Alexandre Faria Senior Staff Engineer

About me

Hello, I am Alexandre, Senior Staff Engineer since 2022, I am currently working for Decathlon group. With other 20 years of experience in engineering, I had the privilege of achieving significant initiatives that have shaped the technological landscape of my company. One of my proudest achievements was establishing the API strategy that now underpins our company's digital infrastructure. After setting up API Gateway as a core component in our information System, I put in place the API training and get the chance to train many teammates all around the world, which will remain one of my most memorable human experiences. Since 2019 I led the design of an authentication system and API Platform focused on customer data, ensuring compliance and bolstering trust with our users. On the coding side, I spend most of my time in code review, definitively the best moment to grow and learn. Fortunately I still code (more interested in the backend side) obviously on APIs and authentication/security topics, but not only. Sharing knowledge is what I prefer in my daily job.

Code

Backend developer, I am mostly used to develop in Java, using reactive stack. I also like to develop in golang which is a powerful and easy to learn language, despite not being a functional language.

Tools

Obviously I am familiar with GIT. My favourite IDE is IntelliJ/Goland and play sometimes with VS Code. I am also familiar with Docker, which, as for GIT, is a must know for any developer today.

Specs

Any good software must provide ReST or GraphQL APIs. I spent many time reading and understanding oauth2/openid specifications and finally decide to go deeper by contributing part of them into and open source solution (see projects).

Talks

Securing your API - From basics to beyond

In this talk, I speak about some basics actions to secure your API. Keeping in mind that an API remains a web application, without html/javascript, I will do a demo of SQL injection and then quickly review the OWASP top 10 application security risks. From there I zoom on authentication doing a focus on oauth2/OpenID Connect. Stepping to API Management, I deep dive on some features that can help us to secure our APIs.

Check it out Sessions

Projects Contributions

Gravitee.io

Gravitee.io is an open source API platform, providing a flexible, lightweight and blazing-fast open source API Management solution as well as an Authorization Server (called Access Management) that helps organization to finely control who, when and how users access to APIs. Here my main contributions are on the AM side, as it is related to oauth2/oidc.

Check it out

Eclipse Vert.x

Eclipse Vert.x is a tool-​kit for build­ing re­ac­tive ap­pli­ca­tions on the JVM. Re­ac­tive ap­pli­ca­tions are both scal­able as work­loads grow, and re­silient when fail­ures arise. A re­ac­tive ap­pli­ca­tion is re­spon­sive as it keeps la­tency under con­trol by mak­ing ef­fi­cient usage of sys­tem re­sources, and by pro­tect­ing it­self from er­rors.

Check it out