from your terminal
Read MoreA Guide to Bearer Tokens: JWT vs. Opaque Tokens
Learn the key differences between JWT and opaque bearer tokens, covering how they work, when to use each, and how they impact API authentication, security, and performance.
Read MoreImplement Multi-Tenancy Role-Based Access Control (RBAC) in MongoDB
Learn how to implement multi-tenant Role-Based Access Control (RBAC) in MongoDB. This guide covers defining roles, enforcing permissions, and securing tenant data with PDP-Level filtering for scalable authorization in Node.js applications.
Read MoreSupabase Authentication and Authorization in Next.js: Implementation Guide
Learn how to add Supabase authentication and authorization to a fullstack Next.js app. This guide covers setting up Supabase Auth, implementing RBAC and ReBAC authorization, and enforcing access with Supabase Edge Functions and a Policy Decision Point (PDP).
Read MoreIdentity Tokens Explained: Best Practices for Better Access Control
Learn what identity tokens are, how they work, and best practices for using them securely in modern applications. Avoid common pitfalls and strengthen your app’s authentication and authorization.
Read MoreAuthentication and Authorization with Firebase
A step-by-step guide to building a secure, multi-tenant app using Firebase for authentication and storage, and Permit.io for fine-grained authorization—learn how to manage permissions, enforce access control, and debug policies with audit logs.
Read MoreManaging Frontend Authorization in Vue with CASL
CASL lets you manage frontend authorization in Vue by dynamically restricting UI access based on user roles. Learn how to integrate it with your Vue app in this step-by-step guide
Read MoreImplementing Role Based Access Control (RABC) in React
A guide to implementing RBAC in React applications. This guide covers role-based access control, feature flags, and secure permission management, ensuring a scalable and maintainable authorization system.
Read MoreHow to Implement Dynamic React Feature Flags (2025 Update)
Learn how to build a React feature flag system using CASL and Permit.io. Dynamically manage feature access with Relationship-based access control (ReBAC) to enable fine-grained react permissions
Read MoreHow to Implement Fine-Grained Authorization with Django
Learn how to implement Fine-Grained Django Authorization, including user permissions with models such as RBAC, ReBAC, and ABAC.
Read MoreAI Content Moderator - Why and how to build one with Gemini 1.5
How and why would you build an AI-based content moderator? Learn how AI improves moderation with contextual awareness, scalability, and customizable rules, and how you can build one with Next.js, MongoDB, Permit.io, and Gemini 1.5 Flash.
Read MoreThe “Who” - Understanding AI Identity in IAM
Discover how AI Identity is transforming Identity and Access Management (IAM). Learn to tackle hybrid identities, dynamic permissions, and proactive security with practical implementations.
Read MoreImplementing Authentication and Authorization in Vue
Authentication identifies users, but authorization determines what they can do. In this tutorial, learn how to implement authentication with Firebase and enforce advanced authorization models: ABAC and ReBAC in Vue.
Read More״Where״ Can They Go? Managing AI Permissions
Discover strategies to manage AI permissions with Retrieval-Augmented Generation (RAG) and dynamic authorization to ensure AI agents only access authorized data.
Read MoreDeepSeek Completely Changed How We Use Google Zanzibar
Google Zanzibar provides fine-grained authorization, but managing it at scale remains a challenge. This article explores using DeepSeek to automate ReBAC tuple generation.
Read MoreHow to Implement Role-Based Access Control (RBAC) in Vue.js
Learn how to implement Role-Based Access Control (RBAC) in Vue with a step-by-step tutorial. Define roles, manage permissions, and enforce access control in a Vue app with a practical implementation example.
Read MorePermit.io Announces a New Pricing Model
Permit.io’s new pricing model makes for affordable, predictable, fine-grained authorization tailored to developers and companies of all sizes.
Read MorePrompt Filtering with OpenAI: Using GPT for GPT Access Control
Learn how to implement AI-driven prompt classification for dynamic access control. Combine OpenAI’s intent classification with policy-based access control to enforce permissions based on user requests.
Read MoreWe Let AI Handle User Permissions (And it Works)
How can access control be automated using AI? Learn how to use OpenAI to classify documents by sensitivity and enforce dynamic permissions with Permit.io's Attribute-Based Access Control (ABAC).
