Aaron Parecki · Mar 1, 2021 · 6:26 PM UTC

Aaron Parecki · Mar 1, 2021 · 6:26 PM UTC

Aaron Parecki

Aaron Parecki @aaronpk

1 Mar 2021

I just finished making a cheat sheet "OAuth Patterns and Anti-Patterns" and it's available for download now for free! developer.okta.com/blog/2021…

OAuth Patterns and Anti-Patterns - a DZone Refcard

I'm happy to announce a brand new OAuth refcard: OAuth Patterns and Anti-Patterns

developer.okta.com

Mar 1, 2021 · 6:26 PM UTC

Juliano Mohr · Mar 1, 2021 · 9:59 PM UTC

Juliano Mohr @juliaaano

1 Mar 2021

Replying to @aaronpk

At the end you say to use local validation in the API gateway and "if" a particular API requires, then do the remote. Are you implying there are cases the resource server does not need to do any validation at all if the gateway already handles it?

Aaron Parecki · Mar 1, 2021 · 10:01 PM UTC

Aaron Parecki @aaronpk

1 Mar 2021

Yeah, super context dependent of course, but imagine a read-only API method for returning the user's rewards points balance. Not terribly sensitive info, not likely to change often. The gateway validation is likely good enough.

Kevin (Basic Filmmaker) · Mar 2, 2021 · 12:26 PM UTC

Kevin (Basic Filmmaker) @BasicFilmmaker

2 Mar 2021

Replying to @aaronpk

One question: What the hell did I just read. 😂 #KevinTheTechnoNoob