NBNripesh Bhusalinbackendtheory.hashnode.devAuthentication & AuthorisationHistory of Authentication: Early Civilisation: Authentication and methods of Authenticating someone, has existed since the advent of Civilisation. Earlier modes of Authentication came from Trust, like1d ago·10 min read
MRMohammad Reza Mirzadzareinblog.mirzadzare.netIP Spoofing to Account Takeover: You Patched It? Really?Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa2d ago·7 min read
IIAMDevBoxiniamdevbox.hashnode.devKeycloak Realm Federation: Connecting Multiple Identity SourcesKeycloak Realm Federation allows you to connect multiple identity sources within a single Keycloak realm, enabling unified authentication and authorization. This means you can manage users and their access across different directories and systems thr...2d ago·6 min read
OKOnkar Kinonkark.hashnode.devToken Based Auth System [state-less]In a token-based system, HS256 and RS256 are the two most common algorithms used to sign the token. 1. HS256 This method is mostly used in monolith application, where it only requires single key. 3d ago·2 min read
SUSamuel Urah Yahayainsamywrites.hashnode.devGoogle SSO and the Single Point of Failure in Your Digital IdentityWe’ve all seen that one button. The simple, and straightforward one that’s on most login and sign up pages on almost every login page today. “Continue with Google”It just works. It’s fast, and it’s convenient. But am I the only one who wonders “what ...3d ago·12 min read
OKOnkar Kinonkark.hashnode.devSession Based Auth System [state-full]Session based auth is traditional method of auth and it is state-full means we store sessions of user in memory or DB and share session_id to user to verity his identity This method is gold standard 4d ago·2 min read
RGRitik Guptainritikgupta913.hashnode.devHow to Manage Multiple GitHub Accounts on the Same Laptop (Without Authentication Errors)If you are a developer like me, you probably have: One personal GitHub account One work GitHub account Maybe another client account And then one day… you try to push work code , But it gets pushed from your personal account. Or worse: Permission...4d ago·3 min read
SSShaan Sauravinshaanstack.hashnode.devDesigning a Secure Code Execution Engine with Node.js and Docker🧩 Introduction As a Computer Science student, I always wondered how platforms like LeetCode and HackerRank execute user-submitted code securely. So I decided to build my own online code compiler — a web-based platform where users can: Write code in...5d ago·3 min read
ARAniketh Roy Chowdhuryinconsolethesecretweapon.hashnode.devJWT Finally Made Sense to Me (After Breaking Production)So I broke production yesterday. Not badly, just… everyone got logged out at 3 PM and I had no idea why. Turns out I had set JWT expiration to 1 hour when I thought I was setting it to 24 hours. Classic. But while debugging this mess, I actually lear...5d ago·6 min read
CBChirag Bhugrainjacked.devProduction Ready Auth with Better AuthFor a long time, we had to either pay a fortune for managed services (Clerk/Auth0) or wrestle with the absolute chaos that was maintaining your own auth sessions. But it’s 2026, and the ecosystem has finally matured. The stack I’m opting for this one...6d ago·4 min read
