SPSaurav Pratap Singhinsaurav26.hashnode.dev·May 3 · 8 min readJWT Authentication in Node.js Explained SimplyHello readers, this blog is about authentication in Node.js using JWT, you would understand what JWTs are and how to use them. Understanding Authentication Authentication is nothing fancy in tech, it00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 19 · 5 min readPasswordless: What Worked, What Didn’t, What I’d ChangeWhen designing a passwordless-first PWA architecture, the diagram looks elegant. In production, elegance collides with: Browser inconsistencies Institutional identity constraints Support tickets Device lifecycle chaos Monitoring blind spots Le...00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 19 · 5 min readWhy Passwordless Alone Is Not an Identity StrategyWhen teams adopt WebAuthn or FIDO2, the excitement is understandable: No passwords. No phishing. No credential stuffing. Biometric UX. Public-key cryptography. It feels like the final answer. But WebAuthn answers exactly one question: Can thi...00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 18 · 6 min readIntegrating OIDC (Feide) as Fallback and RecoveryWebAuthn gave us phishing-resistant, device-bound authentication.But devices get lost. Browsers reset. Users switch laptops. Institutions manage identities centrally. That’s where OIDC (Feide) enters — not as a competitor to passwordless, but as stru...00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 17 · 7 min readImplementing WebAuthn in PracticeWebAuthn looks deceptively simple at a high level: Generate challenge Call browser API Verify signature Done In practice, it is not that simple. WebAuthn is cryptographically elegant but operationally unforgiving.Small mistakes create subtle se...00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 16 · 6 min readPasswordless PWA Flow Architecture WalkthroughModern authentication diagrams are clean. Real systems are not. My architecture intentionally combines: WebAuthn (FIDO2) for phishing-resistant authentication Feide (OIDC) for federated identity, recovery, and bootstrap SQL Server for credential p...00
NVNguyễn Việt Tùngindevpath-traveler.nguyenviettung.id.vn·Feb 10 · 6 min readWebAuthn & FIDO2, Explained Without the SpecIf you read the WebAuthn specification end to end, you’ll come away with two thoughts: This is extremely well designed. No human should be expected to learn it this way. WebAuthn didn’t appear to make logins prettier. It exists because the web ne...00
