Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

<figcaption>Authrization code flow with PKCE for the TeamCollab</figcaption></figure><blockquote id="894c">What actually happens in the PKCE is first the client will generate a code and Hash it (With SHA-256). Then sends the hashed result along with the request to the Auth server. Then later when client submits the authorization code, it must send the previously generated code (pure code before getting hashed). Then the authorization server will apply the SHA-256 and verify whether it equals to the previously received Hashed code(at the first request).</blockquote><h2 id="8d95">Why This Flow Matters</h2>Now, imagine if there was no Authorization Code Flow. You would be logging into TeamCollab and entering your Google email and password directly into TeamCollab’s app. This would lead to serious security risks:<ul><li>Credential Sharing: TeamCollab would need to store your Google username and password, making it a prime target for attackers. If TeamCollab is hacked, your Google credentials (and any other users’) would be exposed.</li><li>Overprivileged Access: Once you share your Google credentials, TeamCollab would have full access to your entire Google account — not just the parts you authorized. Without a way to scope the access (like tokens), the app could read all your emails, change settings, or worse.</li><li>No Revocation: If TeamCollab were compromised or you stopped trusting it, the only way to revoke its access would be to change your Google password, which would be a huge inconvenience.</li></ul><h1 id="90ca">2. Client Credentials Flow in TeamCollab</h1>Let’s say TeamCollab provides an automated backup service for companies. This service periodically backs up all team-related documents and project files stored in Google Drive to a secure internal storage system (within TeamCollab). Since this backup task needs to happen on behalf of the company and not on behalf of a specific user, no individual user needs to log in. Instead, TeamCollab itself acts as the client, needing access to the company’s Google Drive storage for this scheduled task.Here, we use the Client Credentials Flow, where TeamCollab (the client) directly requests a token from Google’s authorization server to access company files for backups.<h2 id="f07a">Step-by-Step Flow:</h2><ol><li>TeamCollab Identifies Itself: When it’s time to perform the backup, TeamCollab’s internal service reaches out to Google’s authorization server. Since there’s no specific user involved, it identifies itself using its client ID and client secret, which are like the app’s credentials. These credentials were issued by Google when TeamCollab integrated with Google Drive as a trusted client.</li><li>Token Request: TeamCollab sends a request to Google’s authorization server, saying, “Hey, I’m TeamCollab, and I need access to Google Drive for backups. Here’s my client ID and secret.”</li><li>Token Issuance: Google’s authorization server verifies TeamCollab’s credentials (client ID and client secret) and, if everything checks out, issues an access token.</li><li>Accessing the Resources: TeamCollab takes the access token and uses it to access the company’s Google Drive. It retrieves the documents and project files necessary for the backup and stores them securely in its internal storage.</li><li>Token Expiration: Just like in the Authorization Code Flow, the token has an expiration time. When the token expires, TeamCollab can request a new token using the same client credentials without any user intervention.</li></ol><figure id="aaac"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*LowSaXsXnHE5CKp4xzj8zA.png"><figcaption></figcaption></figure><h2 id="272f">Why Client Credentials Work Here</h2>Now, you might wonder: “Why is it okay to use a client ID and client secret to get a token in this scenario?”Let’s break it down:<ol><li>No User Involvement: In this scenario, no specific user is involved. The backup service is purely a machine-to-machine operation. It’s TeamCollab, as a system, interacting with Google Drive to retrieve files. Since no user is logging in, we don’t need to worry about user credentials, login screens, or handling sensitive user data.</li><li>Why Client ID and Client Secret are Safe: TeamCollab uses its client ID and client secret (think of these as app credentials) to authenticate itself with Google. These credentials are securely stored on TeamCollab’s servers and never exposed publicly. This is a safe and standard practice because:</li></ol><blockquote id="42be">It’s secure: The client secret is stored securely on the server, not shared with end users or exposed in insecure environments (like browsers or mobile devices).</blockquote><blockquote id="bc8c">No human interaction: Since this process doesn’t involve a user logging in, there’s no risk of password sharing or phishing.</blockquote><blockquote id="2ad3">Automated process: The service can run automatically without requiring any manual steps or user intervention, which is ideal for background tasks like backups.</blockquote>3. Machine-to-Machine Authentication: The Client Credentials Flow is designed exactly for this kind of use case where one system (TeamCollab) needs to authenticate itself to another system (Google) and access resources without any user interaction. This flow is perfect for scenarios like background services, data syncs, or system-level integrations where no human needs to be involved.<h1 id="6f32">3. Device Code Grant in TeamCollab</h1>Imagine TeamCollab is installed on a large smartboard in your company’s meeting room. Team members can use the smartboard to manage tasks, review project timelines, or even access shared Google Drive files during meetings. However, the smartboard doesn’t have a keyboard or a convenient way to log in. You can’t type in your email and password on a large screen, especially in front of everyone.In this situation, we need a way to let users securely log into TeamCollab on the smartboard, without directly entering credentials on the device itself. This is where the Device Code Grant flow comes into play.The Device Code Grant is designed for devices like TVs, smartboards, or other gadgets that don’t have an easy input method for typing usernames and passwords.