BootcampΒ·3yBackend Projects ποΈ for Transitioning to a Senior-Level π Developer π§βπ»
As a backend developer, you play a crucial role in designing and implementing the server-side logic that powers applications. In this article, we will explore a range of project ideas that can help you level up your backend development skills, demonstrate your proficiency in handling advanced concepts, and pave the way for a senior-level developer role.
Permit.ioΒ·3y6 Low-Code Tools That Will Make You a Better Frontend Developer
A developer is measured by their ability to deliver product features in less time while maintaining high code quality. Striking this balance has become more achievable today, thanks to advancements in languages, platforms, CI/CD automation tools, and testing methodologies. We'll explore six low-code tools that can help you become a better frontend developer.
ByteByteGoΒ·3yPassword, Session, Cookie, Token, JWT, SSO, OAuth - Authentication Explained - Part 1
Password, Session, Cookie, Token, JWT, SSO, OAuth - Authentication Explained - Part 1. We discuss the problems each method solves and how to choose the right authentication method for our needs. The diagram below shows where these methods apply in a typical website architecture and their meanings.
InfoSec Write-upsΒ·3yAPI Security for Developers
This post provides a high-level checklist for developers to securely develop APIs, covering all OWASP Top 10 API security issues. It emphasizes the importance of secure APIs and the risks they pose. The checklist includes recommendations for broken object-level authorization, broken authentication, excessive data exposure, lack of resources and rate limiting, broken function level authorization, mass assignment, security misconfiguration, injection, improper assets management, and insufficient logging and monitoring.
Permit.ioΒ·3yAuthN vs. AuthZ: Understanding the Difference
Authentication is the process of verifying the identity of a user or entity, while authorization is the process of granting or denying access to specific resources based on a user's verified identity. Authentication methods include username and password, and biometric authentication. Authorization is managed through policies, such as Role Based Access Control and Attribute Based Access Control.
asayerΒ·3yReact: Performing Authentication with JWT
This article will discuss how to perform JWT authentication in a React app. We will cover the steps involved in setting up a backend JWT endpoint, signing up and signing in from your React app, and protecting routes with JWT validation. You will use a custom-built Express server API to relay the JWT token for a user.
ByteByteGoΒ·3yEP75: How Does A Password Manager Work
This weekβs system design refresher: Top 5 Most Used Architecture Patterns. How does a Password Manager work? Implement passkey authentication in minutes (Sponsored) Join TikTok, Paypal, Google, and other leading tech companies by giving your users a faster and more secure sign-in experience with passkeys.
freeCodeCampΒ·2yWhat is an API Gateway and Why is it Useful?
An API gateway is a fully managed service that simplifies the process of creating, publishing, maintaining, monitoring, and securing APIs. It acts as a middleman between clients and backend services, handling request validation, authorization, rate limiting, request routing, and request/response transformation. It is particularly useful in microservice architectures.
Permit.ioΒ·3ySend SMS Directly from the Browser (No Backend Code Required!)
We'll learn how to send SMS directly from the browser using Frontend Only Authorization (FoAz) standard. To authenticate our users in the browser, we'll use Clerk.dev, a frontend-first authentication platform that lets you add authentication to your application in minutes. Let's create a new React app by using Vite.
AmplicationΒ·3yBest Practices in Testing GraphQL APIs
GraphQL is an open-source data query and manipulation language that revolutionizes how applications interact with APIs. With GraphQL, users can request specific data they need and receive only that data in response. This article provides an overview of GraphQL and highlights five best practices for testing GraphQL APIs.
AT&T IsraelΒ·3yAuthentication & Authorization using React, NestJS & JWT Token
Authentication & Authorization using React, NestJS & JWT Token using NestJS, Passport and JWT libraries for the server side, React, and Redux toolkit (RTK query) for the client side. The article also includes detailed code examples to demonstrate how to implement authentication techniques in practice using JWT token.
SnykΒ·2yTop 3 security best practices for handling JWTs
Ensure the security of your web applications by following the top 3 security best practices for handling JWTs. Keep JWTs secret, validate them properly, and set expiration times to prevent vulnerabilities and breaches. Use tools like Snyk to identify and remediate security issues related to JWTs.
Permit.ioΒ·3yNext.js Passwordless Authentication with SuperTokens & Twilio
Passwordless authentication replaces traditional login methods with secure alternatives, like one-time passwords or biometrics. This approach simplifies the login process and enhances security by eliminating the need to remember and manage passwords. In this tutorial, weβll learn how to set up SuperTokens Passwordless Authentication and How to implement basic authorization with Permit.
Java Code GeeksΒ·3yRESTful Architecture Cheatsheet
RESTful architecture is a scalable and interoperable approach for building web services. It offers benefits such as scalability, interoperability, simplicity, flexibility, and security. The HTTP verbs used in RESTful architecture are GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH, CONNECT, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, and LOCK. Resources in a RESTful API are identified using unique URIs, and plural noun conventions are often used for collections. Authentication and authorization are important aspects of securing RESTful APIs, and various mechanisms such as Basic Auth, OAuth, and RBAC can be used.
Permit.ioΒ·3yIntroducing FoAz: Frontend-only-Authorization
FoAz is designed to solve two key problems faced by modern application developers. It allows developers to "slap on permissions" on existing services that don't have an authorization layer yet, require better policy models. FoAz acts as a proxy service that accepts incoming API calls from the frontend.
InfoSec Write-upsΒ·3yOAuth 2.0 Hacking πΈ
OAuth 2.0 Hacking is an open authorization protocol. It allows sharing of resources stored on one site to another site without using their credentials. It uses username and password tokens instead of credentials. The resource owner is the user/entity granting access to their protected resource, such as Twitter account Tweets.
Permit.ioΒ·3yBest Practices for Authorization in Microservices
In a monolithic architecture, a single authorization point typically controls access to all resources. In a microservice architecture, it's common to embed the authorization logic in the application code itself. Decentralizing the PDPs reduces the impact of any failures, increases availability, and enables horizontal scaling of the authorization process.
LogRocketΒ·3yNestJS interceptors: Guide and use cases
NestJS interceptors are class-annotated with injectable decorators and implement the interface. They are called before sending the request to a controller, while the method is called after the request has been processed by the controller and a response is returned. In the interceptor, we can do any processes and modify the request.
