Auth & Security
Authentication, authorization, security patterns
- 00 Auth & Security — Roadmap Sessions, password hashing, OAuth flows, JWT internals, API keys, common vulnerabilities, and production hardening. beginner 3 min →
- 01 Authentication vs Authorization Two different questions: who are you, and what are you allowed to do. Confusing them is how security holes form. beginner 8 min →
- 02 Password Hashing Why MD5 and SHA-256 fail for passwords, how bcrypt and Argon2 work, and what to do with the output. beginner 10 min →
- 03 JWT Deep Dive Structure, signing algorithms, validation rules, and the common mistakes that make JWTs insecure. intermediate 12 min →
- 04 OAuth 2.0 & OpenID Connect Delegated authorization and federated identity — let users log in with Google without giving you their Google password. intermediate 13 min →
- 05 API Key Management Generating, storing, rotating, and revoking API keys — the plumbing behind machine-to-machine auth. intermediate 9 min →
- 06 Common Auth Vulnerabilities CSRF, session fixation, timing attacks, insecure direct object references — what they are and how to close them. intermediate 12 min →
- 07 Auth in Production The operational checklist: what to verify before shipping auth to real users, and what to monitor after. advanced 8 min →