Why are you selling this website? I just do not have time to do everything the way I can (* it's been around for a while, only other bigger projects that I'm needed). Sorta groaned when he saw how it went.
How is it monetized? Amazon Affiliate, but you can also sell products if you like or install Add Sense. The website is solid.
Is this site coming with social media accounts? No.
How long does it take to run this site? Do a few basic SEO and link building features and you should go to the races.
What are the challenges of running this site? To rank only a few of the keywords, but it is a low hanging fruit. Set and forget that.
It's easy to get a product from Amazon, get that affiliate link, post it on the site, then share it on social media or create some inbound links. Or use the domain to build an Alibaba dropshipping business and deposit funds. (* That was all I was going to do).
I'm trying to figure out how to best secure an API with oAuth scopes and / or claims. I'm not sure what to use.
My setup is as follows:
All users log in to signin.domain.com
There are several customers www.domain.com and admin.domain.com
There is a resource server api.domain.com
There are several areas data.read and data.write
www.domain.com requests an area data.read and admin.domain.com calls for both areas data.read and data.write
Some users who are administrators must be able to write data (for example, POST to api.domain.com), but all authenticated users can read.
If I understand it, users log on with the client www.domain.com There is no token with the scope data.write even if the customer wants it.
I read that scopes are kind of claim categories , Does this mean that when a client requests a particular scope, I must fill the token with all claims connected to this extent?
From there, does my resource server check if the user has the right claim?
Or does the resource server only check if the token contains the correct range?
In both cases, it is not possible to assign areas to the users, only the clients, and it is not enough to say "users have logged on to client x so they can get write permission." So it seems that my first assumption is the only correct one.
I would be grateful if someone could clarify how grants and claims should provide granular API access.