2 comments

[ 4.4 ms ] story [ 12.6 ms ] thread
Am I the only one who thinks this feels wrong? Shouldnt cloud services use token based auth even internally?

At our place we don't protect our backend services behind firewalls, they're protected by auth0 tokens ...

Why frame this as only an either-or? Seems like it's a cheap additional layer of security.

You also might have components you haven't written yourself that don't use tokens, e.g. databases.