build an app with duck iam
A hands-on course that takes you from zero to a production-ready authorization system. Build a real blog platform step by step, using every feature along the way.
What You Will Build
This course walks you through building BlogDuck -- a multi-tenant blog platform with full authorization. You start with a single permission check and finish with a production-grade system using typed configs, scoped roles, ABAC policies, database storage, server middleware, and client-side permission rendering.
Who Is This For
- Developers who are new to duck-iam and want a structured learning path
- Teams evaluating duck-iam for their authorization needs
- Anyone who learns best by building something real
Prerequisites
- TypeScript basics (types, interfaces, async/await)
- Node.js installed (v18+) or Bun
- A code editor
How to Follow Along
Each chapter builds on the previous one. Every chapter ends with:
- A checkpoint showing the complete code so far
- FAQ questions answering common doubts about what you just learned
You can follow along by creating a new project:
Create a new project directory and initialize it:
mkdir blogduck && cd blogduck
npm init -y
npm install @gentleduck/iam typescript tsx
npx tsc --init
mkdir srcmkdir blogduck && cd blogduck
npm init -y
npm install @gentleduck/iam typescript tsx
npx tsc --init
mkdir srcYou are ready. Start with Chapter 1: Your First Permission Check.
Course Map
| Chapter | Topic | What You Learn |
|---|---|---|
| 1 | Your First Permission Check | Roles, Engine, MemoryAdapter, engine.can() |
| 2 | Role Hierarchies | Inheritance, multiple roles, wildcards, validation |
| 3 | Policies, Rules, and Conditions | ABAC, combining algorithms, condition operators, $ variables |
| 4 | The Engine In Depth | Hooks, caching, batch permissions, explain, Admin API |
| 5 | Multi-Tenant Scoping | Scoped roles, tenant isolation, hierarchical resources |
| 6 | Server Integration | Express, NestJS, Next.js, Hono middleware, permissions endpoint |
| 7 | Client Libraries | React, Vue, vanilla JS, permission-based UI rendering |
| 8 | Production Readiness | Type-safe config, validation, database adapters, testing, monitoring |