Cloud Computing means use compute resources from someone else and somewhere else in remote data centers around the world. There are some characteristics around this subject, such as: Fault Tolerance: The approach for replicate the solution more than one place in order to reduce downtime to consume those services when you face with any crash. It is like “backup”, applied for applications, data and so on and sor forth. High Availability: The purpose to take closer users that services they will consume for....

OpenID Connect is an extra layer on top of OAuth, so we can say it has the same flows that OAuth has with few more scopes to extend it. So, when we talk about the access token, the protocol says it must not used by the client to read and get access for its information. Clients only need to forward it. On the other hand, clients maybe need to get user information, therefore, OpenID Connect provides the identity token in which only the clients will use it....

Refresh token is a reference token so, you can revogate it if someone stole from you. As a reference token the protocol define it to a long-lived. If you remove it from Authorization Server storage the attacker won’t be able to get a new access token again. The Authorization Server can provide a list of apps approved by the user (and that can be revogate). The usually use case is the duration session (renew the access token getting a new one without provide the credentials again)....

When there is a problem with authorization, there are 2 HTTP response status code used to let the client know a little bit more about the problem: 401 - Unauthorized The Resource Server can answers for one of the 2 scenarios: We don’t know who you are We won’t accept anymore your token because it is expired 403 - Forbidden The Resource Server answers for the scenario: We know perfectly you are but you are not allowed to get access for this resource

For the OAuth 2.1, the amount of recommended flows decreased (from 5 to 2), in which they are: Client Credentials Authorization Code with PKCE Client Credentials That flow represents the machine to machine communication, in which you don’t have “interactive” user present or, at least, you don’t care about it. It means that the user information is not necessary to get resources access, only the client information. The client sends a POST request to the token endpoint in Authorization Server....

In the year of 2005 came up the first protocol using web technologies to provide authentication and authorization with identity provider: SAML 2.0. Before that, it was feasible to do that in web applications with NTLM or Kerberos technologies putting those inside the browser to get access to resources using Active Directory, for example, as a way to have single sign-on on those applications. However, the idea with SAML 2.0 was in how could we proof the user is the user by doing requests to the browser?...

There are two ways in order to authenticate in Azure using Azure CLI: Interactive mode Service Principal mode Interactive mode az login It allows you authenticate in Azure launching the Azure’s authentication page in a browser to manually provide the username and password. Service Principal mode az login --service-principal It is ideal for scenarios used by automated tools. You will need to create one (if it does not exist yet) by either az ad sp create command or az ad sp create-for-rbac command, last giving the according permissions for the Azure resources....

Some of the advantages using code to provisioning virtual machines are: consistency: you are able to create virtual machines with the same characteristics regardless the amount required to that deploy. Besides that, you can follow the changes for this resource using system version control. automation: due to the steps are the same to deploy that resource, they are candidates to automate them, helping to repeat themselves every time as needed. It avoids make some mistakes whereas could appear when apply those steps manually....

Azure Spot instance is a setting that allows Azure to stop and deallocate the virtual machine in order to provide compute capacity to Azure for whatever reason.

In a high level what Azure virtual machine is composed of, the one’s components are: Resource Group: a virtual machine is deployed into a Resource Group, that latter contains an Azure region. Deploying a virtual machine for that Resource Group means to choose in deliver a phisically virtual machine in that location in order to take closer users and/or applications will use the services hosted in it. Size: when building a virtual machine, it is necessary pick one size from a pre-configured list based on a number of CPU cores, amount of RAM and also disk performance capabilities....