開発スタッフがアプリ関連の最新技術やニュースをご紹介します。

There are many authentication & authorization mechanisms to protect and restrict our APIs nowadays. Today I will talk about the three popular mechanisms among them.

API Keys

In the early days, API keys were the only option for limiting or tracking API traffic. The best thing about API keys is their simplicity. All you have to do is log in to the service, find its API key and use it in future requests for authentication. However, along with simplicity, there are drawbacks to API key security and user experience. If the API key grants full access to all operations that the API can perform, such as writing new data or deleting existing data, then the API key occurs and it is harmful for an attacker to know it. .. We recommend that you include your API key in the Authorization header when submitting your request.

JWT

I also talked about JWT in previous weeks. If you want to read more detail, you can check it out my previous articles.

JSON Web Token (JWT) can be used in a variety of scenarios. You can use a JWT access token to avoid database lookups because the JWT contains the base64-encoded version of the data needed to determine the identity and scope of the access. The JWT also contains signatures calculated using JWT data, creating own version of the signature using the same secret you used to create the JWT. This calculation is much more efficient than looking up the access token in the database to determine who it belongs to and whether it is valid. The JWT token must also be passed in the Authorization header. The disadvantage is that you can’t revoke the JWT on its own. Therefore, we recommend that you use JWT in combination with JWT refresh tokens and expiration tokens. If you want to improve security, you need to check the JWT signature for each API call to make sure that the expiration date is still valid.

OAuth

OAuth is the answer to communicate and access user data between services. Unlike API keys, OAuth does not require users to access the developer portal, settings, and so on. In fact, users can access their account with the a simple one click. The most common OAuth implementation uses one or both of the following tokens as below.
Access Token – Sent as an API key, allowing the application to access your data. Optionally, the access token can expire.
Refresh Token: Optional part of the OAuth flow, the renewal token gets a new access token if it has expired. The place where you are most likely to put it is also the authentication header.

Same with API keys, anyone with an access token can invoke harmful operations, such as deleting data. However, OAuth offers some improvements over API keys, like you can associate an access token with a specific scope. This limits the operations and types of data that the application can access so called permission. Also, when combined with a renewal token, the access token expires, which can limit negative impact. Finally, the access token can be revoked even if the refresh token is not in use.

Conclusion

Use API keys if you expect developers to build internal applications that do not need to access data from multiple users.

Use JWT in combination with OAuth if you want to limit database lookups but don’t need the ability to immediately revoke access.

Use OAuth access tokens if you want users to be able to easily authorize services without having to share private data or complicated works.

What is flutter turtle? This is a simple presentation of turtle graphics for flutter. It can simply apply to draw graphics with a custom painter like a logo language.

Flutter turtle is two classes, named with TurtleView and AnimatedTurtleView. To create a turtleView, both of classes require commands parameter. If you want your logo to repeat 5 times and forward 100 , right 200. You can use like this using commands parameter.

[
  Repeat((_) => 5, [
    Forward((_) => 100),
    Right((_) => 200),
  ]),
];

With more information about flutter turtle, check on flutter pub.dev.

Example code :

Widget build(BuildContext context) {
  return Scaffold(
    appBar: AppBar(
      title: const Text('TurtleView'),
      centerTitle: true,
      elevation: 0,
    ),
    body: TurtleView(
      child: Container(),
      commands: [
        PenDown(),
        SetColor((_) => const Color(0xFF006EFF)),
        SetStrokeWidth((_) => 2),
        Repeat((_) => 20, [
          Repeat((_) => 180, [
            Forward((_) => 25.0),
            Right((_) => 20),
          ]),
          Right((_) => 18),
        ]),
        PenUp(),
      ],
    ),
  );
}

Hop you enjoyed this article!

By Ami

開発/検証環境を手軽に構築するためにはXamppの導入は有効ですが、Xamppに含まれるDBが本番サーバーのDBと異なる場合、同じものにあわせて検証をおこなう必要があります。
今回は本番サーバーのDBがMySQLと仮定して、Xamppに含まれているMariaDBをMySQLに置き換える方法をシェアしたいと思います。

続きを読む

近く発売開始が予想されているIntel社の12世代Coreシリーズは
AppleのM1チップの様にいくつかの高性能コアと
いくつかの高効率コアの組み合わせで構成されているといわれています。

低負荷時は高効率コアを使い、負荷が高くなれば高性能コアを使うように
割当を変えるでしょうからアイドル〜低負荷時の電力効率は
既存のCoreシリーズより改善されるでしょう。

高性能コアのクロック数が向上しているらしいので、
逆に高い負荷を継続して与えられるような処理では
今までより冷却性能を要求されるかもしれませんね。

ただ、対応ソケットが変更されたことでマザーボードや
CPUクーラーの買い替えが必要となります。

水曜担当:Tanaka