This series of posts and associated code is aimed at removing the mystery of SAML implementation and highlight what is happening in the common SAML workflows. What is SAML? Security Assertion Markup Language (better known as its acronym, SAML) is a protocol for authenticating to web applications. But why do we need such a protocol? Imagine you build a web application…

Google Protobuf development guide notes the following — Protocol Buffers are not designed to handle large messages. As a general rule of thumb, if you are dealing in messages larger than a megabyte each, it may be time to consider an alternate strategy. This blog walks through implementation of one…

This tutorial provides a basic Go introduction to working with protocol buffer Oneof field type. This can come in handy, when dealing with messages carrying values, which can be one of many given types. Another use case is message values representing a collection of heterogenous types. Pre-requisite : This post…

Why do we need Rate Limiting? Picture this : You have a service with a great REST API, and its being used by many clients. These could be services within your own organization or some third party applications. It’s all going good but one day lightening strikes. Users are complaining of high latency and your service…

There is tonne of information available on Go Concurrency and context usage like the context package, this blog and this but it can be a bit overwhelming. This article attempts to explain Context via a simple but perhaps the most common use case you would find in Microservices architecture. Pre-Requisite Article…

Part II of the tutorial dealt with complex CORS requests and pre-flight check by the browsers. In this final part, we look at dealing with cookies in CORS . We will also look at subtle differences between same site and same origin and how it impacts cookie behaviour. Cookies By default…

Continuing from Part-I where we successfully handled a cross-origin “simple” request, lets see what non-simple requests are and what we can do to enable support for such requests. Example #2 — Complex Requests Starting from where we left off. …

Richer and interactive web pages today are built using dynamic client side scripting. It’s extremely common to have the javascript in the page interact with different web APIs transparently, to provide a smooth experience to the user. …

Previously In the previous article, we looked at how a JWS RSA signature can be validated by fetching information about the public key via a JWK. We overlooked certain aspects which we will discuss in this article to get a deeper understanding. So lets take a look again at our JWK…