Author Archives: skarkonan

Sprint 3

During Sprint 3, I focused heavily on the backend authentication logic. My main task was to modify the codebase so that it could dynamically retrieve the correct public key used for JWT validation. This step was crucial for ensuring that our system could securely verify user tokens issued by Keycloak. Instead of hardcoding a single static key, the backend now pulls the current key from Keycloak’s endpoint and matches it using the kid field found in the JWT.

This task pushed me to explore how Keycloak exposes realm-level signing keys and how JWTs are structured. It also helped me better understand public key cryptography and secure token verification.

During Sprint 3, I focused on backend authentication endpoint logic by modifying the codebase to dynamically retrieve the correct public key for JWT validation. This task was essential to ensuring our system can securely verify user tokens issued by Keycloak. It challenged my understanding of authentication flows and pushed me to dive deeper into how Keycloak exposes realm keys.

Evidence of activity

Issue: modify backend to dynamically retrieve public key

Implemented logic within checkRole.js to call getPublicKey() and extract the appropriate key using the kid field from the JWT and matching it against the list of keys returned by Keycloak.

link: https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/iamsystem/fake-backend/-/issues/4

What Didn’t Work Well:
One major blocker this sprint was that the endpoint wasn’t receiving a JWT token as expected. After some investigation, I suspect the issue is related to the backend not properly communicating with Keycloak, possibly failing to redirect or authenticate correctly before reaching the protected route. This made it difficult to fully test the dynamic key retrieval logic, and the issue is still unresolved as of the end of the sprint.

What Could Be Improved as a Team:
Our team could benefit from more consistent backend–frontend integration testing and clear documentation on authentication flow. It wasn’t always obvious where the token was supposed to come from or how to manually test the endpoint without the frontend completely wired up.

What I Could Improve as an Individual:
I want to improve my ability to troubleshoot backend services in containerized environments. I lost time trying to debug the issue without logging enough information or verifying network communication with Keycloak directly. Going forward, I’ll add more temporary logs and use tools like Postman or curl to manually test endpoints early in the process.

Apprenticeship Pattern: Breakable Toys
This pattern encourages building small, throwaway projects where it’s safe to fail, experiment, and learn without pressure.

Summary: Breakable Toys is about creating personal projects that mirror real world systems but are safe to break. These projects help you explore ideas, try new technologies, and learn from mistakes without real-world consequences.
Why I Chose It: During Sprint 3, I treated parts of our backend authentication system like a breakable toy. Since I wasn’t sure how Keycloak integration would work, I built a small test route to experiment with JWT decoding and key matching before applying the logic to the real project.
Behavior Change: This mindset helped me be less afraid to experiment. I now approach new problems by first building a quick, isolated version just to understand how things work, which makes me more confident when implementing the final solution.

From the blog The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Top javaScript testing frameworks

Jest:

Developed by Facebook, Jest is one of the most beginner friendly frameworks, especially for those working with React. It comes pre-configured and includes a test runner, mocking, and assertion libraries. Its snapshot testing and excellent documentation make it a favorite among React developers. However, debugging can be tricky in some IDEs, and large snapshot files can be hard to maintain.

Mocha:

Mocha is a flexible framework ideal for Node.js applications. Its simplicity and long-standing presence in the testing world make it reliable. With support for async testing and various plugins like Chai and Sinon, it offers solid control. That said, it requires more configuration than Jest and lacks some built-in features.

Jasmine:
Jasmine supports asynchronous testing and integrates well with external libraries. It’s loved for its flexibility and extensive community support. The trade-off is more setup complexity, especially if you need additional libraries for mocking or assertions.

Nightwatch
Nightwatch is great for E2E testing with Selenium WebDriver. It’s particularly useful if your team has a Java background, thanks to its object-oriented syntax. However, its syntax can be less readable, and logging failures can be cumbersome without detailed error messages.

Playwright
A rising star from Microsoft, Playwright allows you to automate Chromium, Firefox, and WebKit using one API. It’s fast, supports modern web features, and works well with headless browsers. Being newer, it still lacks the depth of resources available for older frameworks.

Puppeteer
Built by Google, Puppeteer is tailored for Chrome/Chromium automation. It’s fast, developer-friendly, and ideal for tasks like form submission or page scraping. Its main limitation is the lack of cross-browser support.

Selenium
The veteran of test automation, Selenium remains the go-to for cross-browser testing. While powerful, it often requires additional setup and can struggle with scalability unless paired with tools like Selenium Grid or LambdaTest.

Karma
Karma offers real-time feedback and runs tests across devices and browsers. It supports popular frameworks like Mocha and Jasmine. It’s highly flexible, though less commonly used in newer projects today.