<h2 id="ce2c">Step-by-Step Flow:</h2>1.Initiating the Login: A user walks up to the smartboard in the meeting room, taps on the TeamCollab app, and selects “Log in to TeamCollab.” Instead of showing a keyboard or asking for credentials, the smartboard displays a unique code (let’s call it a device code) and a URL like <a href="https://login.teamcollab.com/device."><code>https://login.teamcollab.com/dev</code>ice.</a> This can be put into a QR code and ask the user to scan the QR code with another device.2.User Action on Another Device: The user is instructed to take out their phone or laptop (something that has a proper keyboard and browser) and navigate to the displayed URL. There, they’re asked to enter the device code that’s shown on the smartboard.<blockquote id="ce6f">For example, the smartboard might show something like: “To log in, go to <a href="https://login.teamcollab.com/device">https://login.teamcollab.com/device</a> and enter the code: ABC123.”</blockquote><blockquote id="823c">Or else Scan the QR code which will navigate to the above url with the code embedded in the URL</blockquote>3.Authentication on a Personal Device: Once the user opens the URL on their personal device (phone or laptop) and it redirects the user to the login page. After they authenticate successfully. Here if user’s tries to access the Google drive files then the TeamCollab’s auth service will redirect the user to the respective Google’s login and then Google asks for their permission to allow TeamCollab (on the smartboard) to access their Google Drive and other resources.4.Granting Permission: After the user consents, TeamCollab’s Authorization server provides an access token to TeamCollab, which can then be used on the smartboard. TeamCollab automatically detects that the login process is complete and grants access to the user’s files and tasks on the smartboard. Here SmartBoard App keeps polling the TeamCollab’s auth service by checking whether user has logged in or not.5.Access Granted: The smartboard, now having received the token, can use it to interact with TeamCollab services without the user ever having to type in their credentials on the device itself. The user is securely logged in, and the smartboard can now be used to manage tasks, review files, and collaborate in real-time.<figure id="1e92"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*g3Y980sYElG-q7XtKD9yng.png"><figcaption>How device grant is used in a smartboard</figcaption></figure><h2 id="9dbb">Why Device Code Grant is Used Here</h2>The Device Code Grant flow solves a very specific problem: how to log into devices that don’t have a user-friendly way to enter text, l # Options ike smartboards or even TVs. Here’s why this flow is particularly useful:<ol><li>Input Limitation: Devices like smartboards or TVs aren’t designed for entering usernames and passwords easily. The Device Code Grant allows users to authenticate using another, more convenient device (like their phone or laptop) where they can comfortably log in and grant access.</li><li>No Credential Exposure: Since the user is never entering their credentials directly on the smartboard, there’s no risk of their password being exposed or compromised on a shared or insecure device. They’re only logging in via a trusted, personal device like their phone or computer.</li><li>Separation of Device and Authentication: The device code separates the login process from the device itself. The smartboard or other limited-input device just needs to display the code and wait for the user to authenticate on another device. Once the authentication is completed on the personal device, the smartboard is granted access, but it never sees the user’s password or other sensitive information.</li></ol>The Device Code Grant flow in TeamCollab provides a perfect solution for scenarios where users need to authenticate on devices with limited input capabilities, like smartboards, while keeping their credentials secure and the process user-friendly.<h1 id="7f15">4. Refresh Token Flow in TeamCollab</h1>Let’s say you’ve logged into TeamCollab through the web app using the Authorization Code Flow. You’re working on a project and accessing your Google Drive files via TeamCollab. The access token TeamCollab received from Google has an expiration time — let’s say it’s valid for one hour. After that hour, the token will expire, and you won’t be able to continue accessing your Google Drive files unless you get a new token.This is where the Refresh Token Flow comes in handy.<h2 id="47c1">How the Refresh Token Flow Works:</h2><ol><li>Initial Token Issuance: During the initial login (e.g., using the Authorization Code Flow), TeamCollab’s authorization server issues both an access token and a refresh token. The access token is used to communicate with Google’s APIs, and the refresh token is stored securely by TeamCollab for later use.</li><li>Access Token Expiry: After an hour, the access token expires. Normally, you would need to go through the entire login process again to get a new access token, but since TeamCollab was also given a refresh token, it can use this to renew the access token automatically.</li><li>Token Renewal with the Refresh Token: When TeamCollab notices that your access token has expired, it sends a request to the authorization server with the refresh token. The server verifies the refresh token and issues a new access token without requiring you to log in again.