Best of OAuth — 2025

1. 1
   Article

   GitGuardian·1y

   Authentication and Authorization Best Practices

   Authentication verifies the identity of a user making an API request, while authorization determines if the user has permission to access a specific API. Various methods such as basic auth, API keys, JWT, and OAuth have their use cases and best practices. These include using HTTPS, secure storage, least privilege principle, and regular security audits. Common mistakes to avoid involve using HTTP, storing API keys in code, and ignoring input validation.

   615

   13
2. 2
   Article

   ByteByteGo·1y

   EP147: The Ultimate API Learning Roadmap

   APIs are essential for internet communication, and developers must understand them. The roadmap covers the introduction, terminologies, API styles, authentication techniques, documentation tools, key features, performance techniques, gateways, implementation frameworks, and integration patterns. Learn to build and maintain efficient and effective APIs with this comprehensive guide.

   581

   6
3. 3
   Article

   Microservices.io·50w

   Authentication and authorization in a microservice architecture: Part 2 - Authentication

   Implementing authentication in a microservice architecture can be complex and error-prone. The API Gateway serves as a central point for handling authentication, delegating the process to an identity and access management service for enhanced security. OAuth 2.0 and OpenID Connect protocols are commonly used, with tokens like JWTs facilitating secure communication between client requests and backend services.

   212

   4
4. 4
   Article

   ByteByteGo·35w

   How Grab Built An Authentication System for 180+ Million Users

   Grab transformed their fragmented authentication system serving 180+ million users by adopting OpenID Connect (OIDC) and implementing Dex, an open-source federated identity provider. The solution unified authentication across internal and external applications, replacing multiple custom OAuth implementations with a standardized approach. Key features include token delegation for service-to-service communication, multi-IdP failover for high availability, and single sign-on capabilities. This centralized system improved security, reduced administrative overhead, and provided a consistent user experience across Grab's ecosystem of ride-hailing, payments, and delivery services.

   133

   1
5. 5
   Article

   portkey·21w

   Understanding MCP Authorization

   MCP (Model Context Protocol) requires authorization controls as it moves from local experimentation to production deployments. The protocol enables AI models to interact with external tools and APIs dynamically, but without authorization, every connected client can access all exposed tools. Authorization in MCP works through server-side enforcement at request time, not connection time, using patterns like token-based authorization, scoped capability access, and role-based policies. Best practices include applying least privilege, using short-lived scoped tokens, authorizing every tool call individually, and making all access auditable. Strong authorization boundaries are essential for safely deploying MCP in shared environments and production systems.

   121
6. 6
   Article

   Community Picks·1y

   henrygd/beszel: Lightweight server monitoring hub with historical data, docker stats, and alerts.

   Beszel is a lightweight server monitoring platform featuring Docker statistics, historical data, and configurable alerts. It offers a user-friendly web interface, simple setup, multi-user support, OAuth authentication, automatic backups, and REST API access. Beszel consists of a web-based hub for dashboard management and an agent for monitoring system metrics.

   86

   1
7. 7
   Article

   Just Java·1y

   Understanding & Implementing OAuth Mechanism

   Learn to build an OAuth 2.0 server using Java, Spring Boot, Spring Security, and MySQL. This guide covers setting up an OAuth server for authentication, creating microservices, and integrating the OAuth server with a resource server for secured access. Key components, repository layers, and service implementations are discussed for a modular, scalable system.

   71

   1
8. 8
   Article

   Collections·33w

   Key Features and Enhancements in PostgreSQL 18

   PostgreSQL 18 introduces major performance improvements including asynchronous I/O that delivers up to 3x faster storage reads, NUMA support, and IO_uring on Linux. The release adds enterprise features like OAuth 2.0 authentication, temporal constraints, and virtual computed columns. Key enhancements include better extension loading for Kubernetes deployments, improved logical replication conflict handling, UUIDv7 support, and advanced vacuum operations for large tables. The update also brings query planning improvements with skip scan lookups and enhanced Unicode collation support.

