Strongest possible agree. https://twitter.com/ELagergren/status/945717130099437568 …
You might be right about that. It might be a place you end at, though, and there might be reasons. Heck, we're running a dozen different services, each run by a different team. Loose coupling between AAA and the service is a good enough reason in itself.
-
-
Inter-service stateless auth makes a lot of sense to me! It’s the value of pushing that design out to the client where I start to dislike it.
-
… it helps that inter-service stateless auth is also _much easier_ than clientside stateless auth.
-
And I'm *so glad* I only have to audit auth flow for one team (including password recovery and all the pitfalls), instead of all of them!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.