</li><li>Continued Access: With the new access token in hand, TeamCollab can continue to access your Google Drive files seamlessly, without interrupting your workflow or making you log in again.</li></ol><h2 id="c1ab">Why the Refresh Token Flow is Useful</h2>The Refresh Token Flow provides a smooth user experience by avoiding frequent logins. Here’s why it’s beneficial:<ul><li>No Need for User Re-authentication: Once logged in, the user can continue working without having to re-enter credentials every time the access token expires.</li><li>Long-Term Access: The refresh token allows TeamCollab to renew access tokens in the background, ensuring uninterrupted access to resources over extended periods.</li><li>Security: The refresh token itself is usually long-lived and can be securely stored on the server, minimizing the risk of exposure to the client or malicious actors.</li></ul><h1 id="9a12">Legacy Grant Types: Password Grant and Implicit Grant in TeamCollab</h1>When OAuth 2.0 was first introduced, some systems were still heavily reliant on users providing their usernames and passwords to third-party services. To enable a smooth transition from these old methods to OAuth 2.0, the Password Grant and Implicit Grant were introduced. These grant types provided a way for existing systems to migrate to OAuth 2.0, but over time, as more secure and robust flows were developed, they became legacy and are no longer recommended for modern applications.<h2 id="fe9f">1. Password Grant (Resource Owner Password Credentials Grant)</h2>How it works: The Password Grant allows a user to provide their username and password directly to the client (in this case, TeamCollab), which then sends those credentials to the authorization server to obtain an access token.<ul><li>In TeamCollab’s case: If we were to use the Password Grant flow, when a user logs into the TeamCollab web app, they would be asked to enter their Google username and password directly into TeamCollab. TeamCollab would then pass those credentials to Google’s authorization server and receive an access token to access the user’s Google Drive files.</li></ul>Why it’s not recommended This method exposes the user’s credentials to the client app (TeamCollab), which completely defeats the purpose of OAuth 2.0’s primary goal — avoiding the sharing of credentials with third-party services. It increases the risk of a security breach, as TeamCollab would now be responsible for handling and protecting user credentials, which could be exposed or misused.Why other grant types are better The Authorization Code Flow with PKCE ensures that the user’s credentials are never shared with TeamCollab. Instead, authentication is handled directly between the user and the trusted authorization server (like Google), which returns a token to TeamCollab. This keeps credentials secure and out of TeamCollab’s hands.<h2 id="3351">2. Implicit Grant</h2>How it works: The Implicit Grant is a simplified version of the Authorization Code Flow, where the access token is returned immediately without the need for exchanging an authorization code. This grant type was primarily designed for client-side (JavaScript) applications where storing a client secret wasn’t secure or feasible.<ul><li>In TeamCollab’s case: If we used the Implicit Grant flow for our web app, when a user logs in, TeamCollab would receive the access token directly in the browser after they authenticate with Google, without any further token exchange.</li></ul>Why it’s not recommended The Implicit Grant has security vulnerabilities because the access token is exposed directly in the browser, making it more susceptible to being intercepted by malicious actors. Since there’s no client secret involved, it’s easier for attackers to obtain access tokens and compromise security.Why other grant types are better The Authorization Code Flow with PKCE ensures that the access token is exchanged server-side, keeping it out of the client (browser) and adding an extra layer of security with the PKCE code challenge. This makes the entire flow more secure, especially for public clients like web or mobile apps.While the Password Grant and Implicit Grant served a purpose during the early days of OAuth 2.0 to help older systems transition, they are now legacy and deprecated for modern applications. By using secure grant types like Authorization Code Flow with PKCE, Client Credentials, Device Code, and Refresh Tokens, TeamCollab ensures a more secure and robust experience for its users.<h1 id="8606">You’ve Mastered OAuth 2.0 Grant Types!</h1>Congratulations! You’ve now got a solid understanding of the OAuth 2.0 grant types and how they apply to real-world projects, just like our hypothetical TeamCollab solution. Whether it’s securing a web or mobile app with the Authorization Code Flow with PKCE, letting backend services talk securely using the Client Credentials Flow, enabling device-based logins with the Device Code Flow, or keeping sessions alive with the Refresh Token Flow, you’ve covered the essentials of modern, secure access management.By learning how to apply these grant types in your applications, you’re not just improving the user experience, but also contributing to making the digital world a safer place. OAuth 2.0 provides a robust framework for ensuring that user credentials stay private, access is controlled and revocable, and different devices can communicate securely.As you continue building applications, make sure to choose the right OAuth 2.0 grant type for each situation. By doing so, you’re helping raise the bar on security standards across the web, creating a more secure environment for everyone.Thanks for taking this journey into OAuth 2.0 grant types with me! Stay tuned for another scenario-based article covering another exciting software engineering topic soon. Keep learning, keep building, and let’s continue making the world a safer and more innovative place together!Until next time! 👋</article></body>