   70

   3
9. 9
   Article

   selfhosted·32w

   RustMailer Now Supports Gmail API — A Better Way to Integrate with Gmail

   RustMailer 1.5.0 introduces Gmail API support as an alternative to IMAP, addressing OAuth verification challenges with Google's sensitive IMAP scope. The integration provides easier approval through granular API scopes, native label support, and local caching with on-demand message fetching. Developers can now choose between IMAP/SMTP or Gmail API account types while maintaining the same authentication flow and API compatibility. The update includes a cursor-based pagination model for both protocols and uses Gmail's History API for lightweight polling synchronization.

   56

   1
10. 10
    Article

    Horde·48w

    🚀 Next.js Auth Starter Kit with Better Auth

    A starter kit for Next.js applications featuring Better Auth for authentication with email/password and Google OAuth integration. The stack includes Shadcn for UI components, Drizzle ORM for database operations, and Neon for serverless Postgres hosting. The project is open-source and includes a video tutorial demonstrating the complete implementation process.

    35
11. 11
    Video

    Tech With Tim·42w

    Python Advanced MCP Server Tutorial (Authentication, Databases & More)

    A comprehensive tutorial covering advanced MCP (Model Context Protocol) server development in Python using FastMCP. The guide demonstrates implementing OAuth authentication with Stitch, setting up HTTP transport, creating custom tools and resources, and building a React frontend for user authentication. Key topics include MCP architecture, client-server communication, bearer token authentication, database integration with SQLAlchemy, and production-ready features beyond basic MCP server setup.

    34
12. 12
    Article

    The New Stack·35w

    Apache Kafka 4.1: The 3 Big Things Developers Need To Know

    Apache Kafka 4.1 introduces three major developer-focused features: Queues for Kafka (KIP-932) enabling cooperative message consumption with per-message acknowledgment, native JWT-Bearer authentication support eliminating static credentials, and a new Kafka Streams rebalance protocol for better coordination. The release also includes improvements to consumer group protocols, transaction handling, and unified metrics.

    32

    1
13. 13
    Video

    ThePrimeTime·1y

    Launching a site in one day... WITH PHP?

    This post covers the process of creating a voting web application using Laravel and PHP that allows users to submit questions and vote on them in real-time. The post demonstrates setting up a new Laravel project from scratch, implementing authentication using Twitch via Laravel Socialite, handling token storage and user data, and displaying user information on the frontend. Additional scopes for accessing Twitch subscriptions and chat are also addressed.

    26
14. 14
    Article

    Community Picks·49w

    BetterAuth vs NextAuth: Choose the Right Auth Library for Your SaaS

    BetterAuth and NextAuth are both open-source authentication libraries for Node.js/TypeScript projects that let developers manage user accounts in their own databases. BetterAuth offers superior developer experience with TypeScript-first design, built-in features like 2FA and rate limiting, and a plugin ecosystem for advanced functionality like multi-tenancy. NextAuth provides broader OAuth provider support and established stability but requires more manual configuration for advanced features. Both are free to use with no per-user costs, making them cost-effective alternatives to hosted authentication services. BetterAuth is recommended for new TypeScript projects requiring advanced auth features, while NextAuth suits simpler Next.js applications with basic authentication needs.

    21
15. 15
    Article

    GitHub Changelog·48w

    Remote GitHub MCP Server is now in public preview

    GitHub has launched a Remote MCP Server in public preview that allows AI tools like GitHub Copilot and Claude Desktop to access live GitHub data including issues, pull requests, and code files. The remote server offers one-click setup, OAuth 2.0 authentication with SAML enforcement, and automatic updates without requiring local installation. It supports both OAuth and Personal Access Tokens for authentication, though OAuth is recommended for better security and scoped access. Organizations need to enable the Editor Preview Policy for GitHub Copilot integration during the preview period.

