Best of Authentication2025

  1. 1
    Article
    Avatar of dotnetsquad.NET·1y

    Do you store the JWT in localStorage, sessionStorage, Cookies? then this post is for you

    Storing JWTs in vulnerable client-side storage (like localStorage, sessionStorage, or cookies) can expose applications to significant security risks. Alternatives include using in-memory storage and implementing a refresh token mechanism. This allows users to maintain their sessions without re-authenticating upon page reloads while mitigating potential attacks. Setting cookies with httpOnly, Secure, and SameSite flags is crucial for security. A short-lived JWT with periodic refreshing enhances protection.

  2. 2
    Article
    Avatar of medium_jsMedium·36w

    Authentication Explained: When to Use Basic, Bearer, OAuth2, JWT & SSO

    Authorization controls what users can do after authentication through three main models: RBAC assigns permissions to roles, ABAC uses attributes and context for fine-grained control, and ACL attaches permissions to individual resources. Real applications like GitHub and Stripe often combine these models. OAuth2 enables delegated authorization without sharing credentials, while JWTs and bearer tokens carry user identity and permissions across systems. The key is choosing the right combination of models and mechanisms based on your application's complexity and security requirements.

  3. 3
    Article
    Avatar of gitguardianGitGuardian·1y

    Authentication and Authorization Best Practices

    Authentication verifies the identity of a user making an API request, while authorization determines if the user has permission to access a specific API. Various methods such as basic auth, API keys, JWT, and OAuth have their use cases and best practices. These include using HTTPS, secure storage, least privilege principle, and regular security audits. Common mistakes to avoid involve using HTTP, storing API keys in code, and ignoring input validation.

  4. 4
    Article
    Avatar of selfhstselfh.st·42w

    My Favorite Apps Launched in 2025 (So Far)

    A curated list of 11 self-hosted applications launched in the first half of 2025, including document management tools like Papra, reverse proxy solution Pangolin, Notion alternative Colanode, authentication middleware Tinyauth, and various other utilities for asset tracking, log monitoring, image optimization, file sharing, analytics, and music metadata editing. Each application is highlighted for its simplicity, unique features, or improvements over existing alternatives in the self-hosted software ecosystem.

  5. 5
    Article
    Avatar of bytebytegoByteByteGo·34w

    EP177: The Modern Software Stack

    Explores the 9 layers of modern software architecture from presentation to infrastructure, explains the key differences between concurrency and parallelism in computing, compares JWT and PASETO authentication tokens, provides a Linux Cron scheduling cheatsheet, and introduces AI agents versus Model Context Protocol (MCP) for AI system integration.

  6. 6
    Video
    Avatar of bytegradByteGrad·1y

    Next.js 15 Authentication COMPLETE Guide (+ Best Practices, Pitfalls)

    This post provides a comprehensive guide on implementing authentication in Next.js 15, emphasizing server-side security, proper use of cookies and tokens, and the importance of roles and permissions. It highlights best practices and pitfalls to avoid when using server components and middleware to protect routes and actions. Additionally, it underscores the benefits of using third-party services for authentication to avoid errors and save development time.

  7. 7
    Article
    Avatar of webcraftWebCraft·49w

    The Backend-for-Frontend (BFF) Pattern: Secure Auth Done Right

    The Backend-for-Frontend (BFF) pattern addresses security risks in web applications by storing JWTs server-side in Redis, eliminating exposure to XSS attacks and enhancing session management. This pattern is particularly suited to SPAs and mobile apps, offering improved scalability and user experience with silent token refreshes and instant logouts.

  8. 8
    Article
    Avatar of bytebytegoByteByteGo·1y

    EP146: The Open Source AI Stack

    The open-source AI stack provides numerous tools and frameworks across various components including Frontend, Embeddings, Backend, Data Retrieval, and Large-Language Models, making AI development accessible without heavy costs. Important algorithms for system design interviews and comparisons of authentication methods like Cookies, Sessions, JWT, and PASETO are discussed. Additionally, TikTok's approach to managing a 200K file frontend MonoRepo with the Sparo tool highlights significant performance optimizations in Git operations.

