Application Front-Ends Must Not Make Authorization Decisions
First, let’s get the usual introductions out of the way. For an in-depth discussion of what Authorization is, check out[…]
Read moreLatest Posts
API Gateways and Multiple Consumer Types
Front / Mark Wilson Sometimes at client sites, I see a separation of APIs advertised on an API Gateway based[…]
Read moreRFC 9068: A JWT-Based OAuth2 Access Token Format Standard
Tokens / SHYCITYNikon For anyone who has been paying attention, this blog post has been a long-time coming for multiple[…]
Read moreMaking Authorization Decisions
backwater / Adedotun Ajibade This blog post continues our discussion of Authorization in the API space. It will explore common[…]
Read moreDelegation — A General Discussion
palmgroove / Adedotun Ajibade Introduction This blog post expands on delegation and related concepts introduced in my Kerberos Delegation blog[…]
Read moreKerberos and Windows Security: Delegation
Nature Art / mynikfoto In this next post in the Kerberos and Windows Security Series, we are going to explore[…]
Read moreHTTP POST vs GET: Is One More Secure For Use In REST APIs?
Grain / Kamil Porembiński The use of HTTP POST vs HTTP GET for read-only (or query) operations in REST APIs[…]
Read moreOAuth2 Access Tokens vs API Keys — Using JWTs
Ankor Wat / Rob Tiggelman There are several approaches to securing APIs. Every API Gateway vendor supports the same core[…]
Read moreIdentity Protocols, Hosted Login UIs, and Custom Login UIs
There are many ways to implement user authentication in a modern application (mobile, desktop, tablet, web, etc). I have previously[…]
Read moreDifferences Between Azure Active Directory and Red Hat SSO v7.1
Pattern / Vinoth Chandar I recently finished implementing OAuth2 and OIDC support for Azure Active Directory in my OAuth2 + OIDC[…]
Read more