Phillip Edwards
All Posts by Phillip Edwards
Getting Started with Libsodium in Python and Go
The Networking and Cryptography library (NaCl pronounced “salt”) is a software library that provides the core operations required to build cryptographic tools. Sodium is a fork of NaCl with an extended API; it’s portable, and binaries are available to be used by various programming languages and operating systems. It comes in the form of a library called libsodium. Although there are several Python and Go cryptography libraries, it is primarily a matter of personal choice...
Fixing Common Problems with CORS and JavaScript
Many websites have JavaScript functions that make network requests to a server, such as a REST API. The web pages and APIs are often in different domains. This introduces security issues in that any website can request data from an API. Cross-Origin Resource Sharing (CORS) provides a solution to these issues. It became a W3C recommendation in 2014. It makes it the responsibility of the web browser to prevent unauthorized access to APIs. All modern...
How to Write a Secure Python Serverless App on AWS Lambda
Modern authentication systems generate JSON Web Tokens (JWT). While there are several types of JWTs, we’re concentrating on access tokens. When a user successfully logs in to an application, a JWT is generated. The token is then passed in all requests to the backend. The backend can then validate the token and reject all requests with invalid or missing tokens. Today, we are going to build a simple web application that uses the Okta authentication...
Discovering macOS Settings with PlistWatch
In the Apple operating systems macOS and iOS, software applications store essential configuration data in an information property list (plist) files. The plist files are managed by the operating system. Although macOS does have utilities for reading and writing plist files, they are low level. It’s a manual and time-consuming process working with plist files. There is, however, a little known tool called PlistWatch that enables changes to plist files to be monitored in real...
Elasticsearch in Go: A Developer's Guide
Elasticsearch is a popular datastore for all types of information. It is distributed for speed and scalability and can index many types of content which makes it highly searchable. It uses simple REST APIs for ease of access. Go has an official Elasticsearch library which makes it simple for Go developers to work with data stored in Elasticsearch programmatically. Today we’re going to take a look at how you can easily build a simple app...
Building and Securing a Go and Gin Web Application
Today, we are going to build a simple web application that implements a to-do list. The backend will be written in Go. It will use the Go Gin Web Framework which implements a high-performance HTTP server. The front end will use the Vue.js JavaScript framework to implement a single page application (SPA). We will secure it using Okta OAuth 2.0 authentication. Let’s get started! PS: The code for this project can be found on GitHub...
API Key Best Practices and Examples
When you’re using a REST API, especially one that incurs costs or has usage limits, you need to use an API key to access the API in question. For example, if you’re creating a user account with the Okta API, you’ll need to include your API key in that request for it to succeed. Because API keys grant access to API calls which may change important data or incur significant charges. It is therefore important...
Offline JWT Validation with Go
Modern authentication systems use and generate JSON Web Tokens (JWT). There are many different ways that JWTs are used but, in this post, we will concentrate on JWTs that are used as OIDC access tokens. When a user successfully logs in to an application using a service like Okta, an OIDC access token is generated in the form of a JWT. That token can be passed in requests to the backend. The backend can then...
The Definitive Guide to WSGI
Python has a number of different frameworks for building web applications. The choice of framework limits the choice of available web servers. Java also has a number of web frameworks but they are all based on the common servlet API which means that any framework can run on any web server which supports the servlet API. You’ve probably seen WSGI mentioned before, but you might not be exactly sure what it meant or did. In...