Long time software architect, CTO Authress, creating application security plug-ins for any software application with Authress. Talk to me about security in microservices or service authorization.
That seems like it adds a lot of complexity to the service. Additionally, while the identity part is there, you are verifying the authenticity of the caller identity, you never make sure that the user should actually have access to read the data in the database. You probably want to add an application IAM permissions layer to your app.
It's so much simpler to integrate a working auth solution that contains everything you need rather than trying to build it up, and potentially not including critical security components. Depending on the end goal, there are many different auth solutions.
It seems like you didn’t understand the blog. The whole point is to remove the need to use secrets or keys from your solution while having the ability to use token claims for fine tuning authorization within the API. A working AuthN solution would work but you lose a lot of control within your app. For us, security is paramount and our goal is to help developers write more robust, secure software. Thanks for reading
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That seems like it adds a lot of complexity to the service. Additionally, while the identity part is there, you are verifying the authenticity of the caller identity, you never make sure that the user should actually have access to read the data in the database. You probably want to add an application IAM permissions layer to your app.
It's so much simpler to integrate a working auth solution that contains everything you need rather than trying to build it up, and potentially not including critical security components. Depending on the end goal, there are many different auth solutions.
It seems like you didn’t understand the blog. The whole point is to remove the need to use secrets or keys from your solution while having the ability to use token claims for fine tuning authorization within the API. A working AuthN solution would work but you lose a lot of control within your app. For us, security is paramount and our goal is to help developers write more robust, secure software. Thanks for reading