10 Most Intriguing Historical Fiction Novels

Period pieces that educate and entertain

I’ll be honest.

I only thought of writing this article because a friend asked me for a historical fiction book he could gift his partner for their birthday. I ended up naming at least seven.

Far from being helpful, my friend was now forced to pick one from my gigantic list and order it!

Jokes apart, historical fiction is one of my favourite genres, and I have read many excellent books — both popular and underrated. In this article, I am sharing ten of the best I have read.

I tried keeping this list as diverse and inclusive as possible. I hope you enjoy reading these brilliant books.

(Note: The links mentioned in this article are affiliate links. If you choose to purchase these books through these links, it will help me earn a small amount of money — at no extra cost to you. Thanks!)

1. The Book Thief by Markus Zusak

Set in: Nazi Germany of 1939–1943

The Book Thief is narrated by Death who possesses a book a girl called Liesel wrote. Liesel, though never greedy, is a thief who starts out by stealing randomly, slowly moving towards being more methodical. When Liesel’s foster family hides a Jew in their basement, Liesel’s world is both opened up and closed down. Death picks up Liesel’s notebook after she forgets it in her grief, amongst the destruction that was once her home.

“Imagine smiling after a slap in the face. Then think of doing it twenty-four hours a day. That was the business of hiding a Jew.”

Why you should read it

A hearth-wrenching story told with such simplicity; this is a story that would refuse to go away. Though dealing with dark and complex subjects, the book is never morbid. The author’s lively humour dances through the pages, tying the strings together. It is a masterfully written, well-balanced story that would leave its imprint in your memory forever.

Purchase the book here.

