<h1 id="authentication">Authentication<a aria-hidden="true" class="anchor-heading icon-link" href="#authentication"></a></h1>
<ul>
<li><a href="/notes/ob0fna0juhzfvqorilypkkk">jwt</a></li>
</ul>
<p><a href="https://youtu.be/X6a9bjNutEw">Modern Authentication - Rob Moore</a> suggested from <a href="https://www.andrew-best.com/posts/learn-auth-the-hard-way-part-one/">https://www.andrew-best.com/posts/learn-auth-the-hard-way-part-one/</a>.</p>
<details>
<summary>Toggle</summary>
<p><img src="/assets/images/modn-auth-rob-moore-talk-1.png" alt="modn-auth-rob-moore-talk-1"></p>
</details>
<h4 id="why">Why?<a aria-hidden="true" class="anchor-heading icon-link" href="#why"></a></h4>
<ul>
<li>Delegate Responsibility</li>
<li>Easier SSO</li>
<li>Distributed Apps</li>
</ul>
<h4 id="what">What?<a aria-hidden="true" class="anchor-heading icon-link" href="#what"></a></h4>
<ul>
<li>Identity vs authn vs authz</li>
<li>Claims-based auth</li>
<li>Acronym Soup</li>
<li>Tokens vs Passwords</li>
<li>Multi-factor authentication</li>
</ul>
<h4 id="how-implementation">How (Implementation)?<a aria-hidden="true" class="anchor-heading icon-link" href="#how-implementation"></a></h4>
<ul>
<li>OpenID connect</li>
</ul>
<h4 id="how-standards">How (Standards)?<a aria-hidden="true" class="anchor-heading icon-link" href="#how-standards"></a></h4>
<ul>
<li>Token format</li>
<li>Auth protocols</li>
</ul>
<p><a href="https://news.ycombinator.com/item?id=36565405">https://news.ycombinator.com/item?id=36565405</a>: <a href="https://sec.okta.com/articles/2020/04/webauthn-great-and-it-sucks">https://sec.okta.com/articles/2020/04/webauthn-great-and-it-sucks</a></p>
<p><a href="https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/">https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/</a>  </p>
<p><a href="https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication">https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication</a>  </p>
<p><a href="https://github.com/cockpit-project/cockpit/issues/14730">https://github.com/cockpit-project/cockpit/issues/14730</a><br>
<a href="https://www.nngroup.com/articles/password-creation/">https://www.nngroup.com/articles/password-creation/</a><br>
<a href="https://www.nngroup.com/articles/stop-password-masking/">https://www.nngroup.com/articles/stop-password-masking/</a>  </p>
<p><a href="https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc">https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc</a><br>
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html">https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html</a><br>
<a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API">https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API</a>  </p>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/notes/3ejaxv4xm6o2psn0du528yw">documenting netpin</a></li>
</ul>

Authentication

Dendron


You've stumbled on [Caleb's](https://bycaleb.wasegun.com/) public notebook. You can conceive of this as a sketchbook too—i.e., rough, incomplete, and sometimes sparse. Hence, you might not get the full-gist of any one random page in the notebook. It is meant to help me elaborate/consolidate on my work & thoughts as a software engineer. This is not quite a [digital garden](https://maggieappleton.com/garden-history), and also unlike [Andy's working notes](https://notes.andymatuschak.org/About_these_notes).

I built this (experimentally & publicly) with [Dendron](https://www.dendron.so/), specifically, to understand if & how "quick, linked, and atomic" note-taking can help realize, remember, & learn (how to make better) design decisions when working on quick (or slow) software engineering projects. Of course, it does help—that makes this is a demonstration of exactly how it helps.

Check out my growing list of [[projects]]!

