Auth & Security
JWT, Passport, Better Auth, OAuth, RBAC, hashing, secrets
13 articles
How to Integrate Better-Auth with NestJS + tRPC
When you’re building a modern API with NestJS and tRPC , authentication is usually one of the first hurdles. Instead of rolling your own, you can use Better…
Securing applications with Helmet
Ensuring that our application is secure is one of the most important things we must do as developers. One of the ways to protect our application from…
Managing sensitive data using the AWS Secrets Manager
When managing the architecture of our system, we often deal with sensitive data. It’s our job to ensure they don’t fall into the wrong hands. An excellent…
Authorization with roles and claims
So far, in this series, we’ve implemented authentication. By doing that, we can confirm that the users are who they claim to be. In this series, we explain how…
Authenticating users with Google
Authenticating users with emails and passwords is a valid and common approach. However, a convenient alternative is to shift this responsibility to a third…
Verifying phone numbers and sending SMS messages with Twilio
In our web applications, we often need to send messages to our users. Doing that through email is enough in a lot of cases, but we can also use SMS. In this…
Confirming the email address
In a lot of web applications, emails play a significant role. If we create an online ordering system, we need to be confident that our users get a confirmation…
Setting up recurring payments via subscriptions with Stripe
In this series, we’ve implemented a few different ways of charging our users using Stripe. So far, all of those cases have included single payments. With…
Using Stripe to save credit cards for future use
With Stripe, we can build advanced custom payment flows. In this article, we continue looking into it and save credit cards for future use. To do that, we need…
Using server-side sessions instead of JSON Web Tokens
So far, in this series, we’ve used JSON Web Tokens (JWT) to implement authentication. While this is a fitting choice for many applications, this is not the…
Two-factor authentication
While developing our application, security should be one of our main concerns. One of the ways we can improve it is by implementing a two-factor authentication…
Implementing refresh tokens using JWT
In the third part of this series, we’ve implemented authentication with JWT, Passport, cookies, and bcrypt. It leaves quite a bit of room for improvement. In…
Authenticating users with bcrypt, Passport, JWT, and cookies
Authentication is a crucial part of almost every web application. There are many ways to approach it, and we’ve handled it manually in our TypeScript Express…