Let's learn about Authorization via these 68 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.
Authorization is the process of determining whether a user, program, or process is permitted to access a resource or perform an action. It is a critical security mechanism, ensuring that only authorized entities can interact with sensitive data and systems.
1. Using SuperTokens in a VueJS App With Your Own UI
Learn how to build your own login UI with SuperTokens in your VueJS application.
2. OAuth 2.0 for Dummies
OAuth 2.0 is the industry-standard protocol for authorization.
3. An Overview of OAuth Fundamentals and Flows
OAuth flows are essentially OAuth-supported methods for verifying permissions and resource owner information.
4. Mastering Authorization and Authentication With Spring Security
Authentication and authorization are two important concepts in security. This post will teach you how to secure your REST API endpoints with Spring Security.
5. Why do you need JWT in your ASP.NET Core project?
The story is about how to create a Web API to generate JWT and then use it for authorization in the CRUD Web API.
6. Designing Functional Authentication and Authorization Systems
In this article, we are going to talk about a system for performing authentication and authorization securely.
7. How To Implement Facebook Authentication And Authorization In Server-Side Blazor App
Introduction
8. Beyond Login: Implement Fine-Grained Authorization With ZITADEL
Whether you're a dev exploring advanced authorization or an architect shifting to zero-trust, here is a Python implementation of fine-grained access control.
9. Overloaded "Online vs Offline" in EMV Card Processing
When EMV card processing is discussed, one confusing usage of terminology is Online vs Offline. They mean different things in different context.
10. How to Execute a Scheduled Task in Keycloak on Startup
In this article, we will look at how to execute a scheduled task in Keycloak on startup using a Kafka consumer as an example.
11. How To Handle Complex User Permissions in GraphQL
I have been working on a GraphQL workshop, and it’s been a great learning experience. One of the trickiest things I have had to deal with in GraphQL is handling complex user permissions. It used to be a hassle until a friend pulled my attention to Hasura.
12. 5 Open Source Alternatives to Auth0 to be Excited About in 2024
5 open source alternatives to Auth0 for robust authentication and user management in 2024.
13. Auth0 vs Okta vs Cognito vs SuperTokens Compared (2022)
An in depth review of Auth0 alternatives for 2022: Auth0 vs Okta vs Cognito vs SuperTokens
14. Custom Annotation-Based Authorization and Headers Propagation in Spring Boot microservices
Custom annotation-based authorization and headers propagation in Spring Boot
15. A Deep Dive Into the JavaScript Some() Method
The some() method determines if at least one array member satisfies the test defined by the given function.
16. How to Authenticate REST Services with OAuth2
There are a few dependencies and considerations one should account for when getting a system with REST services authenticated with an OAuth2 Client for Java
17. How SuperTokens' Pre Built UI Can Be Used With VueJS
Protect your VueJs app with SuperTokens by easily adding authentication with pre-built and session management to your project right out of the box easily.
18. Overriding the SuperTokens APIs for Custom Usecases
In this blog we discuss how to customize the auth APIs provided by SuperTokens using its “Override” feature"
19. Moving to Capability-Based Security with Flow: A Critical Evolution in Blockchain Security
A walk through of capability-access control, part of the Flow blockchain, which facilitates selective access to resources, decentralizing large attack vectors.
20. Building a Login Screen With React and Bootstrap
Build an elegant login screen super fast using React and Bootstrap
21. How To Build JWT's in Go
Go is becoming very popular for backend web development, and JWT's are one of the most popular ways to handle authentication on API requests. In this article, we are going to go over the basics of JWT's and how to implement a secure authentication strategy in Go!
22. Protecting Your Supabase App With SuperTokens Authentication
Learn reasons why you should choose SuperTokens as your auth provider and why it pairs so well with Supabase in protecting you and your online infrastructure
23. How to Manage Permissions in a Langflow Chain for LLM Queries Using Permit.io
This article explores how to implement a permission system in Langflow workflows using Permit.io’s ABAC capabilities.
24. Hashing, Salting, and Verifying Passwords in NodeJS, Python, Golang, and Java
How to hash and salt passwords in different languages and why it's important to do so
25. What Is a JSON Web Token (JWT)?
JWTs or JSON Web Tokens are most commonly used to identify an authenticated user. They are issued by an authentication server and are consumed by the client-ser
26. Securing Your MCP Server: a Step-by-Step Guide
This guide will walk you through securing a Node.js MCP server from the ground up using JWT.
