Authentication
- Who are you?
- Pomerium docs • Pomerium is an open-source identity-aware access proxy. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. 📚
- “Every request from the user should include the session token as a cookie…” • Reddit 💬
- SuperTokens, Open Source User Authentication - Open source and free forever with no limits if you self host it 🛠️
- Clerk | Authentication and User Management - Integrates with Next.js etc to provide an auth solution with lots of extra perks and no charge < 10K monthly active users 🛠
Authorization
- Now that we know who you are (see Authentication), what are you allowed to do?
- Authorization Academy • A series of (free) technical guides for building application authorization. Learn about RBAC, ReBAC, authorization enforcement, and authorization in microservices 📖
Inbox
-
How to Roll Your Own Auth • Great explanation of how auth works so you can code it yourself if you want to • Ben Awad 📺
-
Your Next.js Project Doesn’t Need Auth • Advocates faking auth via hard-coded user data and fake cookies for as long as possible so you can focus on building your app’s core features • Sam Meech-Ward 📺