DEV Community

loading...

Discussion on: Secure APIs using Node.js, Azure AD, Cosmos DB and the Azure SDKs

Collapse
wparad profile image
Warren Parad

That seems like it adds a lot of complexity to the service. Additionally, while the identity part is there, you are verifying the authenticity of the caller identity, you never make sure that the user should actually have access to read the data in the database. You probably want to add an application IAM permissions layer to your app.

It's so much simpler to integrate a working auth solution that contains everything you need rather than trying to build it up, and potentially not including critical security components. Depending on the end goal, there are many different auth solutions.

Collapse
christosmatskas profile image
Christos Matskas Author

It seems like you didn’t understand the blog. The whole point is to remove the need to use secrets or keys from your solution while having the ability to use token claims for fine tuning authorization within the API. A working AuthN solution would work but you lose a lot of control within your app. For us, security is paramount and our goal is to help developers write more robust, secure software. Thanks for reading

Forem Open with the Forem app