Foundations, flows, and patterns for user authentication on the modern web.
Stateful sessions vs. stateless tokens, cookie security flags, refresh token rotation, idle and absolute timeouts, and how to revoke access when it matters.
Embedded authentication keeps users in your product when they sign in, instead of bouncing them to a third-party domain. Here's how it works, what it changes, and the tradeoffs you sign up for.
OAuth & OIDC
OAuth 2.0, OpenID Connect, PKCE, and federated identity in depth.
BrowseJWT
Tokens, signatures, claims, and the things that go wrong with JWTs.
BrowseSecurity
Threats, mitigations, and defensive design for auth systems.
BrowsePasswordless
Magic links, OTPs, passkeys, and what to use when.
BrowseReact Auth
Authentication patterns specific to React and SPAs.
BrowseMulti-Tenant Auth
Designing auth for B2B SaaS — orgs, roles, and isolation.
Browse