The clearest way I’ve had authentication vs authorization explained to me was that authentication is “You are who you say you are” and authorization is “do you have the permissions to view this data”.
"Authentication: Here's is my driver's license, you can confirm this is me." "Authorization: I see that is your ID, but you aren't authorized to enter the Pentagon."
Another usecase for Session storage would be The search filters in an ecommerce website You go into a product and come back or refresh the page accidentally (on mobile pulling down), the search filters stay the same.
It's been really interesting seeing all the local first stuff come to prominence in the last year or so. I have been working on an app for my employer that is essentially local first, though I didn't know to call it that in the beginning. Essentially, every client device needs to have a record of data so that it can function offline, and then when it reconnects it needs to be able to synchronize that data with the cloud and with all the other devices. It's kind of been a syncing nightmare, but it's been a ton of fun, and I've begun to implement some of the steps that I've heard on the podcast to make it a bit sturdier than just passing around JSON blobs
One edge case we had to face was Localstorage, sessionstorge arent available on Android while website is run by Android Google Sign In flow We had to revert everything to cookies usage
Another use case for storing local-first is for end-to-end encryption of data. Data in the server is always stored encrypted while locally the data can be stored unencrypted/encrypted then decrypted during sessions. This way one could still do text-based searches with encrypted data which is really hard to do server-side.
heads up, the part about session storage is not actually correct. if you save something to session storage in one tab, and then open another tab with the same domain, the data will be available in both tabs. the data is only deleted by the browser when all tabs on that domain are closed
Only if your site is vulnerable to Cross Site scripting (XSS) which is typically not possible if you’re using a framework like React unless you explictly are injecting html through ‘dangerouslySetInnerHTML’
You are authenticated as your user, and your user is authorised to perform or access something. authentication = identity verification authorisation = permission verification
Authentication vs Authorization: Are you authorized to be here? (do you have the proper clearance to access this stuff.) The root word of authentication is authentic. Are you authentic? (who you say you are?)
The clearest way I’ve had authentication vs authorization explained to me was that authentication is “You are who you say you are” and authorization is “do you have the permissions to view this data”.
"Authentication: Here's is my driver's license, you can confirm this is me." "Authorization: I see that is your ID, but you aren't authorized to enter the Pentagon."
Another usecase for Session storage would be
The search filters in an ecommerce website
You go into a product and come back or refresh the page accidentally (on mobile pulling down), the search filters stay the same.
That's something search params will do better
It's been really interesting seeing all the local first stuff come to prominence in the last year or so. I have been working on an app for my employer that is essentially local first, though I didn't know to call it that in the beginning. Essentially, every client device needs to have a record of data so that it can function offline, and then when it reconnects it needs to be able to synchronize that data with the cloud and with all the other devices. It's kind of been a syncing nightmare, but it's been a ton of fun, and I've begun to implement some of the steps that I've heard on the podcast to make it a bit sturdier than just passing around JSON blobs
Yes syncing is definitely a nightmare so much so that entire businesses are built around it
have you tried PouchDB with CouchDB for local server data sync?
One edge case we had to face was
Localstorage, sessionstorge arent available on Android while website is run by Android Google Sign In flow
We had to revert everything to cookies usage
I was hoping for a bit more indepth into each of the solutions coming up. ElectricSQL & Zero look awesome!
Another use case for storing local-first is for end-to-end encryption of data.
Data in the server is always stored encrypted while locally the data can be stored unencrypted/encrypted then decrypted during sessions.
This way one could still do text-based searches with encrypted data which is really hard to do server-side.
ya def should of talked about encryption. local first app and client encryption is crucial
heads up, the part about session storage is not actually correct.
if you save something to session storage in one tab, and then open another tab with the same domain, the data will be available in both tabs.
the data is only deleted by the browser when all tabs on that domain are closed
Migrations, at first glance, look pretty difficult with these services. I'm curious how tanstack query persist plugins work , anyone try?
I used dexie too. pretty useful
When will Zero let everyone try? They still show a signup.
Hopefully soon will be in Alpha, maybe this month.
Authentication is who you are. Authorization is what you can see/do.
Local storage for jwt token is insecure, isn't it?
Only if your site is vulnerable to Cross Site scripting (XSS) which is typically not possible if you’re using a framework like React unless you explictly are injecting html through ‘dangerouslySetInnerHTML’
@jakobsaadbye5309 I see
I think the correct name is IndexedDB
I store data in svg 🤣
@11.54 Which one is the episode on the file storage? ...
Ooh good catch! I think Wes is talking about syntax.fm/783
@syntaxfm Thanks a lot! ...
You are authenticated as your user, and your user is authorised to perform or access something.
authentication = identity verification
authorisation = permission verification
Authentication vs Authorization:
Are you authorized to be here? (do you have the proper clearance to access this stuff.)
The root word of authentication is authentic. Are you authentic? (who you say you are?)
I bet you are not from TikTok
First one here
should of talked about how Apple's ITP effets all of this.
AAA basic concept
Scott’s shortest Weeeelcome to syntax. On. This. Monday. Hasty. Treat.
Will 2025 bring a regular sized Welcome?