How To Build Your Own Auth
Syntax - Tasty Web Development Treats17 Mar 2021

How To Build Your Own Auth

In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Hasura - Sponsor With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn. Show Notes 01:51 - Overview Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table. Accounts.js 05:13 - JWT Base 64 encoded (not encrypted) token that contains data. We have both accessTokens and refreshTokens. JWT has three parts: Header What kind of algo was used Payload Data about the user Email Username UserID refreshToken, authToken, sessionId Signature This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it. accessToken A short lived JWT that contains the sessionToken, userId and expires after 90min. refreshToken A long lived JWT that contains just the sessionToken and doesn’t expire. JWT can be decoded and read, but you have to encode them with your secret. JWT can be stored anywhere, there are two main places: 20:26 - Cookies We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated. Because these are httpOnly cookies, they cannot be accessed by JavaScript in the client and can only be set and removed on the server. Note: Safari has stricter rules than others for same domain cookies (e.g. localhost won’t work). 34:26 - Sessions Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user’s connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session. Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false. Sessions also have sessionToken which are generated on authentication or create account. 38:10 - CORS Cross-origin-resource-sharing Can be super tricky to get working cross-domain You usually have to actually visit the website for the cookie to be set, even with lax cors 46:06 - CSRF 48:47 - Authentication process bcrypt.js 52:13 - Helper Packages NextAuth.js is super easy Passport.js auth0 Links Caddy Fastify ××× SIIIIICK ××× PIIIICKS ××× Scott: reMarkable 2 Wes: Opration Odessa Shameless Plugs Scott: Node Fundamentals Authentication - Sign up for the year and save 25%! Wes: Advanced React - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Episoder(967)

919: Better Auth with Better Auth

919: Better Auth with Better Auth

Scott and Wes recap the current state of web authentication and explore how Better Auth simplifies the whole process. With built-in plugins, modern features, and no need to hand-roll your own solution, Better Auth makes secure login a breeze for developers. Show Notes 00:00 Welcome to Syntax! 00:59 Scott’s history with authentication. 02:05 Brought to you by Sentry.io. 03:15 My opinion has changed on auth. 04:40 Current authentication options. 06:32 Arctic. 06:56 OpenAUTH. 07:36 Auth.js. 08:02 Better Auth. 10:45 Better Auth CLI. 11:37 Email integration. 12:09 Hooks and Tokens. 13:43 CAPTCHA Integration. 14:36 Database Integration. 15:04 Integrations. 15:19 Plugin Ecosystem. 17:40 Admin features. 19:41 The Docs. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

14 Jul 202526min

918: Extreme Native Perf on the Web with Superhuman

918: Extreme Native Perf on the Web with Superhuman

Wes and Scott talk with Loïc Houssier about how Superhuman builds lightning-fast, delightfully-designed email software. They dig into engineering philosophy, offline-first architecture, local databases, AI-powered productivity, and what it takes to create tools that people love. Show Notes 00:00 Welcome to Syntax! 03:05 Inside Superhuman and Loïc’s role 06:49 Is Superhuman native? What’s the tech stack? 08:16 How Superhuman approaches product design and speed 12:17 Local-first architecture – Sync, storage, and performance Realm 13:46 Vector search, AI, and privacy considerations 18:12 How the team ships fast and stays focused 21:27 Rethinking email for the future 26:54 Brought to you by Sentry.io 27:19 How calendar integration and smart features work 29:54 Where new ideas come from 31:54 Will there ever be a true dark mode? 33:02 Are people actually using keyboard shortcuts? 36:42 How shortcuts work and the role of the command palette 41:28 Engineering for speed – Costs and trade-offs 43:32 How Superhuman’s sync engine works 46:09 What code runs locally and what runs on the server? 46:51 How Superhuman handled the Google and Cloudflare outage Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

9 Jul 202548min

917: AI Tools You Should Know

917: AI Tools You Should Know

Scott and Wes round up the hottest AI tools you should have on your radar; from text-to-speech wizards to self-hosted image generators. They break down what they’re using, what’s worth paying for, and which tools are changing their workflows. Show Notes 00:00 Welcome to Syntax! 00:49 Getting too cozy with your tools. 01:34 Brought to you by Sentry.io. 03:40 LangFlow. 08:44 Super Whisper and Whisper Flow. 15:00 Dia. 23:16 Chat apps. Claude ChatGPT Raycast Cursor Midjourney (Imagine.art) 26:58 Self-hosted. 27:01 Comfy UI. 31:27 Automatic1111 and Forge UI. Xenova Shoutout 34:11 Sick Picks & Shameless Plugs. Sick Picks Scott: Rat A Tat Cat Card Game. Wes: Syntax Hats Shameless Plugs Wes: Syntax Hats Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

7 Jul 202537min

916: I got fired, what should I focus on?

916: I got fired, what should I focus on?