Cypress
Cypress is designed for modern JavaScript apps and offers unique features like time-travel debugging and real-time reloads. It runs directly in the browser but is limited to a few supported browsers and doesn’t allow multi-tab or remote execution.

Final Thoughts
Your ideal framework depends on your project’s size, tech stack, and testing goals. Whether you’re working with React, Node.js, or need robust cross-browser support, there’s a JavaScript testing framework tailored to your needs. Test smart, and happy coding!

Reference: https://www.lambdatest.com/blog/top-javascript-testing-frameworks/

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Sprint Retrospective – Sprint 2

This sprint pushed us a bit more out of our comfort zones as we moved deeper into authentication, authorization and infrastructure setup. While we had a better sense of our team dynamics and project direction, some unexpected technical challenges tested our adaptability and communication. Especially, With Keycloak setup and JWT integration becoming a major focus, we encountered some unexpected challenges that helped us grow both technically and as a team.

Evidence of activity

  • Configure Realm Export Script/Command(s): Exported realm configuration from binary to JSON to enable version control and team collaboration.
  • Added user group/role to JWT payload: Configured keycloak settings to add users needed information to JWT payload.

What worked well

Clearer Role Distribution:
This sprint had more defined roles, which helped prevent overlap and increased efficiency.

Deeper Technical Understanding:
Working with Keycloak gave us valuable hands-on experience with client scopes, tokens, and user roles.

Proactive Communication:
Team members were quicker to reach out for testing, review, and feedback. That made a noticeable difference in momentum.

why didn’t work well:
One major challenge was managing Keycloak realm configuration collaboratively.

At first, we exported Keycloak changes (clients, roles, users) using the admin console, which generated binary .realm files. These couldn’t be diffed, merged, or version-controlled properly. This became a blocker when multiple teammates made changes at the same time.

The workaround:

  • We each exported changes into JSON format.
  • Then we manually merged the configurations later, ensuring nothing was overwritten.
  • We also began documenting our changes to avoid confusion.

It was tedious and not ideal, but we learned the value of choosing version-control-friendly formats early on when working with tools like Keycloak.

Individual improvement goals:
– Programming Improvement: Over the last sprint, I struggled with translating my thought process into actual code and logic. This made me realize that while computer science courses often emphasize theory, I need to spend more time improving my practical programming skills to bridge that gap.

– Ask Sooner: I struggled with JWT for hours, when help was just a message away.

Apprenticeship Pattern: “Concrete Skills”

Summary:
The “Concrete Skills” pattern emphasizes the importance of acquiring real, tangible skills that make you immediately useful to a team. These are the kinds of abilities that allow you to contribute from day one—whether it’s setting up a development environment, debugging a system, or deploying a service.

Why I Chose It:
This sprint made me realize how much more confident and helpful I feel when I have concrete, hands-on experience with the tools we’re using, especially Keycloak. Initially, I felt lost trying to work with realm exports and JWT validation because I didn’t have real-world practice with them. After digging in and troubleshooting the JSON config issue, I started gaining practical skills that I could apply directly to our project.

How It Could’ve Helped Earlier:
If I had taken time before the sprint to develop specific, concrete skills—like how to export/import Keycloak realms properly, or how JWT verification works at the code level, I could have contributed more efficiently and with less frustration. This pattern reminded me that building a toolbox of real, usable skills is what makes you valuable in a team setting—not just theoretical knowledge.

Final Thought

Sprint 2 challenged me on a deeper level, not just with code, but with collaboration, tooling, and infrastructure. The lessons around version control, documentation, and communication will stick with us as we move forward. We’re not just building an app—we’re learning how to work like a real development team.

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

What is Integration Testing?

Integration Testing is a key phase in the software testing lifecycle where individual software modules are combined and tested as a group. While unit testing verifies that each module works independently, integration testing checks how these modules interact with each other. In simple terms, Integration Testing is where you check if different modules in your application play nice together. Each module might work fine on its own (thanks to unit testing), but once you connect them, all sorts of bugs can pop up—data not flowing correctly, broken links, miscommunication between components, etc. That’s why this type of testing focuses on the interaction between modules. You’ll hear it called things like “I & T,” “String Testing,” or “Thread Testing.” All fancy names for the same thing—making sure things work together.

Why is Integration Testing Important?

Even if all modules pass unit testing, defects can arise when modules are combined. This can happen due to:

  • Differences in how developers code or interpret requirements
  • Changes in client requirements that weren’t unit tested
  • Faulty interfaces with databases or external systems
  • Inadequate exception handling

Integration testing helps identify these issues early, ensuring seamless data flow and communication between components.

