Best of Authentication — May 2024

1
Article
freeCodeCamp·2y
How to Create a REST API Without a Server
Learn how to create a REST API without a server using a Service Worker in the browser. Showcase your frontend skills and interact with a backend hosted in places where you can't access the server side.
136
2
Article
Community Picks·2y
Stop Recommending JWTs (with symmetric keys) ◆ Truffle Security Co.
This post discusses the issues with using symmetric key JWTs, including the high percentage of guessable keys and the risk of undermining authentication and authorization security.
104
12
3
Article
Towards Dev·2y
JWT attacks
JWT attacks can allow attackers to modify tokens and escalate privileges or impersonate users. These attacks can be prevented by using strong algorithms, verifying signatures, validating claims, and implementing proper security measures.
63
1
4
Article
Community Picks·2y
Create Dynamic Routes in Next.js with Route Guards and User Authentication
Learn how to create dynamic routes in a Next.js app and implement user authentication for secure access to these dynamic routes.
50
1
5
Article
LogRocket·2y
Using Rust and Axum to build a JWT authentication API
Learn how to build a JWT authentication API using Rust and the Axum framework. The tutorial covers installing Rust, Axum, and necessary dependencies, creating authentication endpoints and implementing JWT middleware for protected routes.
44
2
6
Article
Community Picks·2y
The Open-Source Framework For B2B Apps
Build API-based applications using modern React and Material Design. React-admin is easy to learn, robust, stable, and a joy to code with. It handles common features and offers a vast library of hooks and components. React-admin is backend agnostic and supports various REST and GraphQL backends as well as third-party authentication. Testimonials from satisfied users are included.
38
7
Article
Directus·2y
Implement Directus Auth in Next.js 14
Learn how to implement Directus Auth in Next.js 14, register new users, and perform CRUD operations on posts.
32
3
8
Article
InfoSec Write-ups·2y
All About API Security Pentesting
This post discusses API security pentesting and the steps involved, including understanding the scope and attack surface, information gathering, and attacking. It also provides a summary of the OWASP API Top 10 - 2023 Security Risks.
31
9
Article
asayer·2y
How does Single Sign On work?
Single Sign-on (SSO) is an authentication procedure that simplifies user logging in, reduces password fatigue, reduces IT costs, improves management control, enhances user productivity, and simplifies administration. However, SSO also poses security risks and can be a single point of failure. There are different types of SSO protocols, including SAML, OAuth, OpenID Connect, and Kerberos.
26
10
Article
asayer·2y
Authentication and Authorization with SSR in Next.js
This post discusses authentication and authorization in Next.js using SSR. It covers the different approaches to authentication in Next.js, highlights the use of NextAuth.js for handling authentication and authorization, and explains how role-based authorization can be implemented with SSR in Next.js.
26
11
Article
Telerik·2y
New in .NET 8: ASP.NET Core Identity and How to Implement It
Learn how to implement JSON Web Token (JWT) authentication in ASP.NET Core using the Swagger interface.
25
12
Article
freeCodeCamp·2y
How to Secure Your Django App – Best Practices and Code Examples
Learn best security practices for securing your Django app, including measures for authentication and authorization, protection against SQL injection attacks, prevention of cross-site scripting (XSS) attacks, and more.
24
13
Article
Cerbos·2y
Service-to-service authorization: A guide to non-user principals
Learn about non-user principals, their importance in service-to-service communication, and how they can help address authentication and authorization challenges in distributed systems.
24
6
14
Video
codeHeim·2y
#36 Golang - Mastering JWT Authentication
Learn how to implement JWT authentication in a Go application using Golang, Gin Gonic, and Gorm. Discover how JWT tokens can be used to securely transmit information between parties in authentication. Restrict access to web pages using JWT authentication.
24
15
Article
Code Like A Girl·2y
Step-by-Step Guide to Implementing JWT Tokens in .NET
Guide to implementing JWT Tokens in .NET, including installation of JWT Bearer package, configuration in appsettings.json, and using middleware components for authentication and authorization.
21
16
Article
Cerbos·2y
Using Cerbos with Keycloak for Identity/AuthN
Learn how to integrate Keycloak with a Django web application and implement Cerbos for fine-grained access control. Ensure authenticated users can access certain parts of the application and their actions are authorized with precision.
21
6
17
Article
Community Picks·2y
JWT Explained
Learn about JSON Web Tokens (JWTs), their structure, how they work, and the advantages they offer over traditional session tokens.
18
18
Article
Community Picks·2y
The Copenhagen Book
The Copenhagen Book is a free, open-source guideline for implementing authentication in web applications. It recommends using it alongside the OWASP Cheat Sheet Series.
17
19
Article
Cerbos·2y
OpenID Foundation AuthZEN Working Group Announces Interop Results
The OpenID Foundation AuthZEN Working Group announced that leading authorization vendors achieved conformance with the AuthZEN request/response protocol, bringing interoperability and standardization to the authorization market. The group aims to simplify the implementation of a robust authorization layer and improve interoperability in authorization.
17
6
20
Article
Hacker News·2y
Should I Use JWTs For Authentication Tokens?
JWTs are designed for Google/Facebook scale environments and have tradeoffs that may not be necessary for smaller applications that need to hit the database on each request. Using a normal session mechanism and storing the session data in the database may be a better choice.
17
21
Article
AWS Tip·2y
Secure AWS Lambda: JWT Token Authentication Using Node JS.
Learn how to use JWT token authentication to enhance security in your AWS Lambda setup.
17
22
Article
asayer·2y
Leveraging Nuxt.js' Middleware for Routing and Authentication
Learn how to leverage Nuxt.js' middleware for routing and authentication to improve application security. Explore different types of route middleware in Nuxt.js and understand how to implement global middleware. Discover best practices for utilizing middleware in your applications.
16
23
Article
Viget·2y
Self-Host Your Identity Provider with authentik
Learn about authentik, an open-source self-hosted identity provider written in Python. Discover the benefits of self-hosting, integrations with other tools, and customization options for authentication flows.
15
24
Article
Halodoc·2y
Passwordless Authentication Using Passkey
Passwordless authentication using passkey offers a secure and cost-effective solution for user access. Passkeys serve as an alternative to passwords and utilize security features in user devices. Passkey authentication mitigates vulnerabilities associated with traditional authentication methods and streamlines user experience.
15
25
Article
Netguru·2y
7 Rules for Securing Mobile App Development: A Comprehensive Guide
Learn 7 fundamental practices for securing mobile app development and protecting sensitive information. Understand the business context, identify key security mechanisms, know your limits, don't believe in magic solutions, stay agile, keep up with trends, and ensure post-work clean-up of sensitive data.
13

See all Authentication archives