2. One Hundred Years of Solitude by Gabriel Garcia Marquez

Depicting Latin American history from the postcolonial 1820s to the 1920s.

Pipes and kettledrums herald the arrival of gypsies on their annual visit to Macondo, the newly founded village where José Arcadio Buendía and his strong-willed wife, Úrsula, have started their new life. As the mysterious Melquíades excites Aureliano Buendía and his father with new inventions and tales of adventure, neither can know the significance of the indecipherable manuscript that the old gypsy passes into their hands.

(Blurb from Goodreads)

Why you should read it

Several readers give up on this book because of the complex family dynamics, made even more convoluted by characters from different generations sharing the same name. But the writing is so unique, riddled with such colourful, absurd metaphors, you will find yourself laughing out loud. Here’s a sample:

“The air was so damp that fish could have come in through the doors and swum out the windows.”

This a mystical and captivating tale, one that plays around with reality itself. It wouldn’t be an understatement if I said this book was an epitome of magical realism at its best.

Purchase the book here.

3. The Guernsey Literary and Potato Peel Pie Society, Mary Ann Shaffer

Written in an epistolary format, consisting of letters back and forth between Juliet Ashton, a young author in 1946 London and several of her contacts and friends. It is just after World War II, and the people are trying to reclaim their lives and figure out if and how to move on from the tragedy of the war. There is a personal touch to the letters, and they feel like interesting true stories and anecdotes disguised in the book as random people’s letters to Juliet.

This book has some adorable, often quirky, characters, and quite a bit of fascinating (and unavoidably harrowing) tales of WWII history. There is heaps of humour thrown in and just the right amount of romance to leave you with a smile on your face.

“That’s what I love about reading: one tiny thing will interest you in a book, and that tiny thing will lead you to another book, and another bit there will lead you onto a third book. It’s geometrically progressive — all with no end in sight, and for no other reason than sheer enjoyment.”

Why you should read it

This is one of those rare books that serve to remind us that the written word is a universal language that can speak to even the most distant among us. It will touch you, regardless of age or class. It will remind you why you read: to know that no matter what you are going through, you are not alone.

Purchase the book here.

4. The Great Indian Novel by Shashi Tharoor

Set in: Pre and post-independence India (and Pakistan)

This is more of a political satire than historical fiction. Shashi Tharoor’s brilliant novel draws parallels between the socio-political scene of pre and post-independent India and the two-thousand-year-old epic, The Mahabharata. Intense, heartbreaking, beautiful, hilarious, just like the story of India herself.

The narrative encompasses the history of modern India’s struggle for independence and serves it to the reader, wrapped up in delightful humour and masterful language. Amid all the tragedy and violence, the author packs in enough silly puns and parody to make one chuckle.

“Fasts, Ganpathi, have never worked half as well anywhere else as they have in India. Only Indians could have devised a method of political bargaining based on the threat of harm to yourself rather than to your opponent…As a weapon, fasts are effective only when the target of your action values your life more than his convictions — or at least feels that society as a whole does. So they were ideally suited to a non-violent, upright leader like Gangaji.”

Why you should read it

The author is one of India’s most well-loved politicians and writers. His wit shines through his debut work of fiction. There is not a single dull moment throughout the plot. Read this book if you have a knowledge of the events of The Mahabharata, or else, the excellent metaphors would be lost on you. Be warned though: expect to laugh out loud at moments you least expected.

Purchase the book here.

5. Funny Boy by Shyan Selvadurai

Set in: The Buddhist Sinhala and Hindu Tamil violence in Sri Lanka in the 1970s

Funny Boy is the story of Arjie, a teenager, as he comes to terms both with his homosexuality and with the racism of the society in which he lives. Arjie grows up playing with girls, putting on makeup and cross-dressing — acts that are considered weak, unmanly and, “funny.” His non-normative sexual behaviour sets him apart and makes it difficult for him to make friends with people of his gender. Already struggling to fit in, Arjie’s world is torn apart by tragedy as the ongoing war between the army and the militant group calling themselves “Tamil Tigers” gradually begins to encroach on the family’s comfortable life.