27. Authorization With User Roles (RBAC)
Authorization is all about answering the question “Is this user allowed to do a certain operation?”. In this post we go over how you can implement RBAC
28. The Evolution of The Public-Private Key Encryption in Blockchain Systems
There are many different methods to verify a user’s identification. Although the management of authentication and active sessions has come a long way, simple password authentication has not been able to provide sufficient security to support the rapid growth in data, advancements in mobile and cloud technologies, and increasing volumes of security breaches.
29. UMA (User-Managed Access) 2.0: How It Works And What It Can Be Used For
User-Managed Access (UMA) is an OAuth-based access management protocol standard. Introduction to UMA and where it can be used.
30. How to Scrape Large Datasets at Scale
Using Bright Data’s Web Scraper IDE to scrape datasets at scale using its ready-made functions and coding templates.
31. Authentication in Web Apps: Connecting Auth0, ASP.NET Core and Nuxt.js
User authentication and authorization can be difficult and time consuming. Getting it wrong can also have disastrous consequences, such as malicious users accessing and stealing personal or sensitive information from your app.
32. An Essential Guide to IAM (Identity Access Management) in 2022
The term IAM is one of the common you hear in cloud-native environments. What does such a system do? A fast and pragmatic introduction to IAM
33. Deploying SuperTokens with React and NodeJS on Vercel
This tutorial will guide you on how to add SuperTokens to a React and Express app deployed on Vercel
34. Understanding Roles-Based Access Control (RBAC)
Learn about RBAC and advantages + disadvantages compared to ABAC.
35. The Difference Between OAuth 2.0 And Session Management
There seems to be a lot of misinformation on when OAuth 2.0 (henceforth referred to as OAuth) is appropriate for use. A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol / set of technologies. This, in turn, leads to security issues. This article will clarify when to use regular session management solutions and when to use any one of the OAuth flows.
36. What Are JWTs And Should You Use Them?
JWT is the abbreviation of JSON Web Tokens. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
37. EVMAuth: An Open Authorization Protocol for the AI Agent Economy
EVMAuth is an open source authorization protocol that enables AI agents to access paid web resources without human intervention.
38. SCIM: A Critical Yet Underappreciated Element in Enterprise IAM
Discover how SCIM improves enterprise IAM complementing SSO for automated authentication and authorization.
39. Templating in Software Development: Taking a Deeper Look
Explore how templating in software development can streamline your projects.
40. Identity, Authentication, and Authorization: An Extensive Guide to Get You Up to Speed
In this post, we will dive deeper and demystify how apps actually implement authentication. Do it right, and you barely notice it.
41. How To Save Some Time When Building A New SaaS [Part 1]
Building a new SaaS can be fun, time-consuming, and rewarding. The challenge is to deliver a quality product as quickly as possible so you can test the idea and either invest more time or move onto the next one.
42. Passwordless Authentication: Is it Time to Bid Farewell to Passwords?
The digital-first world demands everyone to authenticate themselves before availing of any services online.
43. WTF is PKCE and Why Should You Care?
PKCE is short for Proof Key for Code Exchange. It is a mechanism that came into being to make the use of OAuth 2.0 Authorization Code grant more secure in certain cases.
44. Badly Designed Authorization Is Technical Debt
Hard-coded authorization leads to technical debt. Decouple your authorization decisions to be a more effective business.
45. Authentication Vs. Authorization [Infographic]
In online protection systems, authentication and authorization play an important role. They confirm the user's identity and grant your website or application access. In order to decide which combination of web tools best fits your security needs, it is important that you notice their differences.
46. A Quick Guide to JSON Web Token [JWT]
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as JSON objects.
47. Implementing Secure Role-Based Access Control (RBAC) in a Next.js Application Using Permit.io
Learn how to implement secure, scalable Role-Based Access Control (RBAC) in a Next.js app with Permit.io, managing user permissions and enhancing app security.
