The Twitter client should have access to the account so that they can read and publish posts. However, you do not want to give the client their own password and perhaps even a second factor, such as a hardware token. This would give them general authority and could take over or delete the account entirely.
OAuth For Fine Grained And Controlled Access
The client does not use the user’s password, but a secret token that is issued only for him. The user controls which rights the client receives and which not. For example, the user can specify that the client create and manage posts, but cannot edit account settings. He can also withdraw these rights from the client at any time without changing his password by invalidating the token. The open authorization standard allows private data from games, apps and social networks to be securely shared with other online services.
You can control which internal apps are allowed to access confidential data. Use OAuth 2.0 for app access control. With modern, more secure apps, access is determined using OAuth 2.0 areas and can be restricted for the respective API. This means that restricted user data for most services such as Gmail and Google Contacts can be accessed. You can use the app access control.
Authorization Problems
After the authentication on the OAuth 2.0 authorization server has been clarified in the name of which user a resource is accessed, the resource server carries out the authorization. He checks whether this user is authorized to use the resource in the requested manner. To be able to answer this, the server needs information. With OAuth2 a powerful standard is available, within the framework of which authentication and authorization can be implemented in microservices. It offers an equally powerful implementation, which can be used in a microservice landscape with manageable effort. By using an API gateway, OAuth2 can also be hidden as an attack surface from external access and mapped to simpler authentication methods.