In this potluck episode of Syntax, Wes and Scott answer your questions about maintaining popular open-source projects, where to start after a layoff, impostor syndrome, Scott’s recording setup, whether a computer science degree is still worth it in the age of AI, and more! Show Notes 00:00 Welcome to Syntax! 00:44 Brought to you bySentry.io 04:16 How to maintain a successful NPM package 08:03 What to do in Denver while attending Laracon 11:18 How to branch out and learn new frameworks while balancing work life and family 15:55 Built-in state management vs external state managementFull Stack App Build | Travel Log w/ Nuxt, Vue, Better Auth, Drizzle, Tailwind, DaisyUI, MapLibre 19:43 Suggestion for CSS battles: Removing white space and new lines after the time limit? 23:06 What is Scott’s recording setup? Aputure Light Dome Aputure Amaran 150c Sony FX3 Electro-Voice RE20 27:46 Snake case vs camel caseEye Tracking Study on camelCase and under_score Identifier Styles 31:16 Have you ever had impostor syndrome? 34:56 Is a degree worth it for computer science or machine learning? 38:41 Should I use a reverse proxy server?Ep 798: Self Hosting: Reverse Proxy Servers 42:03 Where to start when updating your webdev skillset 50:11 Sick Picks + Shameless Plugs Sick Picks Scott:Cardboard Cutter Wes:Kitchen Scissors Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax:XInstagramTiktokLinkedInThreads Wes:XInstagramTiktokLinkedInThreads Scott:XInstagramTiktokLinkedInThreads Randy:XInstagramYouTubeThreads

2 Jul 202558min

915: $200mo Background Agents, CLI Tooling and “Max Mode”

915: $200mo Background Agents, CLI Tooling and “Max Mode”

AI coding agents are getting wild. Scott and Wes break down the latest tools that run in the background, write code across multiple steps, and charge you $200 a month to do it. From CLI-based primitives to full-on copilots, this episode covers the next wave of dev tools and what it takes to use them effectively. Show Notes 00:00 Welcome to Syntax! 03:13 Background Agents. 04:26 Appropriate tasks for background agents. 12:46 CLI tooling. 14:17 Claude Code Pricing. 18:20 Approaches to get the most from these tools. 19:56 PRD Documents. Atlasian What’s a PRD Document. 20:50 Claude Taskmaster. Langflow. 25:29 Sick Picks & Shameless Plugs. Sick Picks Scott: RingConn. Wes: Dell Projector Shameless Plugs Scott: Syntax on YouTube. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

30 Jun 202533min

914: 5 Upcoming + Next Gen JavaScript Features

914: 5 Upcoming + Next Gen JavaScript Features

Wes and Scott talk about the latest JavaScript proposals from TC39, including features like import defer, the powerful new random namespace, Array.fromAsync, and native clamp and upsert methods. They break down what’s coming, why it matters, and how it might improve your code. Show Notes 00:00 Welcome to Syntax! 02:55 Brought to you by Sentry.io 05:37 Import Defer proposal-defer-import-eval proposal-deferred-reexports Rob Palmer 09:30 Random Functions proposal-random-functions proposal-seeded-random 18:32 Array from Async proposal-array-from-async 20:56 Upsert for Maps proposal-upsert 23:13 Clamp proposal-math-clamp 27:02 Sick Picks + Shameless Plugs Sick Picks Scott: Anker Max USB 4-Port Wes: Clarkson’s Farm Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

25 Jun 202533min

913: NEWS: Remix drops React, Safari 26 CSS + mega fast Vite and TypeSCript

913: NEWS: Remix drops React, Safari 26 CSS + mega fast Vite and TypeSCript

Wes and CJ break down the latest web dev news, including big changes in Safari 26, TypeScript Native Previews, and Remix dropping React. They also chat about new proposals from TC39, Vite 7 beta, and a surprise project from the Astro team. Show Notes 00:00 Welcome to Syntax! 00:41 Safari WWDC. 01:05 SVG Favicons. 02:01 Every site can be a web app on iOS and iPadOS. 03:08 WebGPU in Safari. 08:02 Lots of CSS goodies. @Una Tweet. 10:19 Remix 3 dropping React. Wake Up Remix. @mjackson Tweet. 17:40 Typescript Native Preview. @drosenwasser Tweet. Microsoft Blog: Announcing TypeScript Native Previews. 20:53 Cursor 1.0. 29:12 TC39 Advances Several Proposals to Stage 4. 29:51 Array.fromAsync. 31:15 Error.isError. 32:14 Explicit Resource Management: using. 36:53 Astro Creators working on an email client. @FredKSchott Tweet. 39:23 Announcing Rolldown-Vite. Voidzero. Compatibility. 44:43 Vite 7 in Beta. 46:04 Angular v20 Released. 47:30 Take the State of CSS Survey! 48:40 Brought to you by Sentry.io. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

23 Jun 202550min

912: Why did Figma buy a CMS?

912: Why did Figma buy a CMS?

Wes chats with James Mikrut, founder of Payload CMS, about being acquired by Figma! They discuss building an open source business, the future of UI design, AI interfaces, and what this means for the future of Payload and Figma. Show Notes 00:00 Welcome to Syntax. 01:06 What is Payload CMS? 01:56 The big announcement. 03:03 Why does Figma want a CMS? 05:23 This has got to be about AI, right? 09:37 Brought to you by Sentry.io. 10:02 What will the interface be? 14:02 Generative, user-specific UI. 16:17 Agents make everything look like ShadCN. 18:18 What does this mean for Payload users? 20:23 How this improves Payload. 22:31 Trying to stand out as a CMS. 23:35 Is this going to cost users? 25:12 Sick Picks & Shameless Plugs. Sick Picks James: Triumph Street Triple, Malört Liquor. Shameless Plugs James: PayloadCMS. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

17 Jun 202526min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
stopp-verden
popradet
lydartikler-fra-aftenposten
bt-dokumentar-2
forklart
det-store-bildet
aftenpodden-usa
dine-penger-pengeradet
fotballpodden-2
rss-gukild-johaug
hanna-de-heldige
aftenbla-bla
rss-penger-polser-og-politikk
rss-ness
e24-podden
oppdatert
rss-borsmorgen-okonominyhetene
ukrainapodden