    19
16. 16
    Article

    Watercooler·1y

    Every time

    18

    3
17. 17
    Article

    All NextJS·46w

    Deailing with OAuth SSR in a Next.js project

    A guide covering how to properly implement OAuth authentication with server-side rendering in Next.js applications, addressing common challenges and best practices for handling authentication state on the server side.

    15

    2
18. 18
    Article

    Cloudflare·47w

    Connect any React application to an MCP server in three lines of code

    Cloudflare open-sourced use-mcp, a React library that connects to Model Context Protocol (MCP) servers with just 3 lines of code, handling transport protocols, authentication, and session management automatically. The library supports OAuth 2.1, connection retries, real-time state management, and both Server-Sent Events and Streamable HTTP transport methods. Additionally, Cloudflare released their AI Playground source code, a complete chat interface that demonstrates MCP integration with Workers AI and provides debugging capabilities for MCP connections.

    14
19. 19
    Article

    Laravel Kids·1y

    Social Login (Facebook/Google) with API

    Learn how to integrate social login using Facebook and Google with a Laravel API, including the necessary steps and considerations for implementation.

    14
20. 20
    Article

    The Register·38w

    McDonald's not lovin' it when hacker exposes rotten security

    A white-hat hacker discovered multiple critical security vulnerabilities in McDonald's systems, including client-side only validation allowing free food orders, exposed API keys in JavaScript, faulty OAuth implementation giving unauthorized access to executive portals, and missing admin authorization on franchise portals. The company took months to fix issues and fired an employee who helped with the research. Additional vulnerabilities were found in the AI chatbot used for job applications, which had a password of 123456 and exposed 64 million applicant records.

    13

    1
21. 21
    Article

    Laravel News·50w

    Setup Social Auth Redirects with Laravel Herd

    Setting up social authentication in Laravel Herd can be challenging due to OAuth providers not accepting .test domain callback URLs. The Laravel Herd team offers a solution with fwd.host, a web service acting as a proxy for redirects, enabling the use of social authentication callback URLs. This service forwards authentication requests from fwd.host to your local Herd site without storing data.

    13
22. 22
    Article

    Neon·51w

    Solving the MCP Authentication Headache with Vercel & Better Auth

    The post discusses solving authentication challenges in Model Context Protocol (MCP) implementations using the Vercel MCP adapter package and Better Auth integration. It explains the steps to secure MCP requests in Next.js applications by incorporating OAuth. The author shares their experience implementing this solution in their own project, agenda.dev, emphasizing the ease and efficiency of the process.

    13
23. 23
    Article

    Confluent Blog·36w

    Apache Kafka 4.1 Release: New Features & Upgrade Guide

    Apache Kafka 4.1.0 introduces Queues in preview, a new Streams Rebalance Protocol in early access, and OAuth jwt-bearer grant type support. Key improvements include enhanced consumer group handling, better transaction error handling, plugin metrics registration, and Connect support for multiple connector versions. The release focuses on making Kafka more robust and easier to manage in production environments.

    12
24. 24
    Video

    Web Dev Cody·44w

    Trying out Better-Auth for the first time

    A developer explores Better-Auth for the first time, setting up authentication in a TanStack Start project with Google OAuth. The tutorial covers installation, database configuration with SQLite, creating authentication routes, and implementing sign-in/sign-out functionality. The setup process reveals Better-Auth uses database sessions with signed tokens stored in cookies, and the developer compares it favorably to alternatives like NextAuth.js and Oslo/Arctic.

    10
25. 25
    Article

    Trendyol Tech·1y

    Strengthening Influencer Verification with New Instagram Login API

    Trendyol Tech has enhanced influencer verification by integrating Instagram Login API to prevent fraudulent applications. The implementation faced challenges such as OAuth incompatibility and the need to move login flows outside iframes. The process involved a thorough App Review and business verification for production use. Key improvements included better user experience and automated filtering of ineligible applicants. Ultimately, this integration not only addressed fake applications but also laid the foundation for a more robust influencer platform.

    10