#Authentication
13 articles
Cryptography in Practice: TLS, JWT, and SSH
How everyday protocols such as TLS, JWT/JWS, and SSH combine symmetric keys, public keys, signatures, key exchange, and PKI, viewed through the three uses of a public key and backed by RFCs. The final part of a three-part cryptography series.
Three Uses of a Public Key: Signing, Encryption, and Key Exchange
A public key has just three uses: signing, encryption, and key exchange. This article sorts real-world applications such as SSH public-key auth, WebAuthn, mTLS, private_key_jwt, code signing, and container signing into these three, and clarifies how they differ from shared-key schemes such as HMAC, with primary sources.
パスキーのすべて: Adoption, UX Design, and Implementation
パスキーのすべて: Adoption, UX Design, and Implementation
Everything About Digital Identity: Knowledge for Realizing a Secure and User-Centric Identity System
Everything About Digital Identity: Knowledge for Realizing a Secure and User-Centric Identity System
Introduction to Digital Identity: Essential Authentication, Authorization, and ID Management for Web Services
Introduction to Digital Identity: Essential Authentication, Authorization, and ID Management for Web Services
OAuth 2.0 Explained: Complete Guide to Flows, Tokens, and Implementation
Summary based on RFC 6749 (OAuth 2.0 Authorization Framework) and RFC 6750 (Bearer Token Usage).
Summary of OpenID Connect 1.0 Specifications
Understand OpenID Connect specification, JWT structure, ID tokens, claims, and authentication flow details.
SAML 2.0 Explained: How SSO and Federated Identity Work
Understand SAML 2.0 and how it enables Single Sign-On (SSO), the roles of Identity Provider and Service Provider, and how it compares to OAuth 2.0 and OpenID Connect.
Session-based and Token-based Authentication Methods
A comprehensive comparison and explanation of session-based and token-based authentication methods, covering technical details and implementation considerations.
A Tutorial Guide to Understanding OAuth2.0 Without Just Going Through the Motions!
A Tutorial Guide to Understanding OAuth2.0 Without Just Going Through the Motions!
Resources for Catching Up on OAuth2 and OIDC
Explore OAuth2, OIDC, JWT, and authentication standards through comprehensive specifications, books, and implementation guides.
A Book to Understand the Differences Between OAuth, OAuth Authentication, and OpenID Connect
A book to understand the differences between OAuth, OAuth Authentication, and OpenID Connect
Basics of Authentication and Authorization
Learn authentication and authorization fundamentals: identification, RBAC, ABAC, credential types, SSO, SAML 2.0, OAuth 2.0, and OpenID Connect with practical context.