Types of Integration Testing

Types of Integration Testing

There are several strategies to conduct integration testing:

1. Big Bang Testing
All modules are integrated and tested simultaneously.

  • Pros: Simple for small systems.
  • Cons: Difficult to isolate defects, delays testing until all modules are ready.

2. Incremental Testing
Modules are integrated and tested step-by-step.

  • Bottom-Up: Test lower-level modules first, then move up.
  • Top-Down: Start with higher-level modules and use stubs to simulate lower ones.
  • Sandwich: A mix of both, testing top and bottom modules simultaneously.

Stubs and Drivers

These are dummy components used in integration testing:

Driver: Simulates a higher-level module that calls the module under test.

Stub: Simulates a lower-level module that is called by the module under test.

Final Thoughts

Integration Testing bridges the gap between unit testing and system testing. It ensures that individually functional modules work together as a complete system. Whether you’re using Big Bang or an incremental approach, thorough planning and detailed test cases are key to successful integration testing.

Reference:

https://www.guru99.com/integration-testing.html

From the blog The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

CS@Worcester – The Bits & Bytes Universe 2025-04-01 11:45:13

Best UAT Testing Tools in 2025: Deliver Software People Actually Want to Use

User Acceptance Testing (UAT) is one of those final, crucial steps before launching a product. It’s where real users step in to make sure everything works the way it’s supposed to, and more importantly, the way they actually need it to. To make this process smoother and way less painful, there are tons of UAT tools out there. The real challenge? Picking the right one.

In 2025, UAT tools aren’t just about checking off requirements. They help teams stay aligned, find bugs early, and make sure what’s being built is actually useful. If you’re working on anything from a web app to a full on enterprise system, the right tool can seriously level up your process.

Why UAT Tools Matter

UAT isn’t just testing for the sake of it. It’s about making sure the product works in the real world not just in a controlled dev environment. UAT tools help you organize test cases, manage feedback, track bugs, and bring in users to validate everything. The good ones also make it easier for everyone devs, QA, stakeholders, and end users to stay in sync.

If you care about shipping high-quality, user-friendly software , UAT tools are a must.

Top Tools Worth Checking Out

Here are some standout UAT tools in 2025 that I think are really worth a look:

  • LambdaTest: Solid choice for cross-browser testing and real device testing. Supports both manual and automated workflows, plus integrates with tools like Testim.io and QMetry.
  • TestRail: Great for keeping things organized. Helps you manage test cases, track progress, and integrates nicely with Jira and GitHub.
  • Maze: This one’s perfect if you care about user experience. It gives you heatmaps, click tracking, and real time user feedback.
  • SpiraTest: A full suite that combines test case management, bug tracking, and requirement linking all in one place.
  • UserTesting: Lets you test with actual users from around the world and get feedback via video, audio, and written responses.
  • Testim.io: If you’re leaning into automation, this one’s got AI powered test creation and a visual editor that makes building and updating tests way easier.
  • Hotjar: Not your typical test management tool, but super helpful for visualizing user behavior with session replays, heatmaps, and feedback polls.

Final Thoughts

No single UAT tool is perfect for everyone. The best one for you depends on your team, your workflow, and your budget. Sometimes mixing a couple of tools gives you the coverage you need, from test case management to user feedback and performance insights.

At the end of the day, UAT tools exist to help you build better products—and getting that right can make a huge difference.

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Sprint 1

GitLab Activity

Install npm JWT Library and handle validation on Mock FE/BE issue – created a file called checkRole.js that as of moment takes a token and decodes it, however since Keycloak is not configured yet with the backend, checkRole.js is still not setup for the verification of tokens.

Reflection on What Worked Well

This sprint, I found that my ability to collaborate effectively with my team improved. We established a structured workflow using GitLab issues and merge requests, ensuring everyone was aligned. Team meetings and project reviews were also particularly helpful in maintaining quality and catching potential issues early. Additionally, I felt more comfortable with our tech stack, which allowed me to contribute more efficiently to the project.

Reflection on What Didn’t Work Well

One of the biggest challenges during this sprint was time management and managing expectations of fellow team members. Balancing multiple tasks while delivering high-quality work proved difficult, especially when unexpected issues arose. There were also moments when communication gaps led to duplicated efforts or confusion regarding task ownership.

Additionally, an unexpected bug related to the jsonwebtoken library took longer to resolve than anticipated, impacting our overall sprint velocity. I underestimated the complexity of debugging the issue, and this resulted in delays. Moving forward, I want to improve my debugging strategies by breaking down issues systematically and identifying potential causes earlier in the process.

