I've dabbled in various projects, but I still find authentication to be a bit of a mystery. I'm looking to gain a solid understanding of both authentication and authorization—this includes exploring common issues, security risks, and the differences between cookies, sessions, and tokens. Specifically, I want to learn about:
- How authentication works on server-side rendered sites (think PHP, Python, Rails, ASP, JSP)
- The authentication process for modern JavaScript frontends like React, Svelte, or Vue
- How mobile apps handle authentication
- How some modern frontend-only applications manage authentication without a backend
- Key concepts like OAuth, JWT, magic links, and session-based logins
- Managing the complete user workflow, including signup, login, password resets, and account deletions
- Common pitfalls and best practices to follow
Could anyone recommend comprehensive books, blogs, websites, or YouTube channels that cover these topics?
3 Answers
One way to get a handle on security is to learn about hacking logins. There are lots of beginner tutorials out there that can help you identify the common vulnerabilities you need to watch out for. If you're keen on defending against attacks, thinking like a hacker can be really beneficial!
Check out roadmap.sh! It’s a great tool that can generate a personalized learning roadmap based on your interests and goals in authentication. Good luck on your journey!
You could also explore AI tools like ChatGPT or Claude. Just ask them to create a handbook covering your authentication questions, and it should cover a lot of ground! ✅
I've actually been diving into that. I've found that about 70% of the websites I scrape utilize JWT tokens as part of their authentication system.