The article analyzes how Anthropic’s OAuth lock‑down and tighter managed‑agent limits spurred 157,000 developers to adopt the open‑source OpenCode toolchain, weighing vendor‑neutral portability against the integrated power of Claude Code and examining the strategic trade‑offs behind the shift.
The article analyzes a company’s three‑year‑old multi‑account unified login system, detailing its original phone‑code design, an optimized password‑optional flow, third‑party OAuth integration, a split user‑basic and user‑auth table schema, and the benefits and trade‑offs of one‑click mobile number authentication.
A Vercel security incident, triggered by a compromised third‑party AI tool, exposed dozens of plaintext environment variables—including database URLs and API keys—prompting a $2 million underground sale rumor and a detailed six‑step remediation guide for frontend developers.
Vercel confirmed an intrusion where attackers leveraged the third‑party AI service Context.ai to hijack an employee’s Google Workspace OAuth access, gaining entry to internal systems and exposing ordinary environment variables, prompting a rapid public disclosure and a detailed remediation checklist for developers and admins.
The article dissects a custom OAuth implementation in a major automotive company's identity system, explains why the redirect_uri is the critical attack surface, and details how systematic fuzzing and a double‑encoding payload ultimately bypass the strict URL validation to hijack user accounts.
In March 2026, the ShinyHunters ransomware group claimed to have breached Cisco's Salesforce CRM, GitHub repositories, and AWS S3 buckets, stealing over 3 million records that include personnel data from U.S. agencies such as the FBI, DHS, IRS, NASA, as well as Australian and Indian government entities, and issued an ultimatum for Cisco to respond by April 3.
This article systematically introduces ten widely used authentication methods—including HTTP Basic Auth, Session‑Cookie, Token, JWT, Single Sign‑On, OAuth 2.0, federated login, unique‑device login, QR‑code login, and one‑click mobile login—explaining their principles, workflows, advantages, drawbacks, and typical implementation libraries.
Celebrating one year since its debut, Anthropic’s Model Context Protocol (MCP) releases a major update that introduces task‑based workflows, URL‑based OAuth client registration, enhanced security requirements, extensible components, and a suite of new features aimed at improving reliability, observability, and developer flexibility.
PostgreSQL 18 introduces async I/O for faster queries, built‑in OAuth authentication, expanded SQL standard support, optimizer and extension enhancements, and tighter Kubernetes integration, delivering higher performance, stronger security, and greater flexibility for developers and DBAs tackling modern analytics, AI workloads, and distributed environments.
This article examines the OAuth security challenges in Volcano Engine's Model Context Protocol (MCP) ecosystem and outlines a comprehensive, three‑stage defense strategy—including pre‑authorization double confirmation, token identity isolation, and API‑level permission controls—to protect user assets and data.
This comprehensive tutorial explains front‑end Single Sign‑On (SSO) concepts, covering cookie‑based, token‑based (JWT), and OAuth 2.0 implementations with detailed React code, session checking, token refresh, API interception, cross‑origin solutions, and security best practices.
This article explains how the MCP protocol adopts OAuth 2.1, Authorization Server Metadata (RFC 8414), Dynamic Client Registration (RFC 7591) and Protected Resource Metadata (RFC 9728) to provide authentication for MCP services, and shows step‑by‑step how to deploy an MCP server with Bearer authentication on Function Compute, including supergateway configuration.
This step‑by‑step tutorial walks front‑end developers through the entire process of integrating WeChat QR‑code login, covering prerequisite checklist, platform setup, core JavaScript SDK usage, callback handling, common pitfalls, security hardening, performance tweaks, debugging tricks, and a learning roadmap.
This guide explains how to install the EasyWeChat PHP SDK via Composer, meet its environment requirements, configure OAuth settings, and implement a complete authorization flow with example code for the Webman framework, including callback handling and a live demo link.
This article introduces Xiaomi’s open‑source Home Assistant integration, explains its benefits over third‑party solutions, and provides step‑by‑step instructions—including git commands—to install, update, and securely configure the component for managing Xiaomi IoT devices within Home Assistant.
This article reviews four widely used authentication mechanisms—HTTP Basic Authentication, session‑cookie, token‑based verification (including JWT), and OAuth—explaining their workflows, security characteristics, implementation details with Node.js/Express code samples, and comparative advantages for different application scenarios.
This article walks through the complete process of implementing WeChat QR code login using a Java Spring Boot backend, covering prerequisite configuration, Maven dependencies, configuration classes, QR code generation, callback handling, session storage in Redis, and frontend integration.
This article examines the historical evolution of login authentication technologies, from simple cookie‑based methods to token mechanisms, unified account centers, OAuth 2.0, and modern one‑click solutions, while discussing design considerations, security challenges, and future trends such as AI‑driven identity verification.