Read MoreFine-Grained Keycloak Authorization with ABAC and ReBAC
Learn how to enhance Keycloak authorization with ABAC and ReBAC. Step-by-step guide to integrating Permit.io for fine-grained policies.
Read MoreHow to Implement Authorization into a FastAPI Application
Learn how to implement Authorization in FastAPI applications with Permit.io, a permission management system. Follow a step-by-step guide using RBAC and ABAC.
Read MoreImplementing Database Permissions
Learn about database permissions and authorization, exploring data filtering strategies like application-level checks, PDP filtering, and partial evaluation to enhance security, performance, and scalability for managing user access.
Read MoreAuthentication and Authorization in Applications
Everything you need to know on the principles of authentication and authorization in applications. Including a comparison table and real-world use cases.
Read MoreThe “What” - Adopting Proactive AI Identity Security
Learn how AI identity security is reshaping Identity and Access Management (IAM) and how to tackle these changes with proactive identity security.
Read MoreThe “When” - Dynamic AI Access Control for a Changing Timeline
Dynamic AI access control should adapt to evolving timelines. Event-driven approaches like Continuous Access Monitoring and CAEP enable real-time adjustments to access control based on changing conditions.
Read MorePermit.io in KubeCon 2024 - Here’s What We're Excited For
Kubecon 2024 in Salt Lake City starts tomorrow! These are the booths, talks and panels we are especially excited for.
Read MoreCoding Tutorial: Build a Secure Chat App with React, Firebase, and Permit.io
A step-by-step guide to building a secure, real-time chat app with React, Firebase, and Permit.io - learn how to handle user roles and set up Firebase for authentication and real-time messaging.
Read MoreWhat is Fine Grained Authorization (FGA)?
Learn how Fine Grained Authorization (FGA) can enhance your application's security and provide precise, dynamic permissions.
Read MoreHow to Protect Your Application from AI Bots
Discover how AI and authorization intersect. Learn to manage GenAI bots securely with fine-grained authorization using tools like Permit.io and Arcjet.
Read MoreThe Unspoken Tradoffs of Fine-Grained Authorization
Discover the possible tradeoffs when building fine-grained authorization (FGA). Learn from a real-world use case how to examine such tradeoffs and build better software.
Read MoreAdopt Gitops Today - Here’s Why and How.
Learn the best practices for implementing GitOps in your software development cycle. Read our article and adopt GitOps today to streamline your workflow.
Read MoreThe Arc Browser Vulnerability Exposes the Inefficiency of Row-Level Security (RLS)
Learn what the latest Arc Browser vulnerability can teach us about the proper usage of row-level security.
Read MoreBest Practices for Microservice Authorization
Best practices for implementing authorization in a microservices architecture. Learn how to create a better access control experience with Permit.io.
Read More12 Open Source Auth Tools That Will Help You Build Better Applications
Discover top open-source auth projects enhancing application security, including Hanko, Supabase, and OPAL, for robust authentication and authorization.
Read MoreHow to Add RBAC Authorization to Auth0
Learn how to add RBAC Authorization to your Auth0 application with Permit.io. Implement authz with low code and ensure only the right users have access.
Read MoreHow to Create an Authorization Middleware for Fastify
Learn how to implement middleware for a granular access control system in Fastify applications using the Permit.io cloud service.
Read MoreBest Practices to Implement Role-Based Access Control (RBAC) for Developers
Explore the process of implementing Role-Based Access Control (RBAC) in applications with policy as code, enhancing security and scalability.
Read MoreHow to Implement Authorization in an Express Application
Learn how to create authorization middleware for an ExpressJS application. Use RBAC and ABAC permissions models seamlessly in your Express app.
Read MoreWhat Is Attribute-Based Access Control (ABAC)?
Attribute Based Access Control (ABAC) is an authorization model that grants access based on environmental conditions, as well as user and resource attributes. Learn how ABAC works, its use cases, and how to implement it in your application
Read MoreWhat is RBAC? Uses and Implementation
Role-Based Access Control (RBAC) is an authorization model where permissions are managed based on organizational roles. Learn how it works, what it's used for, and how to implement it into your application in this 2024 updated guide
Read MoreHow to Implement Attribute-Based Access Control (ABAC) Authorization?
Learn best practices for implementing ABAC (Attribute-Based Access Control) in application authorization, including real-world use cases and code examples.
Read MoreBest Practices for Implementing Hybrid Cloud Security
Learn how to implement hybrid cloud security using the multi-layer approach. Explore best practices with practical examples of IAM security and authorization.
