Best of Authentication — August 2024

1. 1
   Article

   asayer·2y

   Understanding Web Authentication

   Website authentication is crucial for ensuring users are who they claim to be, guarding sensitive information, and maintaining trust. Various authentication methods include password-based, multi-factor, biometric, token-based, and certificate-based authentication. Additionally, common protocols such as OAuth 2.0, OpenID Connect, SAML, and LDAP are used to manage authentication processes securely. Effective implementation involves choosing the right method for user experience and security, integrating both frontend and backend properly, and adhering to security best practices. Balancing security with usability and using adaptive authentication can further enhance security measures.

   211

   4
2. 2
   Article

   Hacker News·2y

   stack-auth/stack: Open-source Clerk/Auth0 alternative

   Stack Auth is an open-source, developer-friendly user authentication solution that supports Next.js frontends and backend integrations via REST API. It offers a quick setup and the flexibility to export and self-host user data at any time. The post provides comprehensive setup instructions including dependency installation through Docker, local development execution, and Prisma database initialization. Contributors are encouraged to join their Discord and follow contribution guidelines.

   190

   2
3. 3
   Article

   freeCodeCamp·2y

   How to Build an Invoice SaaS App with Next.js, Resend, Clerk and Neon Postgres

   This tutorial guides you through building a complete invoicing web application using Next.js, Resend, Clerk, and Neon Postgres. Key functionalities include managing customers, creating invoices, printing and sending invoices via email, and handling real-time communication between the frontend and backend. You'll gain experience with setting up a Postgres database, implementing user authentication with Clerk, and using React-to-print for PDF generation.

   167
4. 4
   Article

   Cerbos·2y

   Authentication vs Authorization

   Understanding authentication and authorization is key to securing applications. Authentication verifies user identity, while authorization determines what authenticated users are allowed to do. Authentication methods include passwords and biometrics, whereas authorization relies on access control lists and roles. Effective authorization systems need to be scalable and flexible. Services like Cerbos offer robust, scalable solutions that enhance security by ensuring only permitted users access sensitive data.

   105

   8
5. 5
   Article

   Community Picks·2y

   Next.js authentication using Clerk, Drizzle ORM, and Neon

   Learn to build a Next.js application with Clerk for authentication and Neon’s Serverless Postgres using Drizzle ORM. The post guides you through setting up user management, database schema, migrations, and adding interactivity. Deploy a full-featured app with secure authentication and efficient data storage.

   93
6. 6
   Video

   Community Picks·2y

   Best Practices for Secure Password Hashing in .NET (Stop Storing Passwords in Plain Text!)

   Milan demonstrates secure password hashing in .NET, explaining the importance of hashing and salting to improve system security. He outlines the step-by-step implementation for a secure password hasher service. Key points include using SHA-512 for hashing, generating random salt values, and how to verify hashed passwords during user login, ensuring the protection against brute force and timing attacks.

   40
7. 7
   Article

   Just Java·2y

   what is Spring Security for real 🤔

   Spring Security is a powerful framework for securing Java applications, handling authentication and authorization. It protects against vulnerabilities like CSRF and XSS, offers customizable security policies, and integrates seamlessly with other Spring projects. Features include security context propagation, custom authentication providers, method-level security, and configuring security headers for enhanced protection. A real-world example shows how to secure a RESTful API with role-based access.

   39
8. 8
   Article

   Product Hunt·2y

   SSOReady - Open source developer tools for enterprise single sign-on

   SSOReady is an open-source tool designed for enterprise single sign-on, launched by a team and featured on August 15th, 2024. It aims to streamline the integration of SSO in enterprise environments.

   37
9. 9
   Article

   Community Picks·2y

   How to Integrate Passkeys in Python (FastAPI)

   Learn to integrate passkey authentication in a Python web application using FastAPI with Corbado's passkey-first web-js package. This guide covers setting up project structure, configuring environment variables, and creating HTML templates for seamless session management and user authentication.

