75,680 questions
Best practices
0
votes
1
replies
21
views
How should an app gracefully handle passkey deletion?
I’m using passkeys with ASAuthorizationController (ASAuthorizationPlatformPublicKeyCredentialProvider). Registration and authentication work correctly on iOS 16+.
However, if the user explicitly ...
- 1,336
1
vote
0
answers
33
views
Wildfly 39 JSF Login authentication
I'm trying to configure a form-based authentication for my JSF app in Wildfly 39, and I've come across these sources:
https://rieckpil.de/howto-simple-form-based-authentication-for-jsf-2-3-with-java-...
- 104
1
vote
0
answers
66
views
Blazor wasm Authentication with Roles
I'm looking into implementing authentication in a client side Blazor application with wasm.
Microsoft has a sample for exactly that scenario, but - not very confidence inspiring - it seems broken: ...
- 30.5k
-1
votes
0
answers
38
views
How to protect routes in Next.js when auth tokens are stored in HttpOnly cookies? [closed]
I’m using Next.js (App Router) where authentication is handled by the backend.
The backend sets access and refresh tokens in HttpOnly + Secure cookies, so the frontend cannot read token values (which ...
0
votes
0
answers
31
views
StaticWebapp not setting value on wellKnownOpenIdConfigurationSettingName from azure env values
I have this configuration:
{
"mimeTypes": {
".js": "application/javascript",
".mjs": "application/javascript",
".cjs": "...
- 3,482
1
vote
1
answer
60
views
How does Passkeys behave across iOS 15 → iOS 16 when using ASAuthorizationController?
I’m integrating authentication using Apple’s authorization APIs and supporting multiple iOS versions:
• ASAuthorizationController (iOS 13+)
• ASAuthorizationPlatformPublicKeyCredentialProvider (...
- 1,336
Best practices
0
votes
3
replies
30
views
Angular + .NET (Azure AD BFF): Handling 401 due to token expiry without losing unsaved form data (auto-save to DB only)
I’m working on an Angular frontend with a .NET BFF backend secured using Azure AD authentication (cookie-based, no tokens stored in local/session storage).
Current setup:
Frontend: Angular
Backend: ....
- 11
Best practices
1
vote
4
replies
54
views
How do I differentiate each device so that each one has its own unique refresh token linked to the same account?
I am designing a mobile application with a user login system.
I am going to implement refresh tokens in order to allow for users to only have to log in once every 30 days.
How do I differentiate each ...
- 91
0
votes
1
answer
42
views
GitHub Actions checkout fails with "Not Found" error for SSO-protected enterprise repository despite valid PAT
Problem
I'm trying to checkout a private GitHub Enterprise repository in a GitHub Actions workflow, but it consistently fails with a "Not Found" error even though I have a valid Personal ...
- 1
Advice
1
vote
0
replies
37
views
Why Authentication and User Management tools are not made for PHP/Symfony?
I try to configure my Symfony project with a User Management to separate my user management from my app database.
I found some tools, as Clerk, Supabase, Authentik and I have try each tool, but ...
- 33
1
vote
0
answers
64
views
ASAuthorizationControllerDelegate always returns .canceled for Face ID passcode fallback and failed attempts
I’m implementing Sign in with Apple / Passkeys using ASAuthorizationControllerDelegate and handling errors via:
func authorizationController(
controller: ASAuthorizationController,
...
- 1,336
Best practices
0
votes
9
replies
47
views
What security measures to implement when using React JS and Python Backend with Rest API
I am building a React + python(Fast API) application where these 2 applications are connected via Rest API. My question is if anyone who knows the ENDPOINT , and params that needs to be sent, Anyone ...
Advice
0
votes
1
replies
29
views
How to handle authorization in a microservices environment using session-based authentication?
I lack experience with system design, and I’m struggling to understand how all the pieces fit together. I’d appreciate some help seeing the “big picture.”
I’m building a web application with a ...
0
votes
0
answers
28
views
in gcp mysql, can't get the authentication_iam plugin to load [migrated]
I'm running mysql via gcp's cloud platform and I'm trying to get service account iam passwordless access working. Today's blocker is the authentication_iam plugin.
The docs (and AIs) tell me to set ...
- 3,803
-4
votes
1
answer
181
views
Authenticate into Apache via PHP (htaccess login done by PHP) [closed]
I want to allow directory index (list directory in browser) but only for users logged in via php. Users not logged in should not have any access.
Is it possible to log in to apache (AuthType Basic, ...
- 271
Best practices
1
vote
1
replies
19
views
Fetching user data (Next.js + Supabase)
I am building a website with Next.js and Supabase (beginner here). I created a page.tsx with a layout.tsx in a dashboard folder in my app router. Currently I am doing a check in layout.tsx to verify ...
- 1
0
votes
0
answers
69
views
Zoho ASAP JWT authentication enabled but widget still behaves as guest user and asks for email/name
I am integrating Zoho Desk ASAP widget with JWT-based authentication in my web application.
I have completed the initial setup, but even after login, the widget still behaves like a guest user instead ...
- 141
Advice
1
vote
0
replies
14
views
How to work sqladmin token and secret_key management?
I set up sqladmin to fastapi project. I used aminalaee docs for set up. