Best of AuthenticationAugust 2025

  1. 1
    Article
    Avatar of medium_jsMedium·36w

    Authentication Explained: When to Use Basic, Bearer, OAuth2, JWT & SSO

    Authorization controls what users can do after authentication through three main models: RBAC assigns permissions to roles, ABAC uses attributes and context for fine-grained control, and ACL attaches permissions to individual resources. Real applications like GitHub and Stripe often combine these models. OAuth2 enables delegated authorization without sharing credentials, while JWTs and bearer tokens carry user identity and permissions across systems. The key is choosing the right combination of models and mechanisms based on your application's complexity and security requirements.

  2. 2
    Article
    Avatar of bytebytegoByteByteGo·34w

    EP177: The Modern Software Stack

    Explores the 9 layers of modern software architecture from presentation to infrastructure, explains the key differences between concurrency and parallelism in computing, compares JWT and PASETO authentication tokens, provides a Linux Cron scheduling cheatsheet, and introduces AI agents versus Model Context Protocol (MCP) for AI system integration.

  3. 3
    Article
    Avatar of colkgirlCode Like A Girl·37w

    How I Built an Interview Notes Manager App

    A developer shares their journey building a complete Interview Notes Manager app using React, Node.js, Express, and MongoDB. The project includes JWT authentication, CRUD operations, search/filter functionality, and analytics dashboard. The author explains their motivation to move beyond DSA grinding, details the tech stack choices, implementation challenges, and deployment process. The app serves as a personal knowledge base for organizing interview experiences and learning notes, demonstrating full-stack development skills from frontend to backend deployment.

  4. 4
    Article
    Avatar of hordeHorde·35w

    Better Auth Starter 🚀 Open Source + Video Series

    An open source starter project demonstrating Better Auth implementation with comprehensive authentication features including email/password and Google login, email verification, password reset, and organization management with roles and permissions. The project uses Drizzle ORM and comes with a complete video tutorial series covering setup and migration from Clerk.

  5. 5
    Article
    Avatar of freecodecampfreeCodeCamp·37w

    How to Implement Zero-Trust Authentication in Your Web Apps

    Zero-trust authentication replaces traditional perimeter-based security by continuously verifying every user, device, and request. The implementation involves multi-factor authentication with TOTP, secure JWT management with short-lived tokens and refresh mechanisms, role-based access control with fine-grained permissions, continuous verification through device fingerprinting and behavioral analysis, and automated security monitoring with threat detection and response systems. This approach reduces breach costs, improves compliance, and provides better protection against modern threats like credential theft and insider attacks.

  6. 6
    Article
    Avatar of supabaseSupabase·36w

    Supabase Auth: Build vs. Buy

    Supabase Auth offers a Postgres-native authentication solution that significantly reduces development time and costs compared to building custom auth systems. The service provides JWT-based authentication with Row Level Security integration, supporting multiple providers and security features. Building authentication from scratch typically requires 320-680 hours in the first year, while Supabase Auth can be implemented in 4-24 hours, representing potential savings of $47,400-$98,700. The comparison with Auth0 shows Supabase's advantages in cost predictability, database integration, and open-source flexibility, though Auth0 excels in enterprise features. Teams should only build custom auth for specialized compliance requirements, legacy system integration, or unique authentication flows.

  7. 7
    Article
    Avatar of larablogLarablog·36w

    Authentication

    A tutorial covering Vue.js authentication implementation using Pinia for state management. The lesson demonstrates how to integrate with a Laravel backend that provides registration, login, and user detail retrieval endpoints. The backend uses Laravel Sanctum for token generation, and the tutorial shows how to handle both successful authentication responses and error scenarios like duplicate email registration.

  8. 8
    Article
    Avatar of bytebytegoByteByteGo·35w

    EP176: How Does SSO Work?

    Single Sign-On (SSO) enables users to access multiple applications with one login through Identity Providers and Service Providers. The newsletter covers API design best practices including clear naming, idempotency, pagination, and security. Domain-Driven Design concepts are explained including Entities, Value Objects, and Aggregates. Popular AI agent frameworks like LangChain, AutoGen, and CrewAI are compared for building intelligent systems. OpenAI's new open-source GPT-OSS models use Mixture-of-Experts architecture with specialized neural networks for efficient processing.

  9. 9
    Video
    Avatar of youtubeYouTube·33w

    Next.js 15 Project: Building a Modern E-commerce Pizza Shop with Next.js 15, TypeScript & OneEntry

    A comprehensive tutorial for building a modern pizza restaurant e-commerce website using Next.js 15, TypeScript, and OneEntry CMS. The project features user authentication, shopping cart functionality, order management, responsive design with glass morphism effects, and Stripe payment integration. The tutorial covers setting up the development environment, creating authentication pages, integrating with OneEntry for backend services, and implementing forms for user registration and login.

  10. 10
    Article
    Avatar of ergq3auoeReinier·37w

    Build a Full Stack Multi Factor Authentication System with React, Node.js, Passport.js & Speakeasy!

    A comprehensive tutorial covering the implementation of a full-stack multi-factor authentication system. The guide demonstrates building a React frontend with login and 2FA verification flows, creating a secure Node.js/Express backend with API routes and session handling, integrating Passport.js for email/password authentication, using Speakeasy for TOTP generation and verification, setting up QR codes for authenticator app enrollment, and implementing secure session management to maintain user login state.

  11. 11
    Article
    Avatar of baeldungBaeldung·33w

    MCP Authorization With Spring AI and OAuth2

    Demonstrates how to secure Model Context Protocol (MCP) servers and clients using Spring AI and OAuth2. The tutorial builds a complete system with three components: an OAuth2 authorization server for issuing JWT tokens, a protected MCP server with calculator tools that validates tokens, and a client that handles both user and system authentication flows. The implementation uses Spring Security's OAuth2 support to separate security concerns from business logic, with the MCP server acting as an OAuth2 Resource Server that validates JWT tokens before processing operations.

  12. 12
    Article
    Avatar of andrewlock.NET Escapades·37w

    Passkey support for ASP.NET Core identity

    ASP.NET Core Identity in .NET 10 preview 6 introduces passkey support as an alternative authentication method. The implementation allows users to register passkeys after creating password-based accounts, enabling biometric or PIN-based login through WebAuthn standards. The feature includes new Blazor components, JavaScript integration for browser WebAuthn APIs, and database schema changes to store passkey credentials. While providing enhanced security over passwords, the current template still requires initial password registration, limiting the full passwordless potential of passkeys.

See all Authentication archives