Community Picks·2yBetter Auth
Supports popular frontend, backend, and meta frameworks like React, Vue, Svelte, and more. Provides secure email and password authentication, multiple OAuth providers for social sign-on, built-in two-factor authentication, and tools for managing user access. Extend functionality via official and community plugins.
Community Picks·2yBuild a Login and Logout API using Express.js (Node.js)
Learn to build a secure login and logout system using Express.js in Node.js. The tutorial covers setting up development files, installing dependencies, and creating a MongoDB database. It explains the basics of authentication and authorization, the logic for user registration and login, password hashing, and session management using JWT tokens. Additionally, it shows how to implement middleware for verifying user sessions and roles, and how to handle user logout securely.
Community Picks·2ybetter-auth/better-auth: The most comprehensive authentication library for TypeScript
Better Auth is a comprehensive, framework-agnostic authentication and authorization library for TypeScript. It aims to reduce the need for extensive additional code by offering a rich set of features out of the box, while prioritizing best practices and type safety. Currently in beta, the project focuses on simplicity, consistency, and predictability across different platforms. It supports plugins for advanced functionalities like 2FA and multi-tenant support, and is licensed under the MIT License.
System Weakness·2yJSON WEB TOKEN (JWT)
JSON Web Tokens (JWT) are a standard mechanism for transferring cryptographically signed JSON data, commonly used for access control, session handling, and authentication. Unlike traditional session tokens, JWTs store all necessary data client-side, making them ideal for distributed systems. JWTs consist of a payload, a signature, and a header. They are often used with JSON Web Signature (JWS) and JSON Web Encryption (JWE) extensions. JWT vulnerabilities include flawed signature verification, secret key brute-forcing, header parameter injections, and algorithm confusion attacks. To mitigate these risks, it's crucial to perform robust signature verification, use up-to-date libraries, and apply best practices such as setting token expiration dates and avoiding tokens in URL parameters.
Community Picks·2yHow to Build a React Hook for Telegram Authentication (Step-by-Step)
Learn how to build a custom React hook for authentication using the Telegram SDK and manage users with Supabase. The guide covers initializing the hook, handling user signup, checking existing users, and triggering the signup process when the app loads. It's a step-by-step tutorial to integrate seamless Telegram-based authentication in your React applications.
Community Picks·2yImplementing Passkey Authentication in Your Laravel App
Learn how to add passkey authentication to your Laravel app, allowing users to log in using their devices without passwords. The guide walks through setting up the WebAuthn API with SimpleWebAuthn for the client-side and Webauthn Framework from Spomky Labs for the server-side. The demo includes code snippets for database setup, JavaScript for the authentication flow, and the necessary controllers and views.
developedbyed·2yThis Might Be My New Favourite Auth Library 🔥
The post discusses the author's experience and transition from using NEX off and Lucia to a new authentication library called Better Off. The author cites issues with NEX off's frequent updates causing breaking changes and Lucia's deprecation as reasons for the switch. Better Off is praised for its simplicity, framework agnosticism, type safety, and comprehensive documentation. The post includes a tutorial on setting up Better Off with Next.js, including rate limiting and social authentication with GitHub.
Fireship·2yRookie Firebase mistake nearly destroys Arc browser
Arc browser recently faced a serious vulnerability due to misconfigured Firebase security rules. A hacker could have executed CSS and JavaScript on any website via the browser, potentially causing significant harm without the user visiting a malicious site. The issue has been patched swiftly after being reported by a security researcher. The problem was traced back to improperly managed Firestore rules which allowed user IDs to be changed, leading to potential security breaches.
Unzip·2y🛡️Auth as a Service
Auth as a Service (AaaS) simplifies the implementation of authentication by allowing developers to add some wrapper code and manage setups via environment variables and redirect URLs. It offers features like passwordless logins, user management, and billing integration. While AaaS can accelerate time to market and aid in compliance, concerns about pricing and vendor lock-in are significant. Various providers, such as Auth0, Stytch, and Firebase, compete in this space, each offering unique capabilities and user experiences.
