Best of AuthenticationSeptember 2024

  1. 1
    Article
    Avatar of logrocketLogRocket·2y

    Understanding JWT, OAuth, and Bearer tokens

    In the digital world, authentication and authorization are essential for secure access to online services. JWTs (JSON Web Tokens), OAuth, and Bearer tokens play crucial roles in ensuring security. JWTs are tamper-proof tokens composed of three parts: header, payload, and signature, used for securely transmitting information. OAuth typically utilizes JWTs to transport user information securely. Bearer tokens, included in HTTP headers, authenticate users for accessing protected resources. Understanding these concepts helps improve web security.

  2. 2
    Article
    Avatar of logrocketLogRocket·2y

    JWT authentication: Best practices and when to use it

    JWTs are a widely used method for secure data transmission between parties. Although beneficial for API authentication and inter-service communication, JWTs pose challenges, especially in sessions due to token invalidation and storage issues. For secure use, store JWTs in HttpOnly cookies and utilize HTTPS. Consider alternatives for session management to address the limitations and potential security risks associated with JWTs.

  3. 3
    Article
    Avatar of dhhDavid Heinemeier Hansson·2y

    Passwords have problems, but passkeys have more

    Implementing passkeys can be extremely complex and their user experience is often subpar. Even in ideal conditions with synced devices, they can pose challenges, especially if access is needed from a non-primary device. While passwords have their issues, such as potential breaches if reused across services, passkeys aren't necessarily a better solution. Using email as a second factor on the first login from a new device is a viable alternative. The author concludes that the complexity and challenges of passkeys don't justify their use over traditional passwords and email-based 2FA solutions.

  4. 4
    Video
    Avatar of communityCommunity Picks·2y

    Secure Your .NET Application With Keycloak: Step-by-Step Guide

    Learn how to secure your .NET application using Keycloak, an open-source identity provider compatible with OAuth2 and OpenID. This guide covers setting up a Keycloak realm and client, configuring authentication with JSON Web Tokens (JWT), and implementing an API endpoint for user claims. The tutorial also dives into using distributed tracing with OpenTelemetry to validate and debug your authentication setup.

  5. 5
    Article
    Avatar of gcgitconnected·2y

    Complete Guide to Building Authorization Systems using RBAC, ReBAC and ABAC

    Building a robust and scalable authorization system requires understanding various models like Role-Based Access Control (RBAC), Relationship-Based Access Control (ReBAC), and Attribute-Based Access Control (ABAC). Using examples from GitHub, the post explains the complexities of managing permissions and dynamically updating them in real time. It covers how OpenFGA can be used to model these relationships declaratively for ReBAC and briefly introduces ABAC for attribute-driven access control.

  6. 6
    Article
    Avatar of communityCommunity Picks·2y

    Laravel Auth Routes Tutorial

    Laravel offers a comprehensive and flexible authentication system, allowing customization through authentication guards and providers. Default configurations cater to web applications using session cookies and a database provider. The auth and guest middlewares control access to routes based on user authentication status. Laravel also supports token-based authentication for API servers via packages like Passport. Blade template directives and built-in Auth service facilitate user authentication checks, while logout functionality ensures session management across devices.

  7. 7
    Article
    Avatar of communityCommunity Picks·2y

    Laravel Password Hashing With Salt

    This post delves into the details of Laravel's password hashing system, explaining how the framework uses PHP's built-in password_hash and password_verify functions to secure user passwords. It clarifies the difference between hashing and encryption, demonstrates how Laravel generates and verifies password hashes, and provides insights into how to configure the bcrypt cost factor for enhanced security.

  8. 8
    Article
    Avatar of communityCommunity Picks·2y

    How to Increase Supabase signup rate limit (3000 free emails / mo)

    Supabase's built-in SMTP service has a signup rate limit of 4 emails per hour, which is not suitable for production use. To increase this limit, you can configure Supabase Auth with any major SMTP provider, such as Resend. The process involves creating an account with the SMTP provider, adding necessary DNS records, and configuring the Auth settings in Supabase.

  9. 9
    Article
    Avatar of jetbrainsJetBrains·2y

    Ktor 101: Efficient JVM HTTP Toolkit

    Ktor is a toolkit for building server applications on the JVM using Kotlin. It leverages Kotlin's features like coroutines to ensure efficient and flexible web applications. Ktor includes essential components for web development such as routing, authentication, and support for various protocols, including HTTP and WebSockets. With native support for asynchronous programming, it allows for declarative and non-blocking code. The toolkit also provides built-in testability and extensibility through plugins and interceptors, making it suitable for modern application architectures like microservices.

