Discover and read the best of Twitter Threads about #Authorization

Most recents (4)

Let’s get our series started in which we make our case against token-based AuthZ.

JWTs are like a key and composed of three parts: a header, a payload, and a signature. Image
The payload contains information to identify the owner of the token: user ID, email address, etc.

These are called claims and essentially, they can hold whatever info you may need.
The signature is what makes a JWT secure, but JWTs are usually not encrypted.

The information is encoded (not encrypted), which means it can be decoded.

The way to keep JWTs secure is to make sure they are hashed using a secret.
Read 15 tweets
Daily Bookmarks to GAVNet 11/14/2021…
This mineral shouldn’t exist on Earth’s surface. But researchers found it inside a diamond.…

#diamonds #minerals #discovery #botswana #davemaoite
Read 8 tweets
.@dschenkelman's chat with @juanrossi, a Senior Platform Security Manager at @Mercadolibre. Join us to know more about their Authorization challenges and how they tackled them.

Join here…
#Authorization and #Authentication are too critical to have everyone learning and implementing them from scratch. With more tens of thousands of employees, @Mercadolibre needed to create a solution that is easy to use and can be implemented in any language and tech stack
They also needed to solve for an important problem that touches on #AuthN and #AuthN: how to handle delegation of permissions, where a user can act on behalf of another user.
Read 16 tweets
@patoarchitekci @marekgrabarz @rwitkowski_asc No więc tak, przesłuchałem w drodze do ... Panie Władzo, to naprawdę moja krytyczna życiowa potrzeba ... tyle powiem w temacie wyjścia. To teraz o odcinku.

@patoarchitekci @marekgrabarz @rwitkowski_asc @marekgrabarz temat zna tak i to z praktyki, że aż mi trochę głupio że co nie powiem wyjdzie na hejt :), ale mam nadzieje że raczej będzie konstruktywnie i rzeczowo.

@patoarchitekci @marekgrabarz @rwitkowski_asc Główna rzecz (to samo było na #AzuredayPL - to do czego mam zastrzeżenie to przekazywanie że #OpenIDCOnnect to jest część #Oauth - tak nie jest. Ogólnie temat odcinka nie powinien brzemieć #OAUth i nie o to powinny być pytania.

Read 19 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!