InfoSec Write-ups·1yJWT Authentication Bypass leads to Admin Control Panel
A simple JWT vulnerability allowed access to an admin panel on a well-known site. Although JWTs should be signed by a server for security, this example highlights how a minor mistake in implementation can lead to significant security breaches. The author used Burp Suite to identify and exploit the flaw, demonstrating how changes to JWT parameters can bypass authentication if the server's validation is flawed.
YouTube·2yHow To Make Doctor Appointment Booking Website In React JS | Appointment Booking React JS Project
This tutorial walks you through building a full-stack doctor appointment booking application using the MERN stack (MongoDB, Express, React, Node.js). The app features three types of user logins (patient, doctor, admin), an online payment gateway for appointment fees, and functionalities for managing profiles and appointments. The guide also includes setting up the project structure, integrating Tailwind CSS, and navigating within the app.
Community Picks·2yBuilding Your Application: Authentication
This post explains how to implement user authentication in a React and Next.js application. It covers the basic concepts of authentication, session management, and authorization. It also provides a step-by-step guide on creating signup and login forms, validating form fields on the server, and managing user sessions using stateless and database-based approaches. Additionally, the post includes tips on using authentication libraries, performing optimistic and secure authorization checks, and best practices for handling data securely in your application.
Community Picks·2yBuilding a Google Meet Clone with Next.js and TailwindCSS — Part One
Learn how to build a Google Meet clone using Next.js, TailwindCSS, and Stream. Part One of this series covers setting up the project, creating the home page, setting up authentication with Clerk, and creating the meeting lobby. The guide provides detailed instructions on using Stream's SDKs to enable video meetings and chat functionality.
Nick Chapsas·1yAdding JWT Authentication for Production in .NET
Nick demonstrates implementing JWT (JSON Web Token) authentication in .NET applications, focusing not just on simple integration but also on more advanced scenarios with third-party services like AWS Cognito. He covers how to generate and validate JWTs, using AWS Cognito for user management and token generation, and integrating this with a .NET API to secure endpoints. Additionally, examples include setting up Cognito user pools and handling both basic token validation and more complex authentication flows.
Descope·2yWhat Is Spear Phishing & How to Prevent It
Spear phishing is a targeted form of cyber attack that focuses on specific individuals within an organization to gain access to sensitive information. This method differs from traditional phishing by using personalized tactics designed to elicit specific actions from the target, such as opening an email or providing credentials. Effective defenses include training, content filters, and multi-factor authentication (MFA). Advanced protection methods like customer identity and access management (CIAM) are also recommended.
Auth0·1yASP.NET Core Authentication Behind Proxies
ASP.NET Core applications can encounter authentication issues when running behind proxies, load balancers, or containers. These issues often arise due to incorrect URL schemes or domains being used in callback URLs. The article discusses the role of `X-Forwarded-*` headers and how to use ASP.NET Core's Forwarded Headers middleware to resolve these problems by correctly handling the original HTTP request values. Configurations and code examples are provided to help developers ensure their authentication flow works seamlessly in complex infrastructures.
Laravel Daily·1yLaravel Login with Different Roles: No Password
A tutorial on using the spyy/laravel-login-link package to create login links for different user roles in a Laravel application without requiring a password. Best used in a local environment for testing different permissions and roles effortlessly.
Software Testing Magazine·2yBuilding Test Suites for .NET Web APIs
A good test suite helps maintain the promises of API contracts and behavior by protecting against regressions. It enables quick iteration, feature addition, and API expansion while being resistant to refactoring and providing fast feedback. This presentation discusses how to build such a test suite, including verifying API contract, API behavior, and addressing cross-cutting concerns like authentication and authorization. It covers pros and cons of various testing approaches, including test runtime, coverage, and the use of test doubles versus end-to-end testing with real data stores.