awesome-authentication

Authentication guide

A collection of resources and research on implementing authentication in applications, focusing on JSON Web Tokens (JWT) and related concepts.

Resources to learn and implement authentication in your application

GitHub

125 stars

5 watching

8 forks

last commit: over 4 years ago

Linked from 1 awesome list

authenticationauthentication-backendauthentication-strategydigital-signaturejwtlearningoauth2resourcesrfc-7519

Fundamentals You Must Know / Cryptography
Assymetric Cryptography
Digital Signatures : Verifying authenticity of message
Forward Secrecy : A way to protect against future compromises of private key
Encryption vs Signing
Encryption vs Encoding
Hashing vs Encoding cs Encryption vs Obfuscation
Fundamentals You Must Know / About Tokens
JWT
JWT vs Opaque tokens
Fundamentals You Must Know / About Frameworks
OAuth2.0 - authorization framework to enable third-party application obtain limited access to HTTP service
OpenIDConnect - authentication on top of OAuth2.0
Fundamentals You Must Know / Web-Security Recommendations
Authentication cheatsheet by OWASP
PKCE - Proof Key for Code Exchange by OAuth Public Clients
The OAuth 2.0 Authorization Framework: Bearer Token Usage
Fundamentals You Must Know / Secure Key Exchange In Public
Diffie Hellman Key Exchange
An SO answer to build more understanding around DH algo, signatures, forward secrecy, etc.
Diffie-Hellman key exchange implementation in node.js
Fundamentals You Must Know / Maintaining Forward Secrecy
Double Rachet Algo
Signal protocol specs			&
Fundamentals You Must Know / Invalidating JWT
Strategies to invalidate jwt - SO Q&A
Discussion: Is refreshing an expired JWT token a good strategy?
Securtity Risks and Criticism of JWT
JWT attack - signature as MAC
Recreating JWT validation bypass
3 JWT design flaws
Stop using JWT for sessions			and
Why JWTs Suck as Session Tokens
No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid			(including JWT, JWE and JWS)
https://github.com/shieldfy/API-Security-Checklist/issues/6	22,480	6 days ago	with more resources
Things to Use Instead of JWT
Branca as an Alternative to JWT?
Paseto is a Secure Alternative to the JOSE Standards (JWT, etc.)
Implementations(Examples/Demos)
Demo: How Docusign APIs auth workflow using JWT access token and refresh tokens
JWT Authentication & Authorization in NodeJs/Express & MongoDB REST APIs(2019)
JWT+Passport
JWT+Passport : Code
JWT+Passport : Guide on DO
Passport-jwt	1,964	10 months ago
Refreshing token using node-jsonwebtoken
oAuth2 server with node.js
oAuth libraries for node.js
OAuth2 Server and OpenID Connect Provider written in Go - sdk in all languages	15,623	6 days ago
AuthZ lib supports ACL, RBAC, ABAC in Node.js	2,611	17 days ago
Google OpenIDConnect authentication
Useful Tools
Encode or Decode JWTs
Learn JWT by reverse engineering	246	about 2 years ago

Backlinks from these awesome lists:

jnv/lists

awesome-authentication

Fundamentals You Must Know / Cryptography

Fundamentals You Must Know / About Tokens

Fundamentals You Must Know / About Frameworks

Fundamentals You Must Know / Web-Security Recommendations

Fundamentals You Must Know / Secure Key Exchange In Public

Fundamentals You Must Know / Maintaining Forward Secrecy

Fundamentals You Must Know / Invalidating JWT

Securtity Risks and Criticism of JWT

Implementations(Examples/Demos)

Useful Tools

Backlinks from these awesome lists:

More related projects: