Code reviews: what we owe each other
2025-01-11How do you think code reviews and pull requests should work?
How do you think code reviews and pull requests should work?
Often, a code problem is predictable. You know the starting point, the path and the target. You might even know how long it will take. But sometimes, you just don't know how to do it? There's no known path, and your usual tools don't fit. In that case why not have a little fun with that problem?
I have been tasked recently with finding a way to validate JWT that can come from multiple different identity providers, in the same API. This tends to happen when companies buy each other and try to merge their products and user base. So, first, let's be clear about one thing: wrangling multiple IdPs is the path of pain. You would think that it would avoid painful migrations and get you up and running quickly, but you will pay a huge complexity tax when juggling users and roles from multiple systems interacting in your application.
Validating the JWT, though, is manageable, but I've not seen good advice on how to verify them when they were produced by multiple identity providers. So, let's find a good process for that.
nom, the Rust parser combinators library, is now available at version 5. This is the most mature version of nom. This is the one that feels "done". This is the parser library that I wanted when I started nom 5 years ago. It's here at last.
I am a bit dissatisfied with the use of the Tragedy of the commons to represent issues with free and open source software development. It is not an abstract resource that can be depleted when overused. It is not magically maintained if left alone.