auth-and-identity
OAuth 2.0 and OIDC: A Backend Engineer's Guide to Login
Here is the question OAuth was invented to answer: how do you let an app do something on your behalf without handing it your passw…
Auth & Identity
6 posts RSS
auth-and-identity
Passkeys and WebAuthn: How Passwordless Login Actually Works
A password is a secret you and the server both know. That is the original sin of the whole scheme: because the server has to store…
auth-and-identity
JWT vs PASETO vs Session-Based Auth
Are JWTs safe? Should you switch to PASETO? Is session-based auth outdated? In this guide, we’ll compare modern token systems in d…
auth-and-identity
How to Prevent Replay Attacks with JWTs: JWS vs JWE and Fingerprint Validation in Node.js
In this post, we’ll explore what replay attacks are, how JWS and JWE differ, and how to generate + validate session fingerprints u…
auth-and-identity
JWT, JWE, and JWKS Explained: A Developer’s Guide to Token-Based Security
🧠 What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to transmit claims securely between parties. It’s th…
auth-and-identity
JWT Signing & Encryption: Securing API Tokens
🧐 What is a JWT (JSON Web Token)? A JWT (JSON Web Token) is a compact, self-contained token used to securely transmit information…