20+ Fascist Paramilitary Invaders Abduct Ailing 50-Year-Old Veteran at Gunpoint in St Louis Park (Minneapolis, Minnesota - 03/05/26) If this angers you, organize to fight fascism. Source: #ice #resistance #resist #usa #auth...

20+ Fascist Paramilitary Invaders Abduct Ailing 50-Year-Old Veteran at Gunpoint in St Louis Park (Minneapolis, Minnesota - 03/05/26)
If this angers you, organize to fight fascism.
Source:

#ice #resistance #resist #usa #auth...
#democracy #gop #fascists #fascism

👉 Vote 'em Out!

feat(login): added support for otel push-based logs, metrics, and traces by mridang · Pull Request #11429 · zitadel/zitadel Closes #11471 Closes #11470 Which Problems Are Solved The login application lacked observability infrastructure. There was no distributed tracing, structured logging, or custom metrics, making it d...

Check the details here github.com/zitadel/zita...

#OpenTelemetry #Golang #Auth #Opensource #NextJs

Turn your idea into a startup in 72 hours.

2nd Student Startup Bootcamp – WALK AUTh (AUTH)
March 20–22, 2026

Mentoring, workshops & pitching to investors.
Applications close: March 15

🔗 https://walk.auth.gr/

#StartupBootcamp #AUTH #Innovation

I don't want to login with a code sent to my email.

I HAVE A FUCKING PASSWORD.

HOW ABOUT WE USE THAT????

#authenticantion #WTF #whatthefuck #password #login #twotier #codes #internet #staggeringlyshitty #fail #auth #infosec

🐧 Linux explores new way of authenticating developers

#linux #kernel #auth #opensource
www.zdnet.com/article/linu...

Managed Identity on SQL Server On-Prem: The End of Stored Secrets | Microsoft Community Hub The Problem with Credentials in SQL Server For an On-Premises SQL Server to access Azure services, you traditionally need to store secrets: Common Scenarios...

Managed Identity on SQL Server On-Prem: The End of Stored Secrets

buff.ly/yQfIQmT

#sqlserver #database #auth #identity #dba

GitHub - josuebrunel/ezauth: Simple and easy to use authentication library for Golang Simple and easy to use authentication library for Golang - GitHub - josuebrunel/ezauth: Simple and easy to use authentication library for Golang

I'm very happy with the current version of #EzAuth. Authentication should be quick and easy to setup in #Golang Very close to v1.0.0 #buildinpublic #auth #jwt #oauth2

github.com/josuebrunel/...

Multi-Factor Authentication: A Horror Story Real stories of account compromise during divorces and breakups - and why multi-factor authentication is the simple, free tool that could have prevented all of it. A guide to MFA tools and staying pro...

A no-nonsense look at why skipping multi-factor authentication is one of the most costly digital mistakes you can make.

#cyber #cybersecurity #mfa #auth #Authentication

www.allthethings.dev/blog/multi-f...

Consuming an authenticated MCP server with a custom engine agent in Copilot Studio In this post, we'll learn how to connect a custom engine agent built with Copilot Studio to an MCP server protected with Microsoft Entra authentication.

Consuming an authenticated MCP server with a custom engine agent in Copilot Studio | by Matteo Pagani

buff.ly/9YwIuXK

#ai #mcp #agents #copilotstudio #copilot #entra #auth #cloud

We now support 3 connectors for our Go-based API:

- Redis (K8s standard)
- Postgres (Simple & robust, 30k+ RPS)
- In-Memory (Fast, but beware of sticky sessions!)

Read the full blog: zitadel.com/blog/scaling...

#golang #systemdesign #opensource #auth

Over the last few weeks, I've spent some time on and off researching a good way to do Authn and Authz, and struggled quite a bit with the number of options available. Not completely understanding what I'm doing/how to search for my requirements, I've first started trying Logto (but that an UI clicking contest to set up), then going for kanidm without realizing this doesn't have support for a public sign in form, which is something I need. And just now when I'm relatively sure that Better Auth fits my needs quite well, I've discovered Stack Auth via this nice website: https://www.auth0alternatives.com/ Man, if I only would've found this 4 weeks earlier.

