4 posts
Authentication and authorization are two different problems that most tutorials conflate. Here is the mental model, threat landscape, and FastAPI security toolkit you need before writing a single line of auth code.
9 min readOAuth 2.0 is not authentication — it is authorization. Here are the four grant types, why PKCE is now mandatory, and how to implement the authorization code flow in FastAPI with working code and sequence diagrams.
9 min readAuthentication answers who. Authorization answers what. Here are three authorization models — RBAC, ABAC, and ReBAC — implemented as FastAPI dependencies with decision flows, comparison tables, and production patterns.
10 min readEight authentication and authorization methods, one decision tree. Here is the comparison matrix, production combination patterns, and pre-launch security checklist that turns auth knowledge into shipping decisions.
11 min read