Strongest possible agree. https://twitter.com/ELagergren/status/945717130099437568 …
-
This Tweet is unavailable.
-
Replying to @tqbf
Agree about JWTs, but stateless auth is the default configuration of ASP dot NET. Do you think people should turn that off and use a non-default configuration?
1 reply 0 retweets 0 likes -
Replying to @craigstuntz @tqbf
We're using stateless auth in a system with tight SLAs and hundreds of millions of users. Fetching the state from some database would break the latency budget.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg @craigstuntz
I’m not so much doubting you as observing that it’s likely that bigger places than yours have scaled serverside stateful auth (given latency budget).
1 reply 0 retweets 0 likes -
Replying to @tqbf @craigstuntz
We're one of the biggest AWS customers, the list of bigger places than us is very short. I maintain that managing latency is a reasonable tradeoff for stateless authentication. We're working on making most of the services stateless, well beyond just authentication aspects.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg @craigstuntz
I think I’d just say “stateless auth is not a good place to start at”.
1 reply 0 retweets 0 likes -
Replying to @tqbf @craigstuntz
You might be right about that. It might be a place you end at, though, and there might be reasons. Heck, we're running a dozen different services, each run by a different team. Loose coupling between AAA and the service is a good enough reason in itself.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg @craigstuntz
Inter-service stateless auth makes a lot of sense to me! It’s the value of pushing that design out to the client where I start to dislike it.
1 reply 0 retweets 0 likes -
… it helps that inter-service stateless auth is also _much easier_ than clientside stateless auth.
1 reply 0 retweets 0 likes
And I'm *so glad* I only have to audit auth flow for one team (including password recovery and all the pitfalls), instead of all of them!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.