   34
10. 10
    Article

    Community Picks·2y

    How to build a secure voting web app with FACEIO

    Learn to build a secure voting web app using Next.js and FACEIO. This tutorial covers setting up the client-side routing, creating essential pages (Home, Login, Register), and integrating FACEIO's SDK for facial recognition. Key features include age verification, facial authentication, and advanced security measures like anti-spoofing and deepfake prevention. Detailed steps include setting up user authentication, redirecting after login, and managing user information in localStorage.

    34
11. 11
    Article

    habr·2y

    Easy Authentication for Next.js project with Firebase

    Learn how to set up authentication in your Next.js project using Firebase. This step-by-step guide covers creating a Firebase project, enabling authentication methods like Google and Email/Password, configuring your Next.js app, and building a login component. Source code examples are provided to help you protect your pages and manage authentication state across your application.

    31
12. 12
    Article

    strongdm·2y

    5 Types of Multi-Factor Authentication (MFA) Explained

    Multi-factor authentication (MFA) is a critical tactic to reduce the likelihood of compromised user credentials, essential for enhancing enterprise security. It combines criteria like passwords, devices, biometrics, and more to verify user identity, making it harder for attackers to breach systems. The five common types of MFA are SMS/Email, authenticators, biometrics, security keys, and digital certificates. Each method has its pros, cons, and suitable use cases, impacting security levels, user experience, implementation complexity, and costs. It's vital to choose an MFA method aligning with your organization's security requirements and industry standards.

    29
13. 13
    Article

    Baeldung·2y

    Dynamic Client Registration in Spring Authorization Server

    Spring Authorization Server provides sensible defaults suitable for client applications with minimal configuration. However, dynamic client registration is not enabled by default. Follow these steps to enable and use dynamic client registration in a Spring Boot application, ensuring proper authentication using bearer tokens and configuring the necessary endpoints. The tutorial includes both server and client implementations, detailing how to register clients dynamically using a custom `RegisteredClientRepository` and integrating the process into a Spring Security-based application for dynamic OAuth2 client management.

    26
14. 14
    Article

    Community Picks·2y

    How to Build a Full Stack Notes App Using React and Supabase – The Complete Guide

    Learn how to build a full-stack note-taking application using React for the frontend and Supabase for the backend. This guide covers setting up Supabase, creating a React project, and implementing authentication, CRUD operations, and user interface components such as login, registration, dashboard, and content pages. The tutorial also discusses fetching and updating data from Supabase, protecting pages from unauthenticated users, and more.

    24
15. 15
    Article

    Community Picks·2y

    Authenticating users in Astro using Neon Postgres and Lucia Auth

    This comprehensive guide walks through the process of building user authentication in an Astro application using Lucia Auth and Neon Postgres. Key steps include provisioning a serverless Postgres database, creating the Astro application, adding Tailwind CSS, enabling server-side rendering with Vercel, setting up database connections and schemas, integrating Lucia Auth, defining routes, building authentication logic, and deploying to Vercel. By the end, you'll be able to authenticate users and protect routes in your Astro app.

    18

    3
16. 16
    Article

    Elixir Forum·2y

    Building Multiplayer Tetris from scratch with OTP, Elixir, and Phoenix by Merlin Webster

    Elixir Forum is an engaging community focused on the Elixir programming language, encouraging participation and learning with a range of features and monthly giveaways. Members can earn trust and unlock moderator tools through active involvement, making it a great place to start with Elixir, especially for those interested in building multiplayer games with OTP and Phoenix.

    16
17. 17
    Article

    Dev Squad·2y

    Adding a new SSH key for GitHub Account

    Steps to add a new SSH key to a GitHub account include checking for existing keys, generating a new key if needed, starting the ssh-agent, adding the SSH private key to the agent, copying the public key, and pasting it in GitHub's settings under SSH and GPG keys.

    15
18. 18
    Article

    InfoSec Write-ups·2y

    OAuth Security: Complete Guide. In this blog, we will uncover the…

    OAuth is a popular authorization protocol allowing third-party services to access user resources without revealing credentials. Common vulnerabilities include client secret exposure, CSRF, open redirects, and improper token usage. Security can be enhanced by proper client secret management, using the state parameter for CSRF protection, validating redirect URIs, and ensuring token confidentiality. OAuth 2.0's PKCE provides additional security for public clients without a client secret. OpenID Connect builds upon OAuth for user authentication.

    14