MaxKey is an enterprise‑grade single sign‑on solution that supports OAuth 2.x, OpenID Connect, SAML 2.0, JWT, CAS and SCIM, offering secure identity management, RBAC, multi‑tenant capabilities, robust password policies, brute‑force protection, session control, and BCrypt‑based password encryption.
This article reviews the historical evolution of login authentication—from simple username/password in monolithic apps to token mechanisms, unified account centers, OAuth, and sub‑tokens—while also presenting modern one‑click, trusted‑device, and facial‑verification login methods and future AI‑driven security trends.
This article traces the evolution of login authentication—from simple username/password and cookie storage to token‑based, OAuth, and sub‑token architectures—while presenting practical one‑click login methods such as carrier mobile verification, trusted device history, and facial recognition, and it looks ahead to AI‑driven, privacy‑focused identity systems.
This article explains the essential components of user authentication architecture, covering its importance, core principles, registration, login, session management, popular protocols like OAuth, OpenID Connect, SAML, JWT, and critical security considerations for robust protection.
JustAuth is a Java library that simplifies third‑party OAuth login by providing unified interfaces, customizable state, scopes, HTTP clients, and support for dozens of platforms, with clear code examples for quick integration such as QQ login.
This article explains how to implement WeChat OAuth login in a PHP web application, detailing required prerequisites, the authorization flow with URL endpoints, and providing a complete PHP function that exchanges the code for an access token, refreshes it if needed, and retrieves the user's nickname and avatar for storage.
This article examines the design of a flexible multi‑account authentication system, covering native phone‑code login, optimized password‑optional flows, third‑party OAuth integration, database schema separation, and one‑click carrier‑based login to improve extensibility and user experience.
OAuth 2.0 Device Authorization (RFC 8628) defines a secure flow for granting access tokens to devices lacking browsers or input capabilities, detailing the roles of client devices, authorization servers, user codes, device codes, polling, and token issuance, illustrated with a TV‑mobile example.
This article provides an in‑depth overview of authentication, authorization, and permission control concepts and compares ten common front‑end authentication techniques—including HTTP Basic Auth, Session‑Cookie, Token, JWT, SSO, OAuth 2.0, QR‑code login and one‑click login—detailing their workflows, advantages, drawbacks, and typical usage scenarios.
This article explains the concepts, relationships, and practical implementations of authentication, authorization, and access control, and compares ten common frontend authentication methods—including HTTP Basic, Session‑Cookie, Token, JWT, SSO, OAuth, and QR‑code login—detailing their workflows, advantages, disadvantages, and suitable scenarios.
This article reviews four widely used authentication mechanisms—HTTP Basic authentication, session‑cookie based authentication, token (JWT) authentication, and OAuth 2.0—explaining their workflows, security characteristics, and providing Node.js/Express code examples for each.
GitHub’s recent security incident, unrelated to OAuth token attacks, exposed over 100,000 npm users' plaintext credentials and detailed private package data, prompting a review of logging practices, notification plans, and broader implications for supply‑chain security.
Baidu’s ToB Account Permission Platform provides a unified, configurable login and permission service—including multi‑tenant account management, SSO, OAuth, and the GD‑RBAC model—delivering secure, high‑performance access for over ten million enterprise accounts across multiple product lines.
GitHub revealed that attackers exploited stolen OAuth tokens from third‑party services like Heroku and Travis‑CI to download private repository data, prompting a rapid revocation of tokens and ongoing investigation into the breach.
This article provides a detailed overview of authentication mechanisms, covering UI login methods such as Basic, LDAP, OAuth, Kerberos, and SSO, API call verification techniques like HMAC and JWT, and practical design guidelines for implementing SSO with CAS in micro‑service architectures.
This article explores the challenges of cross‑domain login state sharing, compares JWT, session‑cookie, and SSO solutions such as CAS and OAuth, details their structures, security considerations, and provides a step‑by‑step guide to building a simple SSO demo with code snippets and diagrams.
This article explains how to generate, store, and validate anti‑duplicate submission tokens in a Java web application by using a custom TokenProcessor, TokenTools utilities, and a JWT‑based OAuthTokenManager, covering both frontend button handling and backend verification logic.
This article provides an in‑depth overview of authentication, covering both UI login and API call methods such as Basic, LDAP, OAuth, Kerberos, SSO, HMAC, and JWT, and explains how to design secure, cross‑domain authentication components within micro‑service architectures.
This article provides a comprehensive guide to authentication, covering basic username/password login, LDAP, OAuth 2.0, Kerberos, SSO with CAS, as well as API authentication methods like HMAC and JWT, and offers design recommendations for both UI and API security in micro‑service architectures.