“I was able to leave the constraints of myself and ascend into another, more brilliant, more beautiful self, a self to whom this day was dedicated, and around whom the world, represented by my cousins putting flowers in my hair, draping the palu, seemed to revolve. It was a self magnified, like the goddesses of the Sinhalese and Tamil cinema, larger than life; and like them, like the Malini Fonsekas and the Geetha Kumarasinghes, I was an icon, a graceful, benevolent, perfect being upon whom the adoring eyes of the world rested.”

Why you should read it

The novel brilliantly portrays the tumultuous time in a divided Sri Lanka, while telling a heart-rending story of the ongoing conflict between homosexuality and social acceptance. This Lambda Literary Award for Gay Men’s Fiction winner (1997) is is a brilliant, underrated work of fiction I believe every reader should read at least once.

Purchase the book here.

6. The Twentieth Wife by Indu Sundaresan

Set in: India of the 1500s under the Mughal rule

Set in the Mughal empire of the 1500s, the author’s debut novel is an epic tale of royal romance, tradition, history and struggle for control of the throne. What makes this book stand out is that the story is fictional, but the characters and places are real. The depiction of the struggles of Mehrunnisa, the daughter of starving refugees who goes on to become the empress of the mighty Mughal empire is inspiring and magical. The slowly-blooming romance between Mehrunnisa (a.k.a Empress Nur Jahan) and the Emperor Jahangir (who ultimately goes on to build the iconic Taj Mahal for her) is portrayed with a lot of empathy.

“We must be careful not to teach the girls too much. How will they ever find husbands if they are too learned? The less they know, the less they will want of the outside world.”

Why you should read it

This book will take the reader back to the grandeur of those days, make them want to visit the palaces and see for themselves how such breath-taking beauty can exist. It will show how the world functioned in those times — the culture, the traditions, the beliefs, and superstition — everything is woven intricately with the story.

Purchase the book here.

7. Midnight’s Children by Salman Rushdie

Set in: Pre and post-independence India of the 1940s

Salma Rushdie’s 1981 Booker Prize-winning book tells the story of Saleem Sinai, a Mumbai boy born at the midnight of India’s independence. He is one of the 1,001 children born at the midnight hour and endowed with an extraordinary talent that “handcuffs them to history”. Through Saleem’s gifts of the inner ear and wildly sensitive sense of smell — the reader is drawn into a fascinating family saga set against the vast, multi-faceted tapestry of India of the 20th century.

“Memory’s truth, because memory has its own special kind. It selects, eliminates, alters, exaggerates, minimizes, glorifies, and vilifies also; but in the end it creates its own reality, its heterogeneous but usually coherent version of events; and no sane human being ever trusts someone else’s version more than his own.”

Why you should read it

A must-read for all lovers of magical realism. Read it for the lush imagery, the curiously-lopsided characters, the beautiful prose, and the brilliant narrative that borders on allegorical. The plot and events of the book can be enjoyed on a deeper level if one has an understanding of Indian history.

Purchase the book here.

8. The Palace of Illusions by Chitra Banerjee Divakaruni

Set in: Ancient India (more of a mythological retelling, but there are elements of historical fiction)

This brilliant book is a reimagining of the world-famous Indian epic, the Mahabharata — told from the point of view of an amazing woman — Panchaali.

Many Indians and mythology-enthusiasts might already be aware of the events that unfolded during the Mahabharata, but this book takes us through those times through the eyes of the woman who started it all. The author has brilliantly woven her storytelling with divine and supernatural events in the form of Draupadi’s dreams and the court songs sung by bards. The feminist tinge throughout the book throws light on the challenges women have faced since centuries by virtue of their birth. The book would definitely be an entertaining read with its colourful scenes and also play a part in ssensitising men to the pain women used to face in medieval times and continue to face today.

“I saw something I hadn’t realized before: words wasted energy. I would use my strength instead to nurture my belief that my life would unfurl uniquely.”

