Best of AuthenticationJuly 2025

  1. 1
    Article
    Avatar of selfhstselfh.st·42w

    My Favorite Apps Launched in 2025 (So Far)

    A curated list of 11 self-hosted applications launched in the first half of 2025, including document management tools like Papra, reverse proxy solution Pangolin, Notion alternative Colanode, authentication middleware Tinyauth, and various other utilities for asset tracking, log monitoring, image optimization, file sharing, analytics, and music metadata editing. Each application is highlighted for its simplicity, unique features, or improvements over existing alternatives in the self-hosted software ecosystem.

  2. 2
    Video
    Avatar of javascriptmasteryJavaScript Mastery·42w

    Build a Full Stack Food Delivery App in React Native with Scalable Database Architecture

    A comprehensive tutorial for building a full-stack food delivery app using React Native, Expo, and modern development tools. Covers setting up the development environment with NativeWind for styling, implementing navigation with Expo Router, creating reusable components, and integrating backend services with Appwrite for authentication and database management. The tutorial emphasizes clean architecture, proper state management with Zustand, and production-ready practices including error monitoring with Sentry.

  3. 3
    Article
    Avatar of freecodecampfreeCodeCamp·39w

    How to Build a Telehealth App Using Stream Video and Chat SDK in React

    A comprehensive guide to building a telehealth application using Stream's Video and Chat SDKs with React. Covers complete authentication flow including user registration, OTP verification, login/logout, backend setup with Node.js and MongoDB, frontend integration with React Router, and Stream SDK implementation for real-time video calls and messaging. Includes security best practices like JWT tokens, password hashing, and cookie management.

  4. 4
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·39w

    One Tool to Rule JWTs — Easy JWT Pentesting with JWTAuditor

    JWTAuditor is an open-source, privacy-focused JWT security testing tool that performs all analysis locally in the browser without sending tokens to external servers. It automatically detects over 15 types of JWT vulnerabilities, includes built-in brute force testing with 10,000+ common secrets, and features a visual token editor with syntax highlighting. The tool addresses privacy concerns with online JWT analyzers by keeping all data client-side while providing comprehensive security analysis including algorithm validation, sensitive data detection, and security claim verification.

  5. 5
    Article
    Avatar of microservicesioMicroservices.io·39w

    Authentication and authorization in a microservice architecture: Part 3 - implementing authorization using JWT-based access tokens

    Explores implementing authorization in microservices using JWT-based access tokens, covering four strategies for obtaining distributed authorization data: provide (embedding data in tokens), fetch (dynamic retrieval), replicate (local copies), and delegate (authorization service). Discusses JWT limitations including coupling risks, token staleness, size constraints, and security concerns. Uses RealGuardIO application examples to demonstrate when access token authorization works well for simple RBAC scenarios versus complex authorization requiring remote data from multiple services.

  6. 6
    Video
    Avatar of dreamsofcodeDreams of Code·38w

    Better Auth is so good that I **almost** switched programming languages

    Better Auth is a TypeScript authentication library that offers comprehensive features like two-factor authentication, organizations, and payment integrations through plugins. While the author prefers Go for backend development, Better Auth's capabilities are compelling enough to consider switching languages. The tutorial demonstrates how to integrate Better Auth with a Go backend using JWT tokens, covering token generation, verification with JWK endpoints, and different approaches for authenticated requests including client-side caching and server-to-server proxying through Next.js.

  7. 7
    Article
    Avatar of hnHacker News·42w

    zserge/pennybase: Poor man's Backend-as-a-Service (BaaS), similar to Firebase/Supabase/Pocketbase

    Pennybase is a minimalist Backend-as-a-Service implementation in under 1000 lines of Go code with zero external dependencies. It provides file-based CSV storage, REST API endpoints, authentication with session cookies, role-based access control, real-time updates via Server-Sent Events, and template rendering. Data is stored in human-readable CSV files with append-only versioning, making it suitable for simple applications that need basic backend functionality without the complexity of larger solutions like Firebase or Supabase.

  8. 8
    Article
    Avatar of csoonlineCSO Online·40w

    7 obsolete security practices that should be terminated immediately

    Seven outdated security practices are identified that organizations should abandon: relying solely on perimeter security, taking compliance-driven approaches, using legacy VPNs, depending only on EDR protection, using SMS for two-factor authentication, maintaining on-premises SIEMs, and treating users as passive security participants. Modern alternatives include zero trust architecture, risk-based security approaches, SASE solutions, comprehensive threat detection beyond endpoints, app-based authentication, cloud-native SIEMs, and active security awareness training.