This article introduces JustAuth, a lightweight open‑source Java library that streamlines third‑party social logins by supporting dozens of platforms, explains its benefits for users and developers, and provides step‑by‑step Maven setup, HTTP client selection, and code examples for basic, builder‑pattern, and custom authentication flows.
This article introduces seven open‑source OAuth/SSO solutions—including oauth2‑shiro, tkey, MaxKey, spring‑lhbauth, oauth2, oauthserver, and JustAuth—detailing their features, supported protocols, and repository links to help developers implement secure authentication and token management in web and mobile applications.
JustAuthPlus v1.0.0, released on February 18 2021, introduces a TOTP module, one‑click logout, updated scripts, extensive refactoring, and a suite of authentication features such as SSO, OAuth, OIDC, SAML, and multi‑language support, positioning it as a versatile open‑source login middleware.
This article explains the principles and workflows of typical authentication mechanisms—including HTTP Basic authentication, cookie‑based sessions, JSON Web Tokens, and OAuth—detailing their encryption processes, storage strategies, token refresh techniques, and security considerations for modern web applications.
Security researcher William Bowling discovered that Rails' url_for helper can be abused via controllable parameters to create open redirects and account takeover on GitHub Gist, allowing theft of OAuth tokens and earning a $10,000 bounty.
This tutorial explains how to integrate QQ third‑party login into a PHP website by obtaining QQ Connect credentials, downloading and configuring the SDK, adding the necessary OAuth code, creating a login button, and handling the callback to retrieve user information.
This tutorial walks you through registering a QQ Connect application, adding the required Maven dependency, creating the login page, implementing the Spring Boot controller and AuthComment utility class, configuring Freemarker, and handling the OAuth flow to achieve seamless QQ authentication in a Java backend.
This tutorial explains how to configure a certified WeChat public account, construct the OAuth authorization URL, exchange the returned code for an access token, retrieve the user's basic profile—including nickname—and redirect back to the H5 page, while covering required parameters and token refresh details.
This article explains the concept of OAuth, its typical use cases such as third‑party login, the roles of user, service provider, and platform, and provides a step‑by‑step flow with code examples for obtaining authorization codes, access tokens, and user information.
This tutorial walks through installing Laravel Socialite and the WeChat provider, configuring environment and service files, adding routes and controller methods, and handling user authentication to enable seamless third‑party WeChat login in a Laravel application.
This article demystifies QR code login by covering what QR codes are, how mobile token‑based authentication works, and the step‑by‑step flow that enables secure PC login via scanning, confirming, and token exchange.
This guide details how to design the backend, database schema, authentication flow, and Java code required to integrate QQ and Weibo one‑click login for a website, covering token handling, user data retrieval, and practical security considerations.
This article explains the OAuth authorization process, illustrating how a third‑party app like a WeChat‑based login requests user permission, obtains a code, exchanges it for an access token, and uses that token to access user data, while highlighting token expiration and business‑scenario applications.
This article explains token authentication, the structure and claims of JSON Web Tokens (JWT), their relationship with OAuth, and demonstrates how to create, sign, and verify JWTs in Java using the JJWT library, while also covering security best practices and useful tooling.
This article explains the OAuth protocol, its role in providing secure third‑party access to user resources, describes the overall authorization architecture, outlines the involved parties and step‑by‑step flow, and details the four main grant types along with token refresh mechanisms.
This article explains why open platforms emerged, outlines their essential functional modules such as service gateways, management, proxy, security, OAuth, registration, sandbox, and developer portals, and discusses future trends and technology evolution for open API platforms.
This guide explains the three core pillars of RESTful API security—client authentication, data encryption, and post‑authentication authorization—detailing practical methods such as signature keys, HTTP Basic/Digest, OAuth, SSL, selective encryption with salts, and role‑based access control.
This article explains how we designed and implemented a scalable OAuth token storage and refresh system using Tarantool’s in‑memory database, Raft leader election, sharding across multiple data centers, and a custom lightweight queue to handle high‑throughput token updates while maintaining consistency and fault tolerance.
This guide walks through integrating QQ login into a Spring MVC Java application, covering environment setup, domain and callback configuration, SDK deployment, common pitfalls like non‑80‑port issues, configuration file settings, Maven dependency handling, SSL fixes, and provides a complete controller example.
This article explains the fundamentals of RESTful architecture—including resources, uniform interfaces, URIs, statelessness—and compares it with ROA, SOA, and RPC, while also covering authentication methods such as Basic, Token, and OAuth, offering practical guidance for building robust microservice APIs.
