daily.dev Changelog·4yAuthentication just got easier!
Authentication just got easier! Now you can log in with Google, Facebook, Github, Apple or email. But wait, there is more! You can now connect multiple authentication providers. This is super useful if you are logged in with say Facebook on your phone but not on your PC.
Quastor Daily·4yBuilding a Scalable Notification Service
Razorpay is one of India’s most valuable fintech startups. The company powers payments for over 8 million businesses in India and has been growing extremely quickly. With the increase in transactions, the Razorpay team encountered a few scalability issues - Database Bottleneck - Read query performance was getting worse and it couldn’t scale to meet the required input/output operations per second.
Community Picks·3yHow to Build a Fullstack App with Next.js, Prisma, and PostgreSQL
Next.js is a next-generation ORM that can be used to access a database in Node.js and TypeScript applications. In this guide, you'll learn how to implement a fullstack sample blogging application using the following technologies. You'll use a single PrismaClient instance that you can import into any file where it's needed. You can create a new User record by calling prisma.create() or retrieve all the Post records from the database.
Community Picks·4yUse React Context for Auth
React Context is built into React, it's a native feature. This means that we don't need to install any third party libraries to use it. We will only build the frontend part, meanig the part that will allow our frontend to know if the user is logged in or not and react accordingly. The next step is to wrap your app in the context provider.
Mercari Engineering·4yBuilding secure apps using Web Workers
Web Workers protects users from various kinds of attacks, including token theft from Cross Site Scripting (XSS) Cross-Site Scripting attacks are a type of injection. This blog will dive deep into how to build secure web apps using web workers.
InfoSec Write-ups·4yJSON Web Tokens
Each JWT is additionally signed using cryptography (hashing) to ensure that the contents of the JWT cannot be changed by the client or an unsavory party. The JWT will be delivered as a parameter or authorization header from the user agent whenever the user tries to access a protected resource, such as an API or a protected route.
LogRocket·3yCreating social logins in NestJS
The NestJS application can easily be applied to other social platforms, such as Facebook, Google, etc. We’ll then learn how to protect private routes using guards and various authentication and authorization mechanisms provided in NestJS. The first one is authenticating a user through GitHub. Go ahead and install the Passport library and the library for the PASSport GitHub strategy.
Community Picks·4yProtected Routes and Authentication with React and Node.js
This article explores Protected Routes and Authentication with React and Node.js. Chibuike Nwachukwu worked on a project to create a tiny boilerplate with Create React App to implement the authentication flow with Strapi. In this tutorial, we'll implement the basic authentication flow using JSON Web Tokens.
System Weakness·3yDeep dive into JWT attacks
There are a total of 8 PortSwigger JWT Labs which are an excellent resource for deep diving into JWT attacks. The aim of these labs is to delete the user Carlos through the Admin panel by forging the JWTs. We’ll discover different ways of forging these tokens through these labs.
LogRocket·4yBuild a web application with Hono
Hono is faster than other routers for Cloudflare Workers, such as Sunder, Itty Router, and Worktop. Hono offers three kinds of authentication middleware: basic authentication, bearer authentication, and JWT authentication. To get started, we created a Hono middleware that will serve static content on the /static endpoint. It will display a sign-in UI that users must log in to before access will be granted. If the username and password the user enters match the name and password in the middleware.
Community Picks·4yWhat is wrong with Apple Passkeys?
Apple introduced a controversial ‘improvement’ to webauthn called Passkeys, which could impair the security of your most valuable online resources. With ‘pre-Passkeys passwordless’, you could secure the trust relationship between your computer and a service, say, a crypto exchange. When Passkeys proponents say it is a huge step forward.
InfoSec Write-ups·4ySSH: Introduction, How to Secure and Working
SSH is an acronym for Secure Shell. It is a protocol that allows two machines to communicate securely on a network. It means whenever two machines are connected, the data exchange between them happens with encryption. The information which is to be used is encrypted and by encryption it means that the actual data is converted into some cipher.
