-
AuthN vs AuthZ
23. October 2020
When you do some “login stuff” nowadays you may stumble upon the terms AuthN and AuthZ. Maybe you have wondered what the letters “N” and “Z” mean? The short answer: AuthN stands for Authentication, and AuthZ stands for Authorization. That’s easy right? I guess we’re done for this blog post 🙃 Authentication vs. Authorization But what is the difference between these two terms? Are they not the same? The short answer: No, they aren’t!…
-
OAuth 2.0 Implicit Flow Considered Harmful
8. October 2020
Certainly I’m not the only one writing into the web that OAuth 2.0 Implicit Flow is bad for security reasons and deprecated by OAuth 2.0 Best Current Practices and OAuth 2.1. But this can’t be said enough times. So I’ll try my best! This post is a guide for people facing situations where random dudes asking “Why should I bother? See, Microsoft is recommending it!” After reading this post you can tell them why it is a bad idea to use implicit flow.…
Security / Software Architecture / Clean Code