  9. 9
    Article
    Avatar of communityCommunity Picks·1y

    Bati

    A comprehensive guide to building a full-stack application with data fetching, authentication, database integration, and server setup.

  10. 10
    Article
    Avatar of microservicesioMicroservices.io·47w

    Authentication and authorization in a microservice architecture: Part 2 - Authentication

    Implementing authentication in a microservice architecture can be complex and error-prone. The API Gateway serves as a central point for handling authentication, delegating the process to an identity and access management service for enhanced security. OAuth 2.0 and OpenID Connect protocols are commonly used, with tokens like JWTs facilitating secure communication between client requests and backend services.

  11. 11
    Video
    Avatar of asaprogrammerAs a Programmer·1y

    Next.js Tutorial 2025 - Build a Full Stack Social App with React & Next.js

    Learn to build a full stack social media application using React and Next.js. This detailed guide covers implementing core features like user authentication with Clerk, post creation, comments, likes, and notifications. The project also includes updating profiles, enabling dark mode, and ensuring a responsive UI design with Tailwind CSS. You will also integrate a PostgreSQL database using Prisma ORM and Neon, demonstrating key functionalities step-by-step.

  12. 12
    Video
    Avatar of javascriptmasteryJavaScript Mastery·50w

    Build and Deploy a Full Stack Screen Recording & Video Sharing Platform | Next.js, Better Auth

    Learn to create a full stack screen recording and video sharing platform using Next.js and Better Auth for authentication. This guide covers setting up AI-powered transcripts, instant uploads, and privacy controls, while highlighting modern web development tools like TypeScript and Tailwind CSS.

  13. 13
    Article
    Avatar of bytebytegoByteByteGo·47w

    EP164: JWT Simply Explained

    JSON Web Tokens (JWT) provide a secure method for transmitting information between parties using an open standard. They are primarily used for authentication and authorization. A JWT comprises a header, payload, and signature, with two signature types: symmetric and asymmetric, based on the use of secret and public keys. JWTs are integral to modern web applications, ensuring secure data exchange.

  14. 14
    Video
    Avatar of asaprogrammerAs a Programmer·1y

    The Ultimate React Native Course in 2025

    This post outlines a comprehensive React Native tutorial to build a real-time social media application called Spotlight. The app features several screens such as authentication, home, bookmarks, post creation, notifications, profile, and others' profiles. It includes Google authentication, real-time updates, and various UI components. The guide is designed for those with basic React knowledge and covers setup with Expo, use of fundamental React Native components, and deployment on both iOS and Android. It also addresses performance optimization and the integration of a backend and authentication using Clerk and Convex.

  15. 15
    Article
    Avatar of cassidooCassidy's blog·20w

    A pretty good email scam

    A detailed account of a sophisticated email scam that used hidden forwarding rules and reply-to settings to maintain access after password changes. The attacker set up forwarding to a fake email address labeled as 'Default Forwarding' and configured reply-to addresses to intercept all communications. The incident highlights the importance of checking email account settings beyond just changing passwords when recovering from compromised accounts.

  16. 16
    Article
    Avatar of systemdesigncodexSystem Design Codex·44w

    Essential Roadmap to Learn API Development

    A comprehensive guide covering the essential topics for learning API development, from understanding basic concepts like REST and HTTP methods to advanced topics including authentication mechanisms (OAuth 2.0, JWT), API design principles, testing strategies, and deployment considerations. The roadmap includes practical tools like Postman and OpenAPI, security best practices, and hands-on experience with public APIs from services like Google Maps and Stripe.

  17. 17
    Article
    Avatar of microservicesioMicroservices.io·52w

    Authentication and authorization in a microservice architecture: Part 1 - Introduction

    This post introduces the concepts of authentication and authorization in a microservice architecture. It discusses the challenges of implementing these in distributed systems, contrasting with simpler monolithic systems. Various authorization models like RBAC, ReBAC, and ABAC are explained using a fictional application, RealGuard.io, to illustrate the complexities and potential solutions in both monolithic and microservices environments.