Another challenge was that some tasks took longer than expected due to unclear requirements. There were times when I started working on a feature only to realize later that I had misunderstood part of the implementation. This led to rework and inefficiencies that could have been avoided with better clarification upfront.

Reflection on Changes to Improve as a Team

To improve as a team, we need to refine our communication and task allocation strategies. One possible improvement is assigning issues to members with clear deadlines and deliverables. This would help eliminate the need to check in constantly about each other’s progress and give everyone enough space to focus on their designated tasks.

Additionally, we could establish clearer guidelines on documentation and issue tracking. Proper documentation would minimize misunderstandings and ensure that we have a reference point if any team member forgets certain project details. This could be as simple as maintaining a shared document with important technical decisions, dependencies, and any issues we encounter.

Reflection on Changes to Improve as an Individual

On a personal level, I need to deepen my knowledge of the technologies we are using and strengthen my overall web development skills. Additionally, I must improve my time management and prioritization strategies to ensure more efficient task completion. Allocating time for debugging and testing earlier in the sprint would help reduce last-minute stress and improve the stability of our work. I also plan to dedicate time outside of sprint tasks to learn best practices and gain a more comprehensive understanding of our tech stack. Finally, I recognize the importance of seeking help sooner when I encounter challenges, as doing so will allow me to work more efficiently and avoid unnecessary delays.

Apprenticeship Pattern: “Be the Worst”

Summary of the Pattern

The “Be the Worst” pattern suggests deliberately placing yourself in an environment where you are the least experienced or skilled person. By doing so, you expose yourself to opportunities for rapid learning and growth by observing and working with more skilled individuals. While this can be uncomfortable, it forces you to improve and challenge yourself continuously.

Why I Selected This Pattern

I chose this pattern because, during this sprint, I often felt like I was struggling to keep up with some of my teammates who had more experience with certain technologies. Instead of being discouraged, I realized that this was an opportunity to learn from them and elevate my own skills. Their feedback and insights helped me refine my practices and problem-solving approach.

How This Pattern Could Have Changed My Behavior

Had I fully embraced this pattern earlier in the sprint, I would have proactively sought out mentorship and learning opportunities rather than hesitating to ask questions. Additionally, I would have taken more initiative in tackling challenging tasks instead of sticking to what I was comfortable with. Moving forward, I plan to embrace this mindset and view my inexperience as an advantage rather than a limitation.

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Apprenticeship Patterns

Reading Apprenticeship Patterns made me take a step back and think about what it really means to grow as a software developer. It’s easy to get caught up in learning new technologies, chasing certifications, and trying to keep up with the latest trends, but this book focuses on something deeper, the mindset and habits that shape a longterm career in software. One of the biggest takeaways for me was the idea that becoming a great developer isn’t about how much you already know, but about how you approach learning. The whole concept of being an apprentice, journeyman, and eventually a master makes sense, but what stood out to me the most is that there’s never really a finish line. No matter how much experience someone has, there’s always more to learn. That’s both motivating and humbling. The book also talks a lot about mentorship, self-awareness, and staying open to new ideas. It made me realize that improving as a developer isn’t just about writing more code, it’s about actively seeking feedback, being willing to unlearn bad habits, and knowing when to ask for help. I’ve always leaned towards figuring things out on my own, but after reading this, I see how valuable it is to learn from others who have been through the process. Another thing that stood out is how easy it is to fall into the trap of either imposter syndrome or overconfidence. The book emphasizes the importance of being honest with yourself, knowing what you’re good at and where you need to improve. It’s easy to feel like you’re behind when you see others moving faster, but at the same time, it’s important to not get too comfortable and stop pushing yourself. Finding that balance is key. Overall, this book challenges the way you think about growth and career development. It emphasizes the idea that learning should be intentional, that mentorship and community matter, and that real progress comes from consistent effort over time. It’s made me reflect on how I approach my own learning journey, and I’m looking forward to applying some of these ideas as I move forward in not only my career, but in life as well.

From the blog The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

CS-443, Sepehr’s Introductory’s blog

Hello everyone,

my name is Sepehr Karkonan, a senior at Worcester State University majoring in Computer Science. I am writing this blog to introduce myself and want to wish everyone a great semester filled with success, valuable lessons and great memories. Looking forward to learning with everyone-happy learning.

