Skip to Content
Beyond the Twelve-Factor App
book

Beyond the Twelve-Factor App

by Kevin Hoffman
April 2016
Intermediate to advanced content levelIntermediate to advanced
70 pages
1h 11m
English
O'Reilly Media, Inc.
Content preview from Beyond the Twelve-Factor App

Chapter 15. Authentication and Authorization

There is no discussion of security, authentication, or authorization in the original 12 factors.

Security is a vital part of any application and cloud environment. Security should never be an afterthought.

All too often, we are so focused on getting the functional requirements of an application out the door that we neglect one of the most important aspects of delivering any application, regardless of whether that app is destined for an enterprise, a mobile device, or the cloud.

A cloud-native application is a secure application. Your code, whether compiled or raw, is transported across many data centers, executed within multiple containers, and accessed by countless clients—some legitimate, most nefarious.

Even if the only reason you implement security in your application is so you have an audit trail of which user made which data change, that alone is benefit enough to justify the relatively small amount of time and effort it takes to secure your application’s endpoints.

In an ideal world, all cloud-native applications would secure all of their endpoints with RBAC (role-based access control).1 Every request for an application’s resources should know who ​is making the request, and the roles to which that consumer belongs. These roles dictate whether the calling client has sufficient permission for the application to honor the request.

With tools like OAuth2, OpenID Connect, various SSO servers and standards, as well as a near infinite ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Beyond Vibe Coding

Beyond Vibe Coding

Addy Osmani
AI Agents in Action

AI Agents in Action

Micheal Lanham
Developing Apps with GPT-4 and ChatGPT

Developing Apps with GPT-4 and ChatGPT

Olivier Caelen, Marie-Alice Blete

Publisher Resources

ISBN: 9781492042631