  9. 9
    Article
    Avatar of scottstuffscottstuff.net·42w

    Passwordless SSH and sudo with 1Password on Mac and Linux

    A comprehensive guide to setting up passwordless SSH and sudo authentication using 1Password for SSH key management. The tutorial covers configuring 1Password's SSH agent, setting up SSH client configuration with agent forwarding, implementing pam_rssh for sudo authentication, and adding biometric authentication on Linux using Yubikey Bio. The approach eliminates the need to manually manage SSH keys across multiple systems while providing secure authentication through fingerprints or system biometrics.

  10. 10
    Video
    Avatar of bytebytegoByteByteGo·40w

    20 System Design Concepts You Must Know - Final Part

    Covers six essential system design patterns: microservices architecture for breaking applications into independent services, authentication and authorization for security, service discovery for dynamic component communication, API gateways as unified entry points, message queues for asynchronous communication, and WebSockets for real-time bidirectional data exchange. Each pattern addresses specific scalability and architectural challenges in modern distributed systems.

  11. 11
    Video
    Avatar of TechWithTimTech With Tim·39w

    Python Advanced MCP Server Tutorial (Authentication, Databases & More)

    A comprehensive tutorial covering advanced MCP (Model Context Protocol) server development in Python using FastMCP. The guide demonstrates implementing OAuth authentication with Stitch, setting up HTTP transport, creating custom tools and resources, and building a React frontend for user authentication. Key topics include MCP architecture, client-server communication, bearer token authentication, database integration with SQLAlchemy, and production-ready features beyond basic MCP server setup.

  12. 12
    Article
    Avatar of freecodecampfreeCodeCamp·41w

    What Are JSON Web Tokens (JWT)?

    JSON Web Tokens (JWT) are digitally signed, self-contained tokens used for secure authentication between systems. JWTs consist of three parts: header (metadata), payload (claims/data), and signature (verification). They can be signed using symmetric algorithms like HS256 with shared secrets or asymmetric algorithms like RS256 with public/private key pairs. The signature ensures authenticity and integrity without requiring server-side session storage. Key security practices include using HTTPS, keeping tokens short-lived, implementing refresh tokens, protecting signing keys, and never storing sensitive data in the payload.

  13. 13
    Article
    Avatar of baeldungBaeldung·42w

    Implementing the Core Services of Spring Authorization Server with Redis

    Spring Authorization Server's default in-memory storage becomes problematic for production applications due to lack of persistence and horizontal scaling support. This guide demonstrates implementing Redis-based persistence for core authorization services including registered clients, tokens, authorization states, and consents. The implementation involves creating entity models, Spring Data repositories, custom service implementations, and Redis configuration. Key components include OAuth2RegisteredClient entities, authorization grant entities for different OAuth2 flows, and corresponding repositories and services that handle persistence operations. The tutorial uses an embedded Redis server and provides a complete working example with authentication flow demonstration.

  14. 14
    Article
    Avatar of rubylaRUBYLAND·39w

    OTP Input field with StimulusJS

    A comprehensive guide to building OTP (One-Time Password) input fields using StimulusJS, covering two approaches: a single accessible input with CSS styling and multiple inputs with JavaScript navigation. The tutorial includes keyboard navigation, paste functionality, form validation, and accessibility features like ARIA labels and screen reader support.

  15. 15
    Article
    Avatar of collectionsCollections·39w

    Implementing User Authentication with ReactJS and SuperTokens

    SuperTokens is an open-source authentication library that simplifies user authentication implementation in web applications. It provides pre-built UI components for React frontends, backend SDKs for Node.js and Python, and a lightweight core service that can run as a Docker container. The library handles essential authentication features including login, signup, session management, and security protections against CSRF attacks, offering developers a middle-ground solution between building custom authentication systems and using managed services.

  16. 16
    Video
    Avatar of webdevcodyWeb Dev Cody·41w

    Trying out Better-Auth for the first time

    A developer explores Better-Auth for the first time, setting up authentication in a TanStack Start project with Google OAuth. The tutorial covers installation, database configuration with SQLite, creating authentication routes, and implementing sign-in/sign-out functionality. The setup process reveals Better-Auth uses database sessions with signed tokens stored in cookies, and the developer compares it favorably to alternatives like NextAuth.js and Oslo/Arctic.

See all Authentication archives