George

👋 Just throwing in two cents here. Went through something similar recently (JWT-based auth for session logic). OWASP advises the `HttpOnly` attribute on cookies. https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#httponly-attribute This protects consumers with client-side...

Follow-up suggestion would be to do OIDC. OAuth is historically for delegation of authorization specifically. Where OIDC is the extension to OAuth for supporting specifically authentication concerns. Supporting this would...

Yes, Google does. Perhaps doing Google via OIDC would be a beneficial endeavour. That sounds like a sensible three to start with 🎉 Pointing back to Grafana as a source...

Food for thought: gRPC docs advise the use of `page_token` and `next_page_token`: https://cloud.google.com/apis/design/design_patterns#list_pagination Sage advice. Since, this can allow different storage backends to potentially alter the pagination mechanism. While a...

Currently the consensus is we do not use mocking libraries. We feel that we are equipped with everything we need, via just using interfaces + structs. The section on mocking...

Opened PR https://github.com/codeship/go-best-practices/pull/12 to cover mocking discussion

Yeah I like it. Something short and sweet. Perhaps with some practical examples of small interfaces using composition and decoration.

I love the adapter example https://github.com/kamranahmedse/design-patterns-for-humans#-adapter Because in their world a hunter can only hunt things which roar. So he makes the wild dog roar in order for the hunt...

That sounds great. Equally, since the client in the UI is controlled within this project, it is something that can be taken advantage of by the UI immediately.

Just in case this is helpful context, this also produces an unexpected (?) result: ``` ➜ jsonnet -e '1650391876808854107' 1650391876808854016 ```