Concepts
The following pages contain the tag "Concepts":
API Authorization with OAuth2/OpenId Connect
Implementing API Authorization with OAuth2 and OpenId Connect (OIDC) OAuth2 and OpenID Connect (OIDC) protocols are robust and reliable solutions for establishing secure access control and verifying identities. While OAuth2 focuses on authorization, granting or denying access to valuable resources, OpenID Connect extends OAuth2 by providing an identity protocol that emits the identity of individuals or machines. One notable advantage of both OAuth2 and OIDC is their decentralized authentication approach. This decentralized authentication enables seamless scalability within application landscapes utilizing OAuth2 or OIDC servers.
Read article >>Distributed apps
Distributed apps A distributed app is an app that runs on several machines in a network. A distributed app processes workload by delegating parts of the work to several machines which process their workload in parallel. There is no concise definition of what a ‘distributed app’ is. There are, however, typical applications that are referred to as distributed apps. Service Oriented Architecture or Microservice Architecture are examples of distributed apps. Different servers process different workloads in parallel.
Read article >>The Back-end For Front-end Security Pattern
The Back-end For Front-end Security Pattern In today’s digital landscape, delivering exceptional user experiences while ensuring robust security measures is paramount for the success of web applications. By shifting the responsibility of aggregating data from multiple sources to the BFF, and thereby minimizing HTTP requests made by the front-end, the BFF pattern improves the overall user experience. However, the benefits don’t end there. Recognizing the need for stringent security measures, the BFF pattern can be extended to incorporate authentication and authorization mechanisms, making it a powerful tool to safeguard sensitive user information.
Read article >>What is a Back-end For Front-end?
What is a Back-end For Front-end? The BFF pattern originates from SoundCloud. They had an app that drained phone batteries. The cause: their microservices. The app had to invoke requests to so many different APIs that the number of open HTTP-connections ended up draining batteries. The solution was simple: Build a server-side API specifically for one front-end, which collects all the data from all microservices in one go. That way, there’s only one HTTP-connection to be kept open by the app.
Read article >>What is a reverse proxy?
What is a reverse proxy? Reverse proxies are used to route traffic to servers in a network. Or, from a Kubernetes perspective: A reverse proxy is used to route traffic to the correct Pod. A reverse proxy is a mechanism that prevents direct access to components in the network. Instead, it forwards it. This article describes the following: How to expose a single webserver to the internet, directly How to prevent direct access to the web server by implementing a Reverse Proxy How you can use a Reverse Proxy as a load balancer Typical reverse proxies Exposing a single webserver to the internet When you have one webserver and a DNS domain, then that DNS domain usually points to the webserver, directly.
Read article >>What is Authorization Code with Proof Key for Code Exchange?
What is Authorization Code with Proof Key for Code Exchange? The Authorization Code flow with Proof Key for Code Exchange (PKCE) is an authentication method. It’s part of OAuth2. It is used to authenticate end-users. The OAuth2 protocol has been patched a couple of times over time. Some authentication methods turned out to be less secure than expected. Read about the history of OAuth2 and the purpose of the protocol to understand how PKCE came to be.
Read article >>