We have an API with endpoints for things like user profile information where we want to restrict access.
Our application backend is built in PHP on the Slim framework so we're handling authorization in routing middleware:
class Authorization {
public function authorizeAccess() {
... // check if oauth token corresponds to the correct id
}
}
$authorizer = new Authorization();
$app->get('/user/:id/profile', [$authorizer, 'authorizeAccess'], function() use ($app) {
...
};
Is this a good way of doing this?