Hello folks! How are you?
I'm searching for open-source authorization services and I read the
SpiceDB documentation and came across with this point:
What happens if I don't use a ZedToken at all? (
https://authzed.com/docs/reference/zedtokens-and-zookies#what-happens-if-i-dont-use-a-zedtoken-at-all)
The idea of having an authorization service is to decouple from my microservices this responsibility.
For me, it doesn't make sense I add a column in my business database to store a token related to the authorization service, in this case, related to a specific implementation.
If I don't use a
zedtoken, is there a way to say: "spicedb, rebuild the cache now, with these last changes"?
And when a "check permission" is performed without a
zedtoken, this more recent cache will be used.
Another point:
> If you do not intend to store ZedTokens, it is recommended that all calls use Consistency of fully_consistent (which has a major performance hit, but is fully safe). Really, though, you should store ZedTokens.
Do we have numbers about it? What is the difference in the response time?