Macaroons Escalated Quickly (fly.io)
from tedu to cloudsec on 31 Jan 21:56
https://azorius.net/g/cloudsec/p/X2RC92F67Z1NqbX464-Macaroons-Escalated-Quickly

Let’s implement an API token together. It’s a design called “Macaroons”, but don’t get hung up on that yet.

Macaroons are user-editable tokens that enable JIT-generated least-privilege tokens. With minimal ceremony and no additional API requests, a banking app Macaroon lets you authorize a request with a caveat like, I don’t know, {'maxAmount': '$5'}. I mean, something way better than that, probably lots of caveats, not just one, but you get the idea: a token so minimized you feel safe sending it with your request. Ideally, a token that only authorizes that single, intended request.

#cloudsec