Open in app

Sign In

Write

Sign In

James Collerton
James Collerton

466 Followers

Home

About

Pinned

How I Would Design… An API Rate Limiter!

A system design demonstration — Audience This article is the next in my series of how I would design popular applications. It is recommended (although not entirely necessary) to read the previous posts I’ve helpfully compiled in a list here. …

Software Development

9 min read

How I Would Design… An API Rate Limiter!
How I Would Design… An API Rate Limiter!
Software Development

9 min read


Published in The Startup

·Pinned

A Trip Through Spring Security

What can Spring do to help me secure my application? — Audience This article is aimed at developers with a solid understanding of the basics of Spring and web security. It marries up the two concepts, concluding with a worked example of using Spring Security with Spring Boot. Argument Spring Security is centred round two core concepts: Authentication: Verifying you are who you…

Spring Security

8 min read

A Trip Through Spring Security
A Trip Through Spring Security
Spring Security

8 min read


Published in Nerd For Tech

·Pinned

A Crash Course in Caching

An introduction to caching principles — Audience This article is aimed at developers with a reasonable understanding of how the internet functions, contemporary application architectures and AWS. It will cover what caching is in a more general sense, the motivation behind using it, and then deep dive into specific implementations. Argument A cache stores previously used or computed…

Cache

11 min read

Getting That Cache Money
Getting That Cache Money
Cache

11 min read


Pinned

AWS Kinesis with Java

An introduction to Kinesis using Apache Camel and Spring Cloud Stream — Audience This article is aimed at developers with a reasonable understanding of Java and Spring, but no experience whatsoever with AWS Kinesis, Apache Camel or Spring Cloud Stream. It will explain the role of message brokers, introduce Kinesis and conclude with a worked example based on Twitter data. Argument Message Brokers Message brokers act…

AWS

8 min read

AWS Kinesis with Java
AWS Kinesis with Java
AWS

8 min read


Published in BBC Product & Technology

·Pinned

Rebuilding the BBC moderation platform

Creating an amazing space for audience participation! — At the BBC, we put audiences at the heart of everything we do, so it’s important they feel they have a safe space to interact with all of our online products. …

Software Engineering

5 min read

Rebuilding the BBC moderation platform
Rebuilding the BBC moderation platform
Software Engineering

5 min read


Jan 14

What Does The ‘Authorization: Bearer xxx-yyy-zzz’ Header Mean?

That’s right, it’s something to do with OAuth2.0! — Audience In this article we will explain the usage of the Authorization: Bearer xxx-yyy-zzz style header. I feel it’s one of those things that you might use a fair bit without perhaps fully understanding the implications. This article is a crash course in understanding where it comes from, how it works…

Oauth

4 min read

What Does The ‘Authorization: Bearer xxx-yyy-zzz’ Header Mean?
What Does The ‘Authorization: Bearer xxx-yyy-zzz’ Header Mean?
Oauth

4 min read


Jan 10

OAuth2.0 Token Introspection and Token Revocation

The Authorisation Server giveth, and it taketh away — Audience This article will require a solid understanding of HTTP and the OAuth2.0 core standard. For the latter you can read through my ordered list of articles found here. In the following article we will explore two different RFCs: Token introspection: If you remember, in the OAuth2.0 Core RFC, tokens are…

Coding

3 min read

OAuth2.0 Token Introspection and Token Revocation
OAuth2.0 Token Introspection and Token Revocation
Coding

3 min read


Jan 2

A Crash Course in Open ID Connect (OIDC)

Authentication (OIDC) vs Authorization (OAuth2.0) — Audience This article is aimed at developers looking to understand the Open ID Connect authentication protocol, which is an extension of the OAuth2.0 authorisation framework. Readers will need a reasonable understanding of HTTP and a solid understanding of OAuth2.0, which they can gain by looking at my articles here and here. Argument …

Coding

6 min read

A Crash Course in Open ID Connect (OIDC)
A Crash Course in Open ID Connect (OIDC)
Coding

6 min read


Dec 27, 2022

A Crash Course in the OAuth 2.0 Device Authorization Grant

Authorization for input-constrained devices — Audience This article is aimed at developers looking to understand authorising input-constrained devices such as consoles, TVs, picture frames, smart devices etc. Readers will need a solid understanding of HTTP and the existing core OAuth standards. My other articles on the subject can be found collected in the list here. We…

Software Development

4 min read

A Crash Course in the OAuth 2.0 Device Authorization Grant
A Crash Course in the OAuth 2.0 Device Authorization Grant
Software Development

4 min read


Dec 24, 2022

OAuth2.0 For Native Apps

Authorisation for the Nation! — Audience This article is aimed at developers looking to get a better understanding of how OAuth2.0 works with Native Apps. It will require a solid understanding of HTTP, and the OAuth2.0 framework. To better understand the latter you can read my previous articles on the subject here. You will also need…

Coding

4 min read

OAuth2.0 For Native Apps
OAuth2.0 For Native Apps
Coding

4 min read

James Collerton

James Collerton

466 Followers

Senior Software Engineer at Spotify, Ex-Principal Engineer at the BBC

Following
  • Pinterest Engineering

    Pinterest Engineering

  • Netflix Technology Blog

    Netflix Technology Blog

  • Design at Meta

    Design at Meta

  • Skyscanner Engineering

    Skyscanner Engineering

  • AirbnbEng

    AirbnbEng

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech