Great point. I left out auth because of the depth of the topic, and also because many auth frameworks are usable from stateless services by default. IOW, they already use a database instead of keeping the data in memory. And that can be a good starting point depending on your experience.
However, it is an entirely valid point that: using a database lookup for every authorization will eventually become a scalability bottleneck, and it will add latency to every request (round trip to auth database). JWT is a much better alternative which alleviates the bottleneck and avoids the latency. On the downside, it can have a learning curve and permission changes do not take effect immediately.
I think you are right that it bears mentioning, so I will add a section for it.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great point. I left out auth because of the depth of the topic, and also because many auth frameworks are usable from stateless services by default. IOW, they already use a database instead of keeping the data in memory. And that can be a good starting point depending on your experience.
However, it is an entirely valid point that: using a database lookup for every authorization will eventually become a scalability bottleneck, and it will add latency to every request (round trip to auth database). JWT is a much better alternative which alleviates the bottleneck and avoids the latency. On the downside, it can have a learning curve and permission changes do not take effect immediately.
I think you are right that it bears mentioning, so I will add a section for it.