Auth on Hi, I'm Muhammad Amal

Auth on Hi, I'm Muhammad Amal https://muhammadamal.my.id/tags/auth/ Recent content in Auth on Hi, I'm Muhammad Amal Hugo en-us Fri, 11 Nov 2022 09:00:00 +0700 OAuth 2.1 vs OAuth 2.0, What Changed https://muhammadamal.my.id/blog/oauth-21-vs-20/ Fri, 11 Nov 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/oauth-21-vs-20/ OAuth 2.1: PKCE always, no implicit, no password grant. Aligning your implementation. Refresh Tokens and Token Revocation https://muhammadamal.my.id/blog/refresh-tokens-revocation/ Wed, 09 Nov 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/refresh-tokens-revocation/ Refresh tokens correctly: short access + long refresh, rotation, revocation lists, defeat theft. Why JWT for Sessions Is Usually Wrong https://muhammadamal.my.id/blog/jwt-for-sessions-usually-wrong/ Mon, 07 Nov 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/jwt-for-sessions-usually-wrong/ JWT vs server sessions. When JWT pays off, when it costs. Migration paths. JWT Done Right, Signing, Verifying, Rotating Keys https://muhammadamal.my.id/blog/jwt-done-right/ Fri, 04 Nov 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/jwt-done-right/ JWT done right: RS256/ES256, expiry, audience, JWKS rotation. Patterns that prevent disaster. Next.js 12 Middleware for Auth and Redirects https://muhammadamal.my.id/blog/nextjs-middleware-auth-redirects/ Fri, 22 Apr 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/nextjs-middleware-auth-redirects/ Next.js 12 middleware. Edge auth, redirects, A/B tests, bot blocking. Patterns + limits.