  18. 18
    Article
    Avatar of laraveldevLaravel Dev·1y

    Laravel Developer Roadmap

    Learn the essential skills and best practices to become a proficient Laravel developer, covering fundamentals such as PHP OOP concepts, routing, middleware, authentication, Blade templating, database management, and testing. Gain insights into advanced topics like performance optimization, REST API development, real-time features, CI/CD, and Laravel ecosystem tools.

  19. 19
    Article
    Avatar of bytebytegoByteByteGo·32w

    How Grab Built An Authentication System for 180+ Million Users

    Grab transformed their fragmented authentication system serving 180+ million users by adopting OpenID Connect (OIDC) and implementing Dex, an open-source federated identity provider. The solution unified authentication across internal and external applications, replacing multiple custom OAuth implementations with a standardized approach. Key features include token delegation for service-to-service communication, multi-IdP failover for high availability, and single sign-on capabilities. This centralized system improved security, reduced administrative overhead, and provided a consistent user experience across Grab's ecosystem of ride-hailing, payments, and delivery services.

  20. 20
    Video
    Avatar of communityCommunity Picks·47w

    Build and Deploy a SaaS AI Agent Platform | Next.js 15, React, Better Auth, Polar | Full Course 2025

    Meet AI is a video calling app powered by AI agents, designed for various roles like language tutors and sales assistants. The app utilizes Next.js, React, and several other technologies for real-time calls, video SDKs, and AI-driven features. The tutorial covers building and deploying the platform, including authentication, payment integrations, and using tools like TRPC, Drizzle ORM, and Open AI.

  21. 21
    Article
    Avatar of colkgirlCode Like A Girl·37w

    How I Built an Interview Notes Manager App

    A developer shares their journey building a complete Interview Notes Manager app using React, Node.js, Express, and MongoDB. The project includes JWT authentication, CRUD operations, search/filter functionality, and analytics dashboard. The author explains their motivation to move beyond DSA grinding, details the tech stack choices, implementation challenges, and deployment process. The app serves as a personal knowledge base for organizing interview experiences and learning notes, demonstrating full-stack development skills from frontend to backend deployment.

  22. 22
    Article
    Avatar of freecodecampfreeCodeCamp·49w

    Top Ways Hackers Exploit Web Applications (and How to Prevent Them)

    Web applications, particularly those with user input, are susceptible to attacks like SQL injection, XSS, CSRF, and weak authentication. Developers can mitigate these risks by employing prepared statements for databases, escaping user inputs in HTML, using CSRF tokens, and enforcing strong authentication measures. Regularly updating libraries and ensuring secure configurations are crucial for protecting against vulnerabilities.

  23. 23
    Article
    Avatar of thnThe Hacker News·30w

    How One Bad Password Ended a 158-Year-Old Business

    KNP Logistics, a 158-year-old UK transport company, was forced into administration after the Akira ransomware group gained access through a weak, easily guessed employee password. The attackers encrypted critical data, destroyed backups, and demanded £5 million ransom, leading to 700 job losses. The incident highlights how basic security failures can destroy established businesses, with 45% of compromised passwords being crackable within a minute. Strong password policies, multi-factor authentication, zero-trust architecture, and tested backup systems are essential defenses against such attacks.

  24. 24
    Video
    Avatar of javascriptmasteryJavaScript Mastery·42w

    Build a Full Stack Food Delivery App in React Native with Scalable Database Architecture

    A comprehensive tutorial for building a full-stack food delivery app using React Native, Expo, and modern development tools. Covers setting up the development environment with NativeWind for styling, implementing navigation with Expo Router, creating reusable components, and integrating backend services with Appwrite for authentication and database management. The tutorial emphasizes clean architecture, proper state management with Zustand, and production-ready practices including error monitoring with Sentry.

  25. 25
    Article
    Avatar of cloudflareCloudflare·30w

    Every Cloudflare feature, available to everyone

    Cloudflare announces a major shift in its product strategy, making nearly all enterprise-only features available to customers on any plan without requiring sales calls or contracts. The rollout begins with Single Sign-On (SSO) for the dashboard, which is now accessible to all users. This change aims to democratize access to advanced security and performance tools, removing the traditional two-tiered system that restricted powerful features to large organizations. Future product releases will follow this self-service model from launch.

See all Authentication archives