Community Picks·2yPassport.js
Passport.js is an authentication middleware for Node.js that offers a flexible and modular approach to integrating user authentication into Express-based web applications. With over 500 strategies available, it supports various authentication methods such as username/password, social logins, and more.
Laravel News·2yAuth Screens for Your Laravel Apps
Managing multiple Laravel applications becomes simpler with DevDojo Auth, a free, open-source project offering customizable authentication pages compatible with Laravel 10.x and higher. Installation involves using Composer and publishing assets and configurations. The package allows for extensive customization, including setting up social authentication using provider credentials. Additional features include Github action workflows and built-in testing tools like Pest and Dusk.
Community Picks·2yCasdoor · An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, RADIUS, Googl
Casdoor is a UI-first Identity and Access Management (IAM) and Single-Sign-On (SSO) platform. It supports multiple authentication protocols including OAuth 2.0, OIDC, SAML, and others. Casdoor offers a frontend-backend separation architecture, multi-language support, and easy setup. It also supports third-party application login and direct sign up, making it a versatile tool for authentication needs in various projects.
Community Picks·2yWhat are passkeys and how do they work?
Passkeys provide a highly secure and convenient way to sign into services by using public-key cryptography. Instead of traditional passwords, passkeys use a pair of cryptographic keys: a public key stored in the service and a private key stored on the user's device. This method eliminates common security issues like password reuse and phishing by ensuring each service has a unique set of keys. Additionally, passkeys integrate multifactor authentication by default, often leveraging biometric data for an extra layer of security.
freeCodeCamp·2yMore Secure Authentication: From Passwords to Passkeys
Authentication is a critical element of digital security, but traditional methods like passwords and social logins are increasingly inadequate. Passkeys offer a more secure alternative by using public-private key cryptography and biometric verification. This guide covers the current state of authentication, the mechanics and benefits of passkeys, and the challenges in integrating this technology. Understanding and adopting passkeys could signify a major leap forward in securing digital identities.
Hacker News·2yPrivate cloud for your photos, videos and more
Ente Auth is an open-source 2FA authenticator offering end-to-end encrypted backups and cross-platform sync. It allows users to view next authentication codes, easily identify tokens by icons, organize them with tags, pin favorite services, and use a search function. It supports offline mode and import of tokens via QR code, manual entry, or bulk import. Ente is fully open-source, allowing data export and import without lock-ins.
Community Picks·2yGetting Started with OAuth2 in Go
Learn how to implement Google OAuth2 authentication in a Go application by creating a simple web page with login functionality. The guide walks you through creating a Google OAuth2 project, obtaining client ID and secret, setting up handlers, and integrating OAuth2 in a single main.go file. Highlights include saving ID and secret in environment variables and using token to get user info.
C# Corner·2yUnderstanding JSON Web Tokens (JWT)
JSON Web Tokens (JWT) provide a secure, efficient means of authenticating and authorizing users in web applications. They consist of three parts: Header, Payload, and Signature, which are encoded and signed for security. JWTs' self-contained nature makes them ideal for scalable, stateless communication. Implementation involves generating, storing, and validating tokens while adhering to best practices such as securing secret keys, using HTTPS, and setting token expiration times.
Ardan Labs·2yEp. 10: Building Secure Go Systems: Key Management, Middleware, and Error Handling
Episode 10 of the Ultimate Software Design series focuses on integrating authentication and authorization mechanisms in Go. Key highlights include configuring and managing cryptographic keys using a KeyStore, creating middleware functions for token parsing and role-based access control, and centralizing error handling and context management to ensure secure and maintainable software systems.
Planet Python·2yMulti-factor authentication in django
Multi-factor authentication (MFA) is crucial for modern web applications. This guide explains how to implement both TOTP and FIDO2 authentication in Django using the django-mfa3 package and cbor-js for hardware token support. Key highlights include configuring templates, middleware, and views to enable MFA in your Django application.
Community Picks·2yThe complete guide to protecting your APIs with OAuth2 (part 1)
APIs are crucial for many applications but need protection from misuse. OAuth2 provides a secure method for delegating access to resources without sharing original credentials. It leverages the expertise embedded in its standards to mitigate security risks and offers various flows (grants) to cater to different use cases. OAuth2 is extensible and widely supported across modern programming languages. While alternatives like API keys exist, OAuth2 offers richer functionality and greater security for many applications.
Dev Squad·2yGenerating a 4-Digit OTP in JavaScript: A Beginner's Guide
In today’s digital age, security is paramount, and using a One-Time Password (OTP) is a common method to ensure secure access. This guide explains how to generate a 4-digit OTP using JavaScript, walking through a simple function to create a unique, temporary code for authentication purposes. The post also highlights the importance of incorporating such security features into web applications.
Google Cloud·2yBuild User Authentication into your GenAI App Accessing Database
Generative AI agents have significant potential for enterprise applications but must handle user data securely. By implementing user authentication with restricted access, AI agents can interact with databases without exposing sensitive information. This design involves tool functions with pre-written SQL queries and attaching user authentication headers to ensure security. An example of this approach is demonstrated through the hypothetical airline AI assistant for Cymbal Air, developed using LangChain and Google OAuth.
Security Boulevard·2yUnderstanding API Key Verification
APIs enable seamless integration between software components but also pose security risks. Recent breaches in companies like Dropbox and Twitter have highlighted the importance of robust API security measures. Two main methods of API key verification are centralized and decentralized verification. Centralized verification involves a central authority for validation, simplifying access revocation but potentially creating bottlenecks. Decentralized verification uses signed tokens for scalability, improving resilience but complicating key revocation. Organizations need to choose the right approach based on their security requirements and system architecture.