Auth

#Auth #BetterAuth #ZITADEL #StackAuth #Logto #kanidm

Logging sucks – your logs are lying to you #auth #database #ElixirLang #http #logging #reading-list

🔗 Logging sucks – your logs are lying to you

#auth #database #ElixirLang #http #logging #reading-list

Day 2 of the startup build: It’s all about the "Gatekeeper."

Spending the day deep in the weeds with Auth and Login. Nothing kills a user experience faster than a clunky onboarding.
The UI is starting to feel like a real product now. One step closer.

#buildinpublic #startup #coding #auth #Day2

Now that it's working again (I couldn't access it some days ago), OAuth playground is just a pretty nice way to understand code flows in Auth.

OAuth Playground

#OAuth #PKCE #Learning #Auth

Over the last few days, I've plunged into finally trying to understand how all of this Auth stuff works. (The landscape of Acronyms is almost as bad as with the CORS one) These are the videos/sites I would've liked to find from the beginning on: - The Auth Wiki from Logto, but only as a reference whenever some word is unclear (though that has duplicate pages for some reason) - Illustrated Guide to OAuth and OIDC (Youtube) - Everything you ever wanted to know about OAuth and OICD (though the mentions OAuth playground is currently broken, or so it seems) - OAuth 2 Simplified (Blog Post), which has been expanded into OAuth 2 Simplified (Book) # Not super-intuitive stuff - A normal web client shouldn't have a client secret (makes sense if you think about it), and needs to use PKCE - OAuth is only about _Authorization_ (read: Authorizing the service you're currently logging in to to access some resources on another service), OpenId Connect (OIDC) adds _Authentication_ (read: telling the service you're currently logging into who you are) to this. - In my head, every service supporting OAuth (or OIDC, at least) also supported something called "Public Sign Up". But that's not the case, most of them actually don't (which makes sense, because _Authorization_ and _Registration_ don't even belong to the same area)

I've added a note about (me learning) Auth :)

#Auth #Authn #Authz #OAuth #OIDC #PKCE

A 14-page technical design document covering very specific auth needs ought to keep the client busy for a while.

#SystemDesign #ArchitectureDesign #AuthZ #AuthN #Auth

🔗 Adding Google OAuth to Phoenix

#auth #ElixirLang #ElixirPhoenix #http #phoenix #reading-list

📰 IBM Peringatkan Celah Kritis API Connect yang Bisa Lewati Autentikasi

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/01/02/ibm-api-conne...

#api #connect #auth #bypass #cve-2025-13915 #enterprise #security #ibm #keamanan #siber

Known Issues So Far in SQL Server 2025 - Brent Ozar Unlimited® Whenever a brand spankin’ new version of any software comes out, there are bugs, and SQL Server is no exception. This has led to a mentality where folks don’t wanna install a new version of SQL…

Known Issues So Far in SQL Server 2025 | by Brent Ozar

www.brentozar.com/archive/2025...

#sqlserver #database #sqlserver2025 #sql #powershell #auth #data

I Hate Whoever Makes Decisions At Our Org

I Hate Whoever Makes Decisions At Our Org

#Auth #Enterprise #Architecture #Baddecisions #Technicaldebt

programmerhumor.io/programming-memes/i-hate...

Implementing Refresh Token Rotation to secure a web application. Building a robust authentication system for my web app with Refresh Tokens and Access Tokens

i wrote after a long time...

juzy.dev/blog/impleme...