Why you should read it

The quotable quotes would make you want to keep coming back to the pages to discover another bunch of hidden gems at each re-read. After all, how can one not fall in love with a female protagonist who claims power for herself and quotes — “I am buoyant and expansive and uncontainable — but I always was so, only I never knew it!”?

Purchase the book here.

9. Train to Pakistan by Khushwant Singh

Set in: Pre-Independence India of 1947

India, a land rich in history and culture, was under colonial rule for 200 years. When the country gained her independence in 1947, she was split into two nations — India and Pakistan. What preceded the partition was a period of darkness where the entire mainland was plunged into the abyss of religious hate that ended in the deaths of more than a million people.

Khushwant’s Singh’s masterpiece is set in Mano Majra — a village where Sikhs and Muslims have lived together in peace for hundreds of years. The village gets its first taste of the horrors of the civil war when a silent train arrives at the station — loaded with the dead bodies of thousands of refugees. This isolated village is plunged into a bloodbath of inter-religious hatred and violence, trapped amid which is a young couple — a Sikh boy and a Muslim girl whose love endures and transcends the ravages of war.

“Morality is a matter of money. Poor people cannot afford to have morals. So they have religion”

Why you should read it

I am not educated enough to state facts, but every Indian knows the kind of emotions they have attached with the time when their country won independence, and the fragile history the land has with its nearest neighbour, Pakistan. Train to Pakistan feels like an honest attempt to save what love is left between these two countries. Without doubt, there are a few points where the never-resolved debate of which party was right at that time comes up, but read this book for the emotions, not the facts.

Purchase the book here.

10. The Tattooist of Auschwitz by Heather Morris

Set in: Pre-World War II concentration camp

This is the harrowing story of Lale Sokolov, a Slovakian Jew, who is forcibly transported to the concentration camps at Auschwitz-Birkenau and becomes the man who tattoos the arms of thousands of prisoners with their numbers. One day, he meets a female prisoner, Gita, and in that first encounter, Lale vows to somehow survive the camp and marry her.

I started reading this book on a Saturday morning, and the story was so riveting, I HAD to finish it in one day. And now that I’m done, what shall I say? The Tattooist of Auschwitz is one of the best books I read in recent times, and I hope to re-read it again and again.

“The tattooing has taken only seconds, but Lale’s shock makes time stand still. He grasps his arm, staring at the number. How can someone do this to another human being? He wonders if for the rest of his life, be it short or long, he will be defined by this moment, this irregular number: 32407.”

Why you should read it

More than a story of survival, this book is also a testament to the endurance of love and humanity under the darkest possible conditions. The characters Lale and Gita will have your heart. You will laugh with them, cry when they tried and failed, feel your heart being wrenched out of as much compassion as it could spare when they are under threat. In the end, you will be left marvelling at what an incredible tragic journey it was.

Purchase the book here.

Final Thoughts

I was worried that out of the ten books I listed, five are set in India. What if this alienates readers from other countries?

I almost deleted those books and had started another draft titled Ten Historical Fiction Novels set in India, but then, something stopped me. As an Indian, I would be equally interested in reading a book set in, say, Palestine or Afghanistan as I would be interested in readinga book set in the United States.

A good reader does not discriminate based on where the story is set.

Moreover, there are very few writers from India here on Medium who write book recommendation lists. As a result, books from the country (and South East Asia in general) remain in oblivion.

Maybe I can be the voice of my place of birth?

Maybe this article can be a step towards educating readers that there are some amazing books set in the subcontinent and that you would expose yourself to a wealth of literature if you open up your minds and broaden your reading horizon.

More book recommendation lists by Anangsha Alammyan in Books Are Our Superpower:

4 Popular Books I Didn’t Quite Enjoy

And what you can read instead

medium.com

5 Most Inspirational Books to Read if You Loved The Alchemist

Novels that leave a mark

medium.com

5 Must-Read Fantasy Books by Women

The most epic high fantasy recommendations by female authors

medium.com

For more book reviews, follow me on Goodreads.

Join my email list to get a thought-provoking story for FREE every week!