← All categories

Auth (JWT / OAuth / OIDC)

Authentication and authorization fundamentals: JWT structure and verification, OAuth 2.0 / 2.1 flows, PKCE, OpenID Connect, token storage, refresh token rotation, revocation, passkeys/WebAuthn, SSO, multi-tenancy, and common attack vectors.

Auth (JWT / OAuth / OIDC)

Authentication vs Authorization

JWT structure

Decoding vs verifying a JWT

Access token vs refresh token

Session cookies vs JWTs

Token storage: localStorage vs httpOnly cookie

OAuth 2.0 overview

Scopes and claims

OAuth 2.0 grant types

PKCE — why and how

OIDC vs OAuth 2.0

ID token vs access token

Refresh token rotation

Token revocation strategies

Magic links

Single Sign-On (SSO)

BFF pattern for SPAs

Common JWT attacks

Passkeys / WebAuthn

Multi-tenancy auth patterns

OAuth 2.1 and security best practices

JWT signing key rotation