本文探讨了认证和用户平台的构建，介绍了FusionAuth这款开源的认证和用户平台，其特点包括开发者优先的设计、灵活的部署方式、无限的用户和应用支持以及数据隔离等。此外，文章还回顾了系统设计工具、悲观锁与乐观锁的概念以及JSON Web Token的工作原理，并简要介绍了HTTP协议的演进历史。通过这些内容，帮助读者了解认证系统的设计和实现，以及相关技术概念和发展趋势。

🤔FusionAuth是一个完整的认证和用户平台，拥有超过1500万次下载量，并受到行业领导者的信赖，提供开发者优先的设计，快速集成，基于标准构建，高度灵活和可定制。

🏢FusionAuth支持灵活的托管方式，用户可以选择自主托管或使用FusionAuth提供的托管服务，而不会损失任何功能，并提供无限IDP、用户、租户和应用程序，且始终免费。

🔒FusionAuth通过单租户设计，确保用户数据与其他用户数据物理隔离，提供数据安全性。

🔄悲观锁和乐观锁是数据库中用于维护数据一致性和完整性的重要机制，悲观锁假设冲突会发生，并在修改数据前锁定数据，而乐观锁则假设冲突很少发生，允许并发访问并仅在提交更改时检查冲突。

🔑JSON Web Token (JWT)是一种用于身份验证的令牌，它包含三个部分：头部、负载和签名，头部包含JWT的类型和加密算法，负载包含用户相关信息，签名用于确保JWT的完整性和安全性。

Stop renting auth. Make it yours instead.(Sponsored)

Developer-Centric: True API first design, quick integration, built on standards, highly flexible & customizable.

Hosting Flexibility: You host or we host - the choice is yours with no loss of features.

Unlimited: Unlimited IDPs, unlimited users, unlimited tenants, unlimited applications, always free.

Total Control: Deploy on any computer, anywhere in the world and integrate easily with any tech stack.

Scale Confidently: Lightning-fast performance for 10 users or 10 million users (or more).

Data Isolation: Single tenant by design means your data is physically isolated from everyone else’s.

FusionAuth is a complete auth & user platform that has 15M+ downloads and is trusted by industry leaders.

Start For Free

This week’s system design refresher:

Top 6 Tools to Turn Code into Beautiful Diagrams

?ByteByteGo System Design Course Black Friday Promo ?

Pessimistic vs Optimistic Locking

Explaining JSON Web Token (JWT) with simple terms.

HTTP/1 -> HTTP/2 -> HTTP/3

SPONSOR US

Top 6 Tools to Turn Code into Beautiful Diagrams

Diagrams

Go Diagrams

Mermaid

PlantUML

ASCII diagrams

Markmap

Over to you: Did we miss anything? What's your favorite?

?ByteByteGo System Design Course Black Friday Promo ?

Yearly Black Friday sale is now up! Use code BF2024 at checkout for 30% off the system design interview online course.

To take advantage of the limited-time offers, subscribe before 11:59 pm PST on Monday, December 2nd.

Use code: BF2024

Get It Now!

Pessimistic vs Optimistic Locking

Locks are essential to maintain data consistency and integrity in multi-user environments. They prevent simultaneous modifications that can lead to data inconsistencies.

Pessimistic locking assumes conflicts will occur and locks the data before any changes are made. It prevents other users from accessing and updating the data until the lock is released.

Optimistic locking assumes conflicts are rare. It allows multiple users to access data simultaneously and checks for conflicts when changes are committed. If a conflict is detected, the operation is rolled back.

Some best practices to consider:

Hold locks for the minimum possible time to reduce contention.

Apply locks at the most granular level such as rows rather than tables.

Implement retry logic for transactions that fail due to conflicts.

Pessimistic locking is better for data integrity but can impact performance.

Optimistic locking is better for efficiency and performance.

Over to you: Which locking mechanism have you used?

Explaining JSON Web Token (JWT) with simple terms

Imagine you have a special box called a JWT. Inside this box, there are three parts: a header, a payload, and a signature.

The header is like the label on the outside of the box. It tells us what type of box it is and how it's secured. It's usually written in a format called JSON, which is just a way to organize information using curly braces { } and colons : .

The payload is like the actual message or information you want to send. It could be your name, age, or any other data you want to share. It's also written in JSON format, so it's easy to understand and work with.

Now, the signature is what makes the JWT secure. It's like a special seal that only the sender knows how to create. The signature is created using a secret code, kind of like a password. This signature ensures that nobody can tamper with the contents of the JWT without the sender knowing about it.

When you want to send the JWT to a server, you put the header, payload, and signature inside the box. Then you send it over to the server. The server can easily read the header and payload to understand who you are and what you want to do.

Over to you: When should we use JWT for authentication? What are some other authentication methods?

HTTP/1 -> HTTP/2 -> HTTP/3

HTTP 1 started in 1996 followed by HTTP 1.1 the very next year. In 2015, HTTP 2 came about and in 2019 we got HTTP 3.

With each iteration, the protocol has evolved in new and interesting ways.

HTTP 1 (and its sub-versions) introduced features like persistent connections, pipelining, and the concept of headers. The protocol was built on top of TCP and provided a reliable way of communication over the World Wide Web. It is still used despite being over 25 years old.

HTTP 2 brought new features such as multiplexing, stream prioritization, server push, and HPACK compression. However, it still used TCP as the underlying protocol.

HTTP 3 uses Google’s QUIC, which is built on top of UDP. In other words, HTTP 3 has moved away from TCP.

Over to you: What would you add to understand the evolution of HTTP over the years?

SPONSOR US

Get your product in front of more than 1,000,000 tech professionals.

Our newsletter puts your products and services directly in front of an audience that matters - hundreds of thousands of engineering leaders and senior engineers - who have influence over significant tech decisions and big purchases.

Space Fills Up Fast - Reserve Today

Ad spots typically sell out about 4 weeks in advance. To ensure your ad reaches this influential audience, reserve your space now by emailing sponsorship@bytebytego.com.