#web #dev #auth

Identity Security Is Now the #1 Attack Vector — and Most Organizations Are Not Architected for It Tweet ### How identity became the new perimeter In 2025, identity is no longer simply a control at the edge of your network — it _is_ the perimeter. As organizations adopt SaaS‑first strategies, hybrid work, remote access, and cloud identity federation, the traditional notion of network perimeter has collapsed. What remains is the identity layer — and attackers know it. Today’s breaches often don’t involve malware, brute‑force password cracking, or noisy exploits. Instead, adversaries leverage stolen tokens, hijacked sessions, and compromised identity‑provider (IdP) infrastructure — all while appearing as legitimate users. That shift makes identity security not just another checkbox — but the **foundation** of enterprise defense. * * * ### Failure points of modern identity stacks Even organizations that have deployed defenses like multi‑factor authentication (MFA), single sign‑on (SSO), and conditional access policies often remain vulnerable. Why? Because many identity architectures are: * **Overly permissive** — long‑lived tokens, excessive scopes, and flat permissioning. * **Fragmented** — identity data is scattered across IdPs, directories, cloud apps, and shadow IT. * **Blind to session risk** — session tokens are often unmonitored, allowing token theft and session hijacking to go unnoticed. * **Incompatible with modern infrastructure** — legacy IAMs often can’t handle dynamic, cloud-native, or hybrid environments. In short: you can check off MFA, SSO, and PAM, and still be wide open to identity‑based compromise. * * * ### Token‑based attack: A walkthrough Consider this realistic scenario: 1. An employee logs in using SSO. The browser receives a token (OAuth or session cookie). 2. A phishing attack — or adversary-in-the-middle (AiTM) — captures that token after the user completes MFA. 3. The attacker imports the token into their browser and now impersonates the user — bypassing MFA. 4. The attacker explores internal SaaS tools, installs backdoor OAuth apps, and escalates privileges — all without tripping alarms. A single stolen token can unlock everything. * * * ### Building identity security from first principles The modern identity stack must be redesigned around the realities of today’s attacks: * **Identity is the perimeter** — access should flow through hardened, monitored, and policy-enforced IdPs. * **Session analytics is a must** — don’t just authenticate at login. Monitor behavior continuously throughout the session. * **Token lifecycle control** — enforce short token lifetimes, minimize scopes, and revoke unused sessions immediately. * **Unify the view** — consolidate visibility across all human and machine identities, across SaaS and cloud. * * * ### How to secure identity for SaaS-first orgs For SaaS-heavy and hybrid-cloud organizations, these practices are key: * Use a secure, enterprise-grade IdP * Implement phishing-resistant MFA (e.g., hardware keys, passkeys) * Enforce context-aware access policies * Monitor and analyze every identity session in real time * Treat machine identities as equal in risk and value to human users * * * ### Blueprint: continuous identity hygiene Use systems thinking to model identity as an interconnected ecosystem: * **Pareto principle** — 20% of misconfigurations lead to 80% of breaches. * **Inversion** — map how _you_ would attack your identity infrastructure. * **Compounding** — small permissions or weak tokens can escalate rapidly. Core practices: * Short-lived tokens and ephemeral access * Just-in-time and least privilege permissions * Session monitoring and token revocation pipelines * OAuth and SSO app inventory and control * Unified identity visibility across environments * * * ### 30‑Day Identity Rationalization Action Plan Day | Action ---|--- 1–3 | Inventory all identities — human, machine, and service. 4–7 | Harden your IdP; audit key management. 8–14 | Enforce phishing-resistant MFA organization-wide. 15–18 | Apply risk-based access policies. 19–22 | Revoke stale or long-lived tokens. 23–26 | Deploy session monitoring and anomaly detection. 27–30 | Audit and rationalize privileges and unused accounts. * * * ### More Information If you’re unsure where to start, ask these questions: * How many active OAuth grants are in our environment? * Are we monitoring session behavior after login? * When was the last identity privilege audit performed? * Can we detect token theft in real time? If any of those are difficult to answer — you’re not alone. Most organizations aren’t architected to handle identity as the new perimeter. But the gap between today’s risks and tomorrow’s solutions is closing fast — and the time to address it is now. * * * ### Help from MicroSolved, Inc. At MicroSolved, Inc., we’ve helped organizations evolve their identity security models for more than 30 years. Our experts can: * Audit your current identity architecture and token hygiene * Map identity-related escalation paths * Deploy behavioral identity monitoring and continuous session analytics * Coach your team on modern IAM design principles * Build a 90-day roadmap for secure, unified identity operations Let’s work together to harden identity before it becomes your organization’s softest target. Contact us at microsolved.com to start your identity security assessment. * * * ### References 1. BankInfoSecurity – “Identity Under Siege: Enterprises Are Feeling It” 2. SecurityReviewMag – “Identity Security in 2025” 3. CyberArk – “Lurking Threats in Post-Authentication Sessions” 4. Kaseya – “What Is Token Theft?” 5. CrowdStrike – “Identity Attacks in the Wild” 6. Wing Security – “How to Minimize Identity-Based Attacks in SaaS” 7. SentinelOne – “Identity Provider Security” 8. Thales Group – “What Is Identity Security?” 9. System4u – “Identity Security in 2025: What’s Evolving?” 10. DoControl – “How to Stop Compromised Account Attacks in SaaS” _* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated._

