#jwt

2 entries

2026-06-10 nodejs authentication security

Node.js Super Senior · Phase 15 — Auth & Security Capstone: JWT, OAuth2 & RBAC

The bonus-arc finale: master modern auth. JWT anatomy and signing, access/refresh rotation, cookie vs header storage and the XSS/CSRF trade-off, token revocation with Redis, OAuth2/OIDC with PKCE, and role/permission RBAC as NestJS guards.
2026-06-09 nodejs authentication security

Node.js Super Senior · Phase 5 — Authentication & Security

Phase 5: lock down your API — password hashing with bcrypt/argon2, sessions vs JWT (anatomy, refresh tokens, rotation), secure cookies, OAuth2/OIDC, RBAC and ownership checks, and defenses against XSS, CSRF and injection.