Feb 28 · 11 min read · I've built OAuth authentication for 40+ Node.js apps. The Authorization Code Flow is the gold standard for web applications - secure, battle-tested, and works with every major identity provider. Here's how to implement it right. Clone the companion ...
Join discussionFeb 12 · 6 min read · If WebAuthn answers the question: “Can this device prove control of a credential right now?” OpenID Connect answers a different question entirely: “Who is this person across systems, time, and organizations?” Modern authentication systems fail wh...
Join discussion
Jan 11 · 5 min read · So far, the system has behaved correctly not because every check succeeded, but because each layer understood where its responsibility ended. This part examines what happens when those boundaries erode—not through negligence, but through convenience....
Join discussion
Dec 8, 2025 · 8 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 1 — FOUNDATIONS OF USER AUTHENTICATIONPrevious: Understanding OAuth2 & OpenID Connect (OIDC)Next: Sessions vs Token-Based Authentication Modern web and mobile applications rely o...
Join discussion
Oct 12, 2025 · 5 min read · Introduction – Clarifying OAuth in Multi-App Scenarios In multi-application integrations, OAuth 2.0 flows can appear straightforward but often hide subtle nuances. During recent work, I observed an implementation where one application called another ...
Join discussion