Read MoreImplementing RBAC Authorization in Next.js - 2024 Updated Guide
A guide for setting up role-based RBAC authorization in your Next.js application, from zero to a basic, functional implementation, updated for 2024
Read MoreMAC vs. DAC: Comparing Access Control Fundamentals
Learn the differences between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) and how to leverage both for application authorization.
Read More7 Developer Tools to Prepare Your Stack for the GenAI Era
Explore the best developers' tools that will make your application ready for Generative AI integrations.
Read MoreThe Definitive Guide for Implementing Authorization in Laravel
Discover how to implement fine-grained authorization in Laravel! Learn how to go beyond RBAC with ABAC and ReBAC, enhancing your application security.
Read MoreHow to Implement RBAC (Role-Based Access Control) in Astro Framework
Discover how to boost your Astro website security with Role-Based Access Control (RBAC), manage user access, and enhance your app's security in just a few steps
Read MoreOAuth vs. JWT: What's the Difference for Application Development
Explore JWT and OAuth distinct roles in web app security, how they work together, and their importance in modern web development.
Read More401 vs. 403 Error Codes: What's the Difference? When to Use Each? (Updated 2024)
Learn the Difference Between 401 and 403 Errors: Authentication vs. Authorization in HTTP Status Codes. Clear guidelines for developers.
Read MoreBest Practices for Authentication and Authorization in API
Explore best practices for authentication and authorization in API with clear, practical examples. Including a differentiation guide, and helpful code tips.
Read MoreAPI Security: A Comprehensive Guide for Developers
Explore comprehensive strategies for API Security in our guide, focusing on best practices in authentication, authorization, and safeguarding applications.
Read MoreThe Definitive Guide to OAuth Tokens
Explore the essential guide to OAuth Tokens. Learn about Access Tokens and Refresh Tokens for secure user authentication and authorization.
Read MoreTop 5 Access Control Features You Should Implement in 2024
Top 5 trends in access control for 2024: passkey authentication, fine-grained authorization, policy as code, and more. Get ready to secure your application.
Read MoreReinvent Access Control with Passkeys and Fine-Grained Authorization
Learn how to use passkeys and fine-grained authorization for better access control in cloud applications, including an example project and a detailed tutorial.
Read More10 Exceptional Developer Tools Launched in 2023
Explore New Developer Tools and Trends in 2023 - Enhance Your Workflow with the Latest Developer Tools
Read MoreScaling Authorization with Cedar and OPAL
Learn how to build a Cedar-based application authorization system. A practical tutorial to build a comprehensive auto-scaled solution with OPAL and Cedar agent.
Read MoreSend SMS Directly from the Browser (No Backend Code Required!)
Learn how to send SMS messages directly from the browser using Frontend Only Authorization (FoAz) standard. Backendless communication solution.
Read MoreOPA for App-Level Authorization, from RBAC to ABAC in Scale
Explore key guides on implementing Open Policy Agent (OPA) for scalable application-level authorization, from RBAC to ABAC.
Read MoreAdd a Slack Chatbox Directly into Your React App
Learn how to build a Slack-based chat box in your frontend app using React authorization and the Slack API. Secure access with FoAz. Try the working example.
Read MoreSend Frontend App Events Directly to Slack
Learn how to send Slack messages from a frontend app using FoAz. Configure permissions, proxy calls, and secure tokens. Monitor app events effortlessly!
Read More6 Low-Code Tools That Will Make You a Better Frontend Developer
Discover this low-code tools to enhance your frontend development skills and deliver higher-quality products and features faster.
Read MoreBest Practices for Authorization in Python
Discover best practices for authorization in Python applications. Avoid anti-patterns and create better access control with RBAC and ABAC implementations.
Read MoreBuilding and Testing App Permissions with Cypress
Learn how to build & test app permissions with our Cypress tutorial. Improve your app's security & user experience. Start coding now!
Read MoreImplementing Authorization in 4 Node.js Frameworks
Explore top resources for implementing RBAC authorization in Node.js frameworks - Express, Next.js, Fastify, and NestJS.
Read MoreKubecon EU 2023 - Must Not Miss List
Discover the top sessions at KubeCon EU, curated by Permit.io. Join the cloud-native community's brightest minds to learn about Kubernetes and Authorization.
Read More