Authentication

I remember being really impressed the first time I encountered single sign-on (SSO), in which I could access multiple websites after just logging in once. But I was even more impressed when I learned that underlying SSO are just a few, basic HTTP features.

Part two of a two-part series. View part one.

Stateless authentication with JSON Web Tokens  —  safely!

As developers who build REST APIs, we are quite familiar with JSON Web Token (JWT) based authentication. The typical pattern is this:

Part one of a two-part series.

A REST API is a wonderful way to expose application data to a wide variety of clients. Anything that can speak HTTP can communicate with a REST API, and these days that means an exciting variety of devices. From plain old web browsers to mobile devices to a whole array of IoT applications  —  there are a lot of good reasons to use a REST API. And if you’ve ever built one, you’re familiar with the predominant means of restricting endpoints to authenticated users  —  JSON Web Token (JWT) based authentication.

Updated December 2020.

This holiday season, there’s more online activity than ever, from shopping to Zoom sessions with family and friends, not to mention remote work and school. But during all this online activity, how much do you think about your computer security? (We know, there are way more important things on your mind these days!) But a security breach could wreak havoc on your business or personal life. Just think, is your password different for every shopping site or app that you use? If not, it should be!

We deploy Python/Django apps to a wide variety of hosting providers at Caktus. Our django-project-template includes a Salt configuration to set up an Ubuntu virtual machine on just about any hosting provider, from scratch. We've also modified this a number of times for local hosting requirements when our customer required the application we built to be hosted on hardware they control. In the past, we also built our own tool for creating and managing EC2 instances automatically via the Amazon Web Services (AWS) APIs. In March, my colleague Dan Poirier wrote an excellent post about deploying Django applications to Elastic Beanstalk demonstrating how we’ve used that service.