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Mastering Backend Development: A Comprehensive Guide

Backend development is where the real magic happens. While users interact with the front end of an application, the backend is responsible for everything from data storage to user authentication, ensuring smooth communication between services. Mastering backend development goes beyond learning a single language or framework it’s about understanding how to build scalable, secure, and maintainable systems. In this overview, Im going to talk about the article written by DEV COMMUNITY on mastering backend development

Choosing the Right Language

Choosing the right language is the first step in backend development. Your choice depends on the project’s requirements and your long-term goals. JavaScript (Node.js) is popular for event-driven servers, while Python is great for data-centric applications. Java is ideal for enterprise solutions, and Go is well-suited for high-performance services. Each language has its strengths, so pick one that aligns with your project needs.

Understanding HTTP and Networking

Since backend services communicate over the internet, understanding HTTP is crucial. Knowing how HTTP methods like GET, POST, PUT, and DELETE work, along with concepts such as DNS, will help you design efficient and secure APIs. A solid understanding of these concepts allows smooth communication between services and ensures reliable system integration.

Working with Databases

Databases are fundamental to backend development. Whether you’re using relational databases like PostgreSQL or NoSQL databases like MongoDB, it’s essential to know when to use each. A solid understanding of database management enables you to store and retrieve data efficiently, which is crucial for building fast and scalable systems.

API Design and Development

APIs are the backbone of communication between system components. Designing an efficient and secure API is key to building scalable systems. Whether you’re using REST, GraphQL, or gRPC, consider factors like versioning, security, and documentation to make integration easy for other developers.

Security Practices

Security is essential in backend development. Implementing robust authentication methods like OAuth and JWT ensures that only authorized users can access your services. Understanding common security threats and mitigation strategies is key to protecting your system from unauthorized access and data breaches.

Caching and Performance

To optimize performance, caching is a must. Using tools like Redis or Memcached can help reduce database load and speed up response times by temporarily storing frequently accessed data. Proper caching strategies can drastically improve your system’s performance and scalability.

Scalability and Load Balancing

As your application grows, scaling becomes crucial. Load balancing tools like Nginx or HAProxy ensure that traffic is evenly distributed across servers, helping handle increased traffic without sacrificing performance. Understanding scaling strategies, such as horizontal and vertical scaling, is essential for building resilient systems.

Continuous Learning

Backend development is always evolving. Keep up with new tools, frameworks, and best practices by reading blogs, contributing to open-source projects, and experimenting with new technologies. Continuous learning is essential to becoming a skilled backend developer.

By mastering these concepts, you’ll be on your way to building robust, scalable, and secure backend systems.

Reference
https://dev.to/roadmapsh/mastering-backend-development-mpb

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.

Understanding UML: A Simple Guide to the Unified Modeling Language

In 1997, the Object Management Group (OMG) introduced the Unified Modeling Language (UML). It was created to help IT professionals design and communicate software systems more easily. Think of it like blueprints for a building UML gives developers a standard way to plan and share their ideas about how a system should work.

UML has become a popular tool in the tech world. You’ll often see it listed on resumes, but many people don’t actually know how to use it well. That’s why learning the basics of UML is important if you want to include it in your skillset. In this guide, we’ll cover the article written by Donald Bell who works as a solutions architect for IBM, and some of the most common diagrams and how they’re used.

What Makes UML Special?

UML is not tied to a specific programming language. This makes it flexible and easy to use in many different environments, whether you’re working with Java, .NET, or something else. Also, UML is a language, not a method. This means it can fit into any company’s way of working without requiring big changes.

The main purpose of UML is to help teams understand and share their ideas more clearly. By using UML diagrams, teams can communicate how a system will work, making it easier for new members to join a project and get up to speed quickly.

Key Types of UML Diagrams

Use-Case Diagrams: These show how users (called “actors”) interact with the system. For example, they can illustrate how a customer logs into an app or makes a purchase. Use-case diagrams are simple and focus on the system’s main functions.

Activity Diagrams: These diagrams show the flow of actions in a process. They’re great for mapping out workflows, like how a customer service ticket moves from “open” to “resolved.” Activity diagrams are easy to understand, even for people who don’t have a technical background.

Deployment Diagrams: These focus on where parts of the system will run, like servers or applications. They show how different pieces of the system communicate and help teams plan how everything will work in real life.

Why UML Still Matters

UML has been around for over 25 years, but it’s still widely used because its core ideas are timeless. Much like classic software books that are still relevant today, UML helps solve problems that developers face every day.

Even without fancy tools, you can start using UML with just a whiteboard or pen and paper. By practicing with basic diagrams, you’ll improve how you share your ideas and work with others on software projects. Keep learning, and UML can become one of your most useful tools!

Reference

https://developer.ibm.com/articles/an-introduction-to-uml/

From the blog CS@Worcester – The Bits & Bytes Universe by skarkonan and used with permission of the author. All other rights reserved by the author.