Collaborate Disseminate
I have an app that revolves entirely around Spotify. I have followed the authorization guide from Spotify and am using the Authorization Code Flow so the access token can be refreshed. My thinking was that this will prevent them from havin… Continue reading Does my app need authentication in addition to Spotify authorization?
I trying to implement authN/authZ for my application using Spring Security 5.2.2 and OAuth2/openid connect protocols. I use AWS Cognito as an identity provider and I’m trying to implement role-based authorization for my application.
I’ve c… Continue reading Is it correct to use AWS Cognito groups as user roles?
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it possible to re-sign all requests to thei… Continue reading What is the use case of request signing in this mobile app?