  10. 10
    Video
    Avatar of communityCommunity Picks·2y

    SAAS LMS With Custom Domains & Affiliates - Nextjs15, Uploadcare, Clerk, Cloudways, Supabase

    Discover how to build a feature-rich SaaS learning management system (LMS) using Next.js 15, Clerk for authentication, and other modern technologies. The system includes custom domains, affiliate programs, and numerous interactive components like custom login flows, infinite scrollable elements, and real-time user presence updates. The tutorial also employs optimistic UI for instant feedback and uses Stripe for seamless payment integration. A key focus is on providing free educational resources to help achieve financial freedom through SaaS solutions.

  11. 11
    Article
    Avatar of communityCommunity Picks·2y

    Keycloak with istio and Oauth2-Proxy.

    The post guides you through setting up Istio with Keycloak and OAuth2 Proxy to add authentication and authorization to a microservices architecture. Keycloak serves as an identity provider and OAuth2 authorization server, while OAuth2 Proxy handles OAuth2 authentication flows, converting them into HTTP headers for backend services. The tutorial also covers using JWTs for stateless verification, configuring Keycloak and OAuth2 Proxy, and setting up Istio policies to protect services like a test pod. Finally, it demonstrates testing the implementation to ensure secure access.

  12. 12
    Article
    Avatar of csharpcornerC# Corner·2y

    JWT Authentication in .NET MAUI: A Step-by-Step Guide

    Learn how to implement JWT authentication in a .NET MAUI application by following a step-by-step guide. This process includes setting up the UI layout in MainPage.xaml, handling button clicks and API calls in MainPage.cs, and managing HTTP requests and authentication in RestService.cs. JWT tokens are used to securely transmit information, ensuring user data is protected during interactions with the backend API.

  13. 13
    Article
    Avatar of hnHacker News·2y

    Stack Auth

    The post explains OAuth from first principles by progressively improving a flawed implementation and addressing various security attacks. It takes a user from initial insecure methods of third-party app authorization to the secure OAuth 2.0 authorization code flow with PKCE. Real-world examples illustrate common vulnerabilities and mitigation strategies, making it a valuable guide for understanding OAuth mechanics and security considerations.

  14. 14
    Article
    Avatar of vercelVercel·2y

    Sign up or sign in with a One-Time Password (OTP) – Vercel

    Sign up or sign in with email using one-time passwords (OTPs) offers enhanced security through single-use, short-lived 6-digit codes. It provides flexibility to start the process on one device and finish on another without needing to keep the original tab open. Additionally, it eliminates the need for magic links, simplifying the authentication process by allowing users to enter OTPs directly.

  15. 15
    Article
    Avatar of descopeDescope·2y

    What Are AITM Attacks and How To Protect Against Them

    Adversary-in-the-middle (AITM) attacks are sophisticated cyber threats where attackers intercept communication between a user and a legitimate service, often utilizing phishing-as-a-service schemes. These attacks can bypass protections like multi-factor authentication (MFA) and exploit methods like reverse web proxies and browser-in-the-middle (BiTM) programs. Best practices for defense include robust MFA and session security, granular conditional access policies, and continuous monitoring for threats.

  16. 16
    Video
    Avatar of philipplacknerPhilipp Lackner·2y

    Save User Credentials With the Google Credential Manager - Android Studio Tutorial

    Learn how to use Android's Credential Manager to improve username-password authentication by saving credentials in Google’s Credential Manager. This allows for easier future logins and cross-device usability. The guide walks through building a sign-up and sign-in form, implementing a Credential Manager to save credentials, and using existing credentials to log in. A detailed walkthrough covers setting up dependencies, creating necessary classes, and managing credentials using suspending functions. Integration across apps and websites with digital asset links is also mentioned.

  17. 17
    Article
    Avatar of telerikTelerik·2y

    ASP.NET Core Basics: Simplifying API Integration with Refit

    Integrating APIs in ASP.NET Core can be simplified using Refit, a powerful library that reduces boilerplate code and provides high-level abstractions through strongly typed interfaces. This guide covers everything from initial setup to creating API clients and handling JWT authentication. Refit helps in creating cleaner and more maintainable code by eliminating manual configurations required by HttpClient.

  18. 18
    Article
    Avatar of itnextITNEXT·2y

    Authentication — Part 2 — Session-Based Authentication and Cookies

    This post delves into session-based authentication, focusing on cookie implementation for maintaining user sessions in web applications. It explains how sessions store user data on the server, how cookies facilitate session tracking by storing session IDs on the client side, and the advantages and disadvantages of this method. Additionally, it touches on how mobile apps handle session management, highlighting the use of tokens instead of cookies.

See all Authentication archives