First of the Week Reading List

How to use npx: the npm package runner

There’s so much to say about `npx`, but essentially, it allows you to run package (think of the cli tool that comes with a package) without installing it globally, or without installing the package at all!


Microsoft: We want you to learn Python programming language for free

Learn Python for free! But obviously, you probably already expect this, that it will also promote the usage of Azure.


Google reveals new Python programming language course: Scholarships for 2,500

Well, if Microsoft has free Python course, Google gotta launch its own. Soon, I’m sure Amazon will follow. Google course is not free however, but will give scholarship to 2500 students.


Third-Party Components at Their Best

This post is less of educational, but more of “things you should have”, aka checklist, if you want to use third-party UI components. But, it also applies to non-UI, it applies to any open source really. And you can even use this checklist if you want to start your own open source project.


6 Ways to Unsubscribe from Observables in Angular

Yes, the glorious Observables in Angular. It’s double-edged sword, but it will only hurt you if you forget to unsubscribe. Luckily, there are 6 ways to do it. This post will show you how.


App’s Security Terminologies

Basic terminologies when dealing with OAuth security in the context of app (web application, api, mobile application, etc).

Authentication
The process of proving you are who you say you are.

Authorization
The act of granting an authenticated party permission to do something. It specifies what data you’re allowed to access and what you can do with that data.

Identity
Refer to users who request access to resources. Users have to proof their identity is who they said they are, usually through authentication process.

Flow (aka. grant type)
Methods through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials.

Token
A piece of data contain information about users and apps. Common types of tokens:

  1. Id token
  2. A token used to identify user.

  3. Access token
  4. A token used to access some kind of resources, ie: api.

  5. Refresh token
  6. A token used to refresh access token.

Hash
Function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.

Encrypt
Convert (information or data) into a cipher or code, especially to prevent unauthorized access. Common methods of encryption:

  1. Asymmetric
  2. A form of encryption where keys come in pairs. Public keys which may be disseminated widely, and private keys which are known only to the owner. Public keys are used to encrypt and private keys are used to decrypt.

  3. Symmetric
  4. A form of encryption which only use one key (as opposed to pair of keys in Asymmetric). The key is used to encrypt and decrypt.

Decrypt
Make a coded or unclear message able to be understood.

Public private key
See asymmetric encryption above.

Federation
The linking a users’ electronic identity and attributes, stored across multiple distinct identity management systems.

References:
Microsoft
Auth0
Wikipedia

Another Reading List

A .NET Manager’s Perspective on F#

Even though the title says it’s a manager’s perspective, the post actually contains elements of functional programming in general. Good read for intro to functional programming.


The beauty of Functional Programming

This post makes argument on why functional programming is good alternative to more mainstream language. I also like how it covers basic functional programming things like pure function, immutability, etc.


Learn all about Distributed Application Runtime (Dapr), Part 1

Dapr is a fairly new open source project that aim to help you to build multi-cloud, platform-agnostics APIs. It has lots of features, such as state management and pub-sub. This Azure Friday video introduces the concept.


Rock, Paper, Scissors, Lizard, Spock – Sample Application

Microsoft code example to demonstrate microservices that use multilanguage and built in Azure.


Bye bye Postman ! Let’s share your REST API calls in team, easily !

In the world of microservices, tools like Postman is a must today. REST Client is Postman-like, but better. With VS Code extension and versioning in your favorite source control, this is going to be replacing my Postman.


Another Reading List

Cross Tab Communication with Javascript

This post lays out an interesting problem, how can Javascript communicates across browser tab (or iframe or window)? There are few different approaches with pro and cons of each.


Use read-only replicas to load-balance read-only query workloads

With new vCore pricing model, Azure offers SQL solution with better features. One of those is no-cost, built-in read-only scale out database. Read more on the details here.


Overview of Microsoft Authentication Library (MSAL)

MSAL is the new library to authenticate with Microsoft Identity Platform (or what it used to be Azure AD endpoint). It’s replacing ADAL (which only used to authenticate to Azure AD endpoint – v1). The new version support authentication beyond Azure AD which includes personal account (hotmail.com / outlook.com) and social accounts like Facebook / Twitter, etc.  For more details on Microsoft Identity Platform: https://docs.microsoft.com/en-us/azure/active-directory/develop/about-microsoft-identity-platform


Authentication flows

There are many authentication flows in the world of authentication. This Microsoft documentation gives overview of each auth flow and how it’s being used. Primarily for Microsoft Identity Platform, but generally applicable to other platform / framework as well.  The more details coverage of each auth flow can also be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow


Google Spent 2 Years Studying 180 Teams. The Most Successful Ones Shared These 5 Traits

Great achievement can sometime be done by one person. But most of the time, it’s a team. This post talks about Google research into what makes the most successful one. It’s along the same line of previous studies around motivation, more psychological than anything else.