authentication.md

Authentication

Links

• Firebase Auth
• IndieAuth specification proposal (Code)
• Ask HN: How do you currently solve authentication? (2020)
• frauth - Command line tool to verify the identity of friends in a decentralized manner.
• JWT is Awesome: Here's Why (2020) (HN)
• Learn Authentication The Hard Way (2020)
• Ask HN: What are problems with implementing authentication and authorization? (2020)
• BitAuth - Simple, Secure, Passwordless Login.
• Zanzibar: Google’s Consistent, Global Authorization System (2019)
• samlify - Highly configuarable Node.js SAML 2.0 library for Single Sign On.
• OAuth2 Proxy - Reverse proxy that provides authentication with Google, Github or other providers.
• Verifiable Credentials Data Model - Expressing verifiable information on the Web. (Code)
• Authelia - Single Sign-On Multi-Factor portal for web apps.
• DID - Identity Provider, that authenticates users by verifying access to either an email address or securely stored private key.
• WebAuthn Awesome - Curated list of awesome WebAuthn/FIDO2 resources.
• The Ultimate Guide to handling JWTs on frontend clients (GraphQL) (2019)
• React Google Login - Google oAUth Sign-in / Log-in Component for React.
• OAuth2 for Go
• OAuth 2.0 Security Best Current Practice (2020) (HN)
• Just-for-me Authentication (2020)
• Feather - Lightweight identity platform for adding flexible user authentication and authorization flows to your apps.
• Password authentication for web and mobile apps
• Authentication on the Client Side the Right Way: Cookies vs. Local Storage (2019) (Reddit)
• JSON Web Token (JWT) RFC (Lobsters)
• OAuth 2 Simplified
• Zero-knowledge Auth
• AppAuth - iOS and macOS SDK for communicating with OAuth 2.0 and OpenID Connect providers.
• Simple Auth Setup for Your React App (2020)
• Magic Link - Drop passwords. Use magic links.
• User authentication with passwords, What’s SRP? (2020)
• JustAuthenticateMe - Passwordless email-based authentication for your web app.
• loginsrv - Standalone minimalistic login server providing a JWT login for multiple login backends.
• Designing an Authentication System: a Dialogue in Four Scenes (1988) (HN)
• Okta Identity Cloud - Gives you one trusted platform to secure every identity in your organization, including your workforce and customers. (Okta Developer Platform)
• Building a Secure Signed JWT (2020)
• Keycloak - Open Source Identity and Access Management. (Go package)
• TokenCLI - Command line utility for interacting with OAuth2 infrastructure to generate tokens.
• Decentralized Identifiers (DIDs) - New type of identifier that enables verifiable, decentralized digital identity.
• jwt - Golang implementation of JSON Web Tokens (JWT) that helps you avoid common security mistakes.
• HN: Pioneers of web cryptography on the future of authentication (2020)
• openidconnect-rs - OpenID Connect Library for Rust.
• OAuth2 Rust - Extensible, strongly-typed Rust OAuth2 client library.
• JavaScript Authentication & Authorization Book/Course
• ASGI middleware that authenticates users against GitHub
• JSON Web Token Docs Introduction
• Auth Boss - Learn about different authentication methodologies on the web.
• JWT auth visualized
• Simple Auth with Magic.link and Next.js (2020)
• jwt.ms - Decode auth tokens.
• Platform authenticators for Web Authentication in Safari 14 (2020)
• OAuth in one picture
• Why we won’t be supporting Sign in with Apple (2020) (HN)
• yup-oauth2 - Utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.
• AuthGuardian by OneGraph - Secure your GraphQL API.
• Pass - Identity app for fintech applications.
• Note on Auth
• How does Single Sign-On work?
• The Future of Online Identity is Decentralized (2020) (Lobsters) (HN)
• Everything You Need to Know About OAuth (2.0) (2020) (HN)
• OAuth 2.0 and OpenID Connect (in plain English) (2018)
• Best practices for password hashing and storage
• Xkit - Build OAuth integrations in minutes. (HN)
• Galileo's Proposed Authentication Algorithm (2020)
• Let's build the GitHub authorization model (2020)
• oso - Authorization for Developers.
• I Actively Discourage Online Tooling Like Jwt.io and Online JSON Validators (2020) (Lobsters) (HN)
• ORY Hydra - Hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider optimized for low-latency, high throughput, and low resource consumption.
• The different kinds of authentication protocols
• gologin - Go login handlers for authentication providers (OAuth1, OAuth2).
• What's in a JWT (Json Web Token)? (2020)
• Gazepass - Passwordless Authentication API.
• dex - Federated OpenID Connect provider.
• Aperture - HTTP 402 Lightning Service Authentication Token Reverse Proxy.
• Kerbrute - Quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
• OAuth 2.0 Simplified - Guide to building OAuth 2.0 servers.
• Authenticator - Generates 2-Step Verification codes in your browser.
• WebAuthn.io - Demo of the WebAuthn specification.
• [Face ID and Touch ID for the Web (2020)]https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/() (HN)
• OAuth 3 - In-progress effort to redesign OAuth from the ground up. (HN)
• Portier - Email-based, passwordless authentication service. (Code)
• useAuth - Simplest way to add authentication to your React app.
• Consent Management: What You Need to Understand (2020)
• OAuth2: A Theatrical Introduction (2020)