Open in app

Sign In

Write

Sign In

msingh
msingh

90 Followers

Home

About

Pinned

PKCE, Public Clients and Refresh Token

In this article we will talk about OAuth 2.0 Public clients with focus on native apps PKCE extension to the Authorization Code grant type- specifically how it mitigates the code interception attack Managing Refresh Tokens for native apps — verifying client Identity This article assumes some level of familiarity with…

Pkce

6 min read

PKCE, Public Clients and Refresh Token
PKCE, Public Clients and Refresh Token
Pkce

6 min read


Jul 19, 2021

Demystifying SAML : Lets write a Service Provider

This series of posts and associated code is aimed at removing the mystery of SAML implementation and highlight what is happening in the common SAML workflows. What is SAML? Security Assertion Markup Language (better known as its acronym, SAML) is a protocol for authenticating to web applications. But why do we need such a protocol? Imagine you build a web application…

Saml

5 min read

SAML 101 : Lets write a Service Provider
SAML 101 : Lets write a Service Provider
Saml

5 min read


May 17, 2021

Protobuf and Go : Handling Large Data Sets

Google Protobuf development guide notes the following — Protocol Buffers are not designed to handle large messages. As a general rule of thumb, if you are dealing in messages larger than a megabyte each, it may be time to consider an alternate strategy. This blog walks through implementation of one…

Protobuf

3 min read

Protobuf and Go : Handling Large Data Sets
Protobuf and Go : Handling Large Data Sets
Protobuf

3 min read


May 8, 2021

Protobuf and Go: Handling Oneof Field type

This tutorial provides a basic Go introduction to working with protocol buffer Oneof field type. This can come in handy, when dealing with messages carrying values, which can be one of many given types. Another use case is message values representing a collection of heterogenous types. Pre-requisite : This post…

Go

3 min read

Protobuf and Go: Handling Oneof Field type
Protobuf and Go: Handling Oneof Field type
Go

3 min read


Oct 31, 2020

Sliding Window- Fixed Rate : Practical Rate Limiting for Web APIs

Why do we need Rate Limiting? Picture this : You have a service with a great REST API, and its being used by many clients. These could be services within your own organization or some third party applications. It’s all going good but one day lightening strikes. Users are complaining of high latency and your service…

Throttling

6 min read

Sliding Window- Fixed Rate : Practical Rate Limiting for Web APIs
Sliding Window- Fixed Rate : Practical Rate Limiting for Web APIs
Throttling

6 min read


Jul 11, 2020

Context in go 101

There is tonne of information available on Go Concurrency and context usage like the context package, this blog and this but it can be a bit overwhelming. This article attempts to explain Context via a simple but perhaps the most common use case you would find in Microservices architecture. Pre-Requisite Article…

Golang

5 min read

Context in go 101
Context in go 101
Golang

5 min read


Jun 5, 2020

Cross-origin Resource Sharing — A Hands-on Tutorial (Part III : Cookies)

Part II of the tutorial dealt with complex CORS requests and pre-flight check by the browsers. In this final part, we look at dealing with cookies in CORS . We will also look at subtle differences between same site and same origin and how it impacts cookie behaviour. Cookies By default…

Cors

5 min read

Cross-origin Resource Sharing — A Hands-on Tutorial (Part III : Cookies)
Cross-origin Resource Sharing — A Hands-on Tutorial (Part III : Cookies)
Cors

5 min read


Jun 1, 2020

Cross-origin Resource Sharing — A Hands-on Tutorial (Part II : Complex Requests)

Continuing from Part-I where we successfully handled a cross-origin “simple” request, lets see what non-simple requests are and what we can do to enable support for such requests. Example #2 — Complex Requests Starting from where we left off. …

Cors

4 min read

Cross-origin Resource Sharing — A Hands-on Tutorial (Part II : Complex Requests)
Cross-origin Resource Sharing — A Hands-on Tutorial (Part II : Complex Requests)
Cors

4 min read


May 31, 2020

Cross-origin Resource Sharing — A Hands-on Tutorial

Richer and interactive web pages today are built using dynamic client side scripting. It’s extremely common to have the javascript in the page interact with different web APIs transparently, to provide a smooth experience to the user. …

Cors

5 min read

Cross-origin Resource Sharing — A Hands-on Tutorial
Cross-origin Resource Sharing — A Hands-on Tutorial
Cors

5 min read


Nov 12, 2019

Validating RSA signature for a JWS — More about JWK and Certificates

Previously In the previous article, we looked at how a JWS RSA signature can be validated by fetching information about the public key via a JWK. We overlooked certain aspects which we will discuss in this article to get a deeper understanding. So lets take a look again at our JWK…

Security

4 min read

Validating RSA signature for a JWS — More about JWK and Certificates
Validating RSA signature for a JWS — More about JWK and Certificates
Security

4 min read

msingh

msingh

90 Followers

Software Factotum

Following
  • First Round

    First Round

  • Nassim Nicholas Taleb

    Nassim Nicholas Taleb

  • Mike Belshe

    Mike Belshe

  • Tim O'Reilly

    Tim O'Reilly

  • Izar Tarandach

    Izar Tarandach

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech