A technical guide explaining how to implement authentication and authorization in any backend language or framework, covering user models, signup/login routes, and session vs JWT auth.
Explains disk encryption basics for non-technical users, covering why it's needed, how it works, and different implementation types.
A step-by-step tutorial on implementing basic user authentication in a Node.js/Express app using MongoDB and JSON Web Tokens (JWT).
Debugging ASP.NET Core OAuth authentication in GitHub Codespaces, including reserved path conflicts and callback URL issues.
A critical analysis of SAML security, arguing its design is inherently insecure due to malleable signature computation, with examples of real-world vulnerabilities.
A beginner-friendly introduction to JSON Web Tokens (JWT), explaining their structure, use for stateless authentication, and basic flow.
A technical guide explaining how to use JavaScript and the Fetch API to add custom request headers (like JWTs) to an iframe's src request.
Explains the limitations of Django's default User Model and provides solutions for customization, focusing on username case-sensitivity and email handling.
A tutorial on integrating Firebase Authentication into an Expo React Native app using email/password login and React Navigation.
A guide to implementing the OAuth 2.0 PKCE authorization flow for secure access in single-page and mobile applications.
Explains the security principle of Separation of Privilege in IT systems, using examples from SQL Server, OpenSSH, and Azure AD MFA.
Analysis of Microsoft's decision to use Duende IdentityServer in .NET 6 templates and the push towards cloud authentication services like Azure AD.
Explores methods for generating random test users in Cypress, including using hooks and external scripts with Faker.js.
A technical analysis of Quebec's JWT-based proof-of-vaccination QR code, examining its security and data encoding.
Explains the subtle but critical security difference between SMS-based Two Factor Authentication (2FA) and insecure SMS-based account recovery.
Introducing Merced-Express, a Node.js/Express framework with Rails-like CLI tools for generating models, controllers, and auth in a MongoDB project.
A tutorial on implementing user authentication and protected routes in a Next.js application using Supabase's Auth client library.
A tutorial on implementing user authentication in a Next.js application using Supabase, an open-source Firebase alternative.
A guide to securing Azure Functions using API keys, covering different authorization levels and practical verification with Postman.
A technical guide exploring the new 'Temporary Access Pass' feature in Azure AD for passwordless onboarding and MFA recovery.
