Authentication is one of the biggest problems facing anyone building apps integrated with cloud services.
You don't have to search much to find stories of developers hard-coding authentication tokens into mobile apps and accidentally leaking valuable keys or account details into the wild. With more and more apps being built by nonprogrammers to work with multiple cloud services, that risk can only grow. Controlled user authentication needs to be part of any modern application development strategy.
Building your own authentication and authorization tooling isn't easy. Does the service you're working with use OAuth, SAML, or something custom? If it's OAuth, which version? Then there's the question of federated identity: Do users need a separate ID for each service, or should they have a single sign-on tied to their corporate identity? Finally, there's the problem of bringing new users onboard and of deprovisioning those who no longer need access to an app -- or who have left the company.
It's a problem we've tried to solve again and again, building webs of trust that struggle to bring our apps and services together. So how do we make new apps safer without increasing the risk users will reject them for being too complex? The answer, unsurprisingly, comes from that new world of APIs and cloud services, with a range of different platforms that offer single sign-on as a service and controlled access to cloud services as well as internal APIs.
To continue reading this article register now