48. How Zero Trust Vendors are Concealing the Truth About This Robust Mechanism?
With the increasing cybersecurity risks and breaches in the past couple of years, businesses are now moving with a clear vision to incorporate zero-trust architecture into their platforms.
49. 16 Best Practices For Securing Your APIs with Apache APISIX - Part 1
Learn how to fortify your APIs with Apache APISIX, implementing top security practices, including authentication, authorization, and rate limiting.
50. What is OAuth (Open Authorization) and Why is it Important?
First of all, we want the users to be authenticated - confirming that the users are who they say they are. Then, authorize them - to enable selective access.
51. The Role of Identity and Access Management in The Security of Your Business
Identity and Access Management (IAM) plays a critical role in safeguarding your digital assets and ensuring secure access for authorized users.
52. Crafting Robust Authorization Systems: Harmonizing Security and User Experience
Exploring the balance between cybersecurity and user experience in authorization systems, focusing on role-based permissions, tech stack, and KPIs.
53. The ABCs of Identity, Authentication, and Authorization - Part 1
Gain a high-level understanding of the key concepts of identity, authentication, and authorization.
54. The Rise of DID Authorization Mechanism in Client-Server Model
A new type of DID authorization and authentication in the decentralized architecture of the client-server model.
55. How to Build a Request Access Approval System Using Next.js
Learn how to build an efficient Request Access Approval System using Next.js and Permit.io for managing permissions securely and effectively
[56. Runtime Improvement of
Role Based Access Control](https://hackernoon.com/runtime-improvement-of-role-based-access-control)
Optimize the Role Based Access Control Casbin-CPP library, explore a detailed analysis of runtime improvements and the impact on performance and scalability.
57. 16 Best Practices For Securing Your APIs with Apache APISIX - Part 2
Learn 16 advanced tips to keep your APIs safe with Apache APISIX.
58. Machine Identities in Small Businesses: The Key to Security and Efficiency
Learn how small businesses can safeguard their digital assets by effectively managing machine identities amidst evolving cybersecurity challenges.
59. The Future is Stateless: It’s Time To Ensure Your Security Is As Scalable as Your Business
Authorization is a crucial pain point software developers inevitably encounter when designing software.
60. Ensuring Security: A Guide for Web and Mobile Application Development
Authentication and authorization for modern web and mobile applications are a key part of most development cycles. This story outlines some considerations.
61. Are You Empowering Your Development Team Enough?
CTOs and Development Leads must align tech roadmaps with business goals, choose effective tools, and navigate a balance.
62. How You Can Add Multi-Factor Authentication To Your Application
In light of countless security breaches across the industry, multi-factor authentication is becoming increasingly popular. Let's look at the available options!
63. How to Build Software With Low Vendor Lock-in
We discuss some thought processes on how vendors can build software with low vendor lock-in.
64. Modern Authentication Isn’t Enough on It's Own
Modern authentication improves login experiences, but it’s not true modernization. Learn why SSO alone isn’t enough.
65. 2023 Demonstrated How Critical Robust Authorization Really is
Why selecting the right authorization model is so critical for the security of your data and your business.
66. The Ultimate Guide To Custom Role Based Access Without Third Party Libraries
Here, we have four roles: Sme, Sponsor, Admin, Operations.Initially, we had only 3 roles.Operations role was added later and Operations user has permissions similar to the Admin user.In the code, we had to replace every instance of if (user.type == USER_TYPES.ADMIN) with if (user.type == USER_TYPES.ADMIN || user.type == USER_TYPES.OPERATIONS).As this is time consuming and we can also miss many instances, we have created a roles module. In the roles module,the roles are defined along with their respective permissions as seen in Code (Part-III). Based on the permissions for each role, we will evaluate the authorization for the user in each of our controller methods.If the user has access, only then he will be granted the resources.
67. Authorization Belongs Inside the OpenClaw Agent Loop (Not at the Edge)
See how continuous, context-aware policy decisions can constrain autonomous tool use—without embedding brittle authorization logic inside the agent.
68. Strengthening IoT Security through Role-Based User Authentication Frameworks
This article briefly explains the contribution of role-based user authentication to IoT security.
Thank you for checking out the 68 most read blog posts about Authorization on HackerNoon.
Visit the /Learn Repo to find the most read blog posts about any technology.