Top Tweets for #learnSystemDesign
Your application can fail due to:
Threat: Bad actor (e.g., phishing).
Vulnerability: Weak spot (e.g., untrained staff).
Risk: The damage (e.g., breach).
Best approach? Shrink exposure, monitor, recover fast.
What's your weak link?
#learnSystemDesign
I just published API & Service Security #1: The Modern API Threat Landscape https://t.co/BS6yKmjyM2
#learnSystemDesign
Quiz Thursdays #learnSystemDesign
4. True or False:
Authorization always happens before authentication.
Quiz Thursdays
#learnSystemDesign
1. What does “identity” primarily represent in a system?
A. What a user is allowed to do
B. Proof of who a user or system is
C. Encryption of data
D. A security policy
#learnSystemDesign
Most security breaches start with shared credentials.
OAuth fixed that.
Instead of giving apps your password, you give them limited, revocable permission to act for you.
That’s the real magic behind “Log in with Google.”
Delegation > passwords.
More details: https://t.co/4yNiIKTzos

Yesterday: Identity → “Who are you?”
Today: Authorization → “What can you do?”
#learnSystemDesign
Before Authorization:
Identity is known & trusted
Core Question:
Can this identity perform this action on this resource in this context?
Common Models:
RBAC: Users → Roles → Permissions
Stable orgs, coarse-grained, simple
Cons: role explosion, poor context
ABAC: Attribute-based (user, resource, environment)
Flexible, context-aware, avoids role explosion
Cons: harder to debug
Scope-Based (OAuth): Permissions in tokens
Simple, decentralized, good for APIs
Coarse-grained
Policy-Based: Centralized, declarative policies
Expressive, auditable, flexible
Operational complexity
Real Systems combine these systems
RBAC → baseline
ABAC → context
Scopes → APIs
Policies → sensitive actions
Remember: Authorization = decision logic, not data.
Full breakdown: https://t.co/W1a2VUYxll

Identity: The Foundation of Authorization
#learnSystemDesign
Every access decision starts with one question: Who is making this request?
If identity is wrong, authorization is meaningless.
What is identity?
A verified, unique representation of an entity: user, service, device, or organization.
It’s immutable, verifiable, portable, and distinct from accounts or profiles.
Identity ≠ Authentication
Authentication proves identity. Identity itself stays stable even as authentication methods change.
Humans, services, devices, and organizations all need identities to enforce policies, enable auditing, and establish trust.
In distributed systems, identity isn’t tied to a session or memory.
It travels with every request, forming an identity context answering:
- Who is this?
- Who issued this identity?
- Who can trust it?
- With what assurance?
Treat identity as a stable contract.
Authorization, auditing, and security all rely on it. Anything holding permissions must have a verifiable identity.
Can you guess the title of this week's series?
My medium article on this: "https://t.co/wsBj3CjU7o"

Thursday = Quiz Day
For our #learnSystemDesign series, we learnt Session Management this week
🧵Let's go
Q1:
If you delete a refresh token, what happens to already issued access tokens?
A) Instantly invalid
B) Expire naturally
C) Revoked on next request
D) Auto-refresh
Reply👇
Hybrid Auth vs Access + Refresh Tokens
#learnSystemDesign
They look similar, but solve different problems.
Lets start with access + refresh tokens
- Optimize UX
- Reduce risk by short-lived access tokens
- Revocation waits until token expiry

My Medium articles on session Management in order
#learnSystemDesign
- Mastering Stateless Auth with JWT https://t.co/KaShNLb7oT
- Blacklisting JWTs : When and Why a bad idea
https://t.co/TliyfMvdI5
- Server side Session (with Redis)
https://t.co/Y1TMBE82JW
Server-Side Sessions with Redis
JWTs optimize for stateless auth.
Redis sessions optimize for control.
User logs in → session ID stored server-side
Browser holds only a random ID in an HttpOnly cookie
Device lost?
Suspicious activity?🧵
#learnSystemDesign

Uncovering how systems work under the hood, understanding their trade-offs, and knowing when to use them is what #learnSystemDesign is about.
But it starts with learning the systems themselves so you can make better decisions.
1st monday of the month- let's not waste it away completely!
Get the complete System Design Roadmap now: https://t.co/1kRUk4YWog
.
.
.
#systemdesign #gfg #geeksforgeeks #learntocode #learnsystemdesign #System

Trends for you
Most Popular Users

Elon Musk 
@elonmusk
240.8M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
111.1M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.8M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
91M followers

KATY PERRY 
@katyperry
87.9M followers

Taylor Swift 
@taylorswift13
81.8M followers

Lady Gaga 
@ladygaga
73.3M followers

Virat Kohli 
@imvkohli
70.3M followers

Kim Kardashian 
@kimkardashian
69.9M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
64M followers

Neymar Jr 
@neymarjr
63.1M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

Selena Gomez 
@selenagomez
61M followers

X 
@x
60.8M followers

