Hacker News·2yStop using JSON Web tokens for user sessions
Using JSON Web tokens (JWTs) for user sessions without an effectively implemented logout mechanism can lead to security vulnerabilities. An XSS vulnerability can allow an attacker to access and exploit the JWT, gaining unauthorized access to the application.
freeCodeCamp·2ySecure Next.js Applications with Role-Based Authentication Using NextAuth
Learn how to secure Next.js applications with role-based authentication using NextAuth. This comprehensive tutorial covers the basics of NextAuth, integrating OAuth providers, custom authentication provider using MongoDB, and protecting pages on both the server and client side.
Supabase·2ySupabase is now compatible with Next.js 14
Next.js 14 was released with performance and stability improvements, including server actions. Supabase is fully compatible with Next.js 14 and has a package called @supabase/ssr and a starter template to simplify building Next.js apps with Supabase.
freeCodeCamp·2yHow to Setup Authentication and Protected Routes in Next.js 13 with next-auth.js
Learn how to setup authentication and protected routes in Next.js 13 using next-auth.js. The tutorial focuses on the implementation using the Google Provider and provides step-by-step instructions for setting up the next-auth.js library, creating the necessary folder structure, getting the clientId and clientSecret for Google Provider, and implementing protected routes with next-auth.js.
Descope·2yWhat Is a Refresh Token (and How Does It Work)?
Refresh tokens are long-lived tokens that allow users to obtain new access tokens without re-authenticating. They provide continuous access, enhance security, and improve the user experience. Refresh tokens should be securely stored and implemented with a token rotation policy and revocation mechanism. They are useful for maintaining user sessions, performing background processes, reducing latency, increasing security, enabling third-party access, and supporting federated identity. Overall, refresh tokens are essential for secure and efficient authentication processes.
Community Picks·2yPHP: PHP 8.3.0 Release Announcement
The PHP 8.3 release announcement includes changes to PHP constants, the addition of the #[\Override] attribute, and new methods in the Randomizer class. It also mentions updates to DOM, IntlCalendar, LDAP, mb_str_pad, posix, ReflectionMethod, socket, ZipArchive, and other functions and constants.
SD Times·2ySD Times Open-Source Project of the Week: refine
Refine is a React framework for developing CRUD applications. It provides industry standard components for crucial elements of an app and follows a headless approach for customization. It is currently used by companies like Atlassian, Intel, J.P. Morgan, Meta, Salesforce, and more.
Auth0·2yCookies, Tokens, or JWTs? The ASP.NET Core Identity Dilemma
The ASP.NET Core Identity Dilemma discusses the new authentication and authorization features introduced in .NET 8. It explains the difference between cookie-based authentication and token-based authentication and when to use each approach.
Supabase·2yGitHub OAuth in your Python Flask app
Learn how to integrate OAuth2.0 into a Flask app using Supabase-py. Enable users to login to the web app using their GitHub account. Prerequisites include familiarity with Flask and Supabase authentication. Create session storage and initiate the Supabase client. Sign in with GitHub and create sign-in and callback routes in the Flask app.
Discover .NET·2yAuthentication with multiple identity providers in ASP.NET Core
This article explains how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. It covers the setup, sign-in and sign-out processes, and provides some considerations when setting up multiple secure token servers or identity providers.