This follows what I am seeing in tests. Far fewer injection vulnerabilities, far more aurh issues. The apps didn't change, the attackers got better.

stateofsecurity.com/identity-security-is-now...

#auth #vector

Node.js devs rethinking middleware for auth. Wrapper functions offer clearer routing logic while preserving functionality. When middleware still shines: global concerns like CSRF protection. Clean code matters. #NodeJS #Auth

Day 37 😀

🍪 Cookies:
Login → Server: Set-Cookie → Browser auto-saves & sends it forever. .

🔑 JWT Tokens:
Login → Server signs token → You store it → You manually add Authorization: Bearer <token> every time. Stateless & fast.

#SaaS #WebDev #Backend #Postgresql #Auth #TS #MERN

To ensure the #Auth process functions properly, I've created a #Repository containing all the essential methods for backend communication. 🛠️

In line with the #CleanArchitecture approach, the Repository is utilized by the UseCase and is dedicated to a specific task. 🔍
#DevDiary

Sharing my FastAPI authentication setup: JWT tokens with PyJWT and Argon2 password hashing. Full code included.
chrisding.xyz/posts/jwt-au...

#FastAPI #JWT #PasswordHashing #Argon2 #Python #FullCode #Auth

GitHub - teamhanko/hanko: Modern authentication, on your terms. Open source alternative to Auth0, Clerk, WorkOS, Stytch. Modern authentication, on your terms. Open source alternative to Auth0, Clerk, WorkOS, Stytch. - teamhanko/hanko

🔐 Şifreleri unutun! Hanko = Uygulamalarınız için açık kaynak Passkey & Auth çözümü.

🔑 Passkey (Parmak izi/FaceID) odaklı
🎨 Hazır Frontend bileşenleri
⚡ Go ile yazılmış hafif backend
🏠 %100 Self-hosted & Özgür

🔗 github.com/teamhanko/ha...

#OpenSource #Passkeys #Auth #DevOps #Hanko

JWT, Refresh Tokens, and HTTP-Only Cookies: The Complete Security Playbook Learn JWT authentication the right way.

JWT, Refresh Tokens, and HTTP-Only Cookies: The Complete Security Playbook.

Learn JWT authentication the right way.

#JWT #JWTSecurity #JWTAuthentication #WebSecurity #AppSecurity #CyberSecurity #Auth #Authentication #APISecurity #WebDev #Developers

pixicstudio.medium.com/jwt-refresh-...

It was good seeing again author T.E. MacArthur (IG @t.e.macarthur) an award-winning author of supernatural thrillers, gothic westerns, steampunk & dieselpunk mysteries.
Model: T.E. MacArthur (IG @t.e.macarthur)
Location Moscone West, San Francisco
#fanexpo2025 #fanexpo #auth

I’ve rebuilt user invites for multi-tenant SaaS way too many times.

So I finally fixed it.

Meet Invite-API — a drop-in way to invite users, manage roles, handle expirations & join companies.

#SaaS #software #API #webdev #developers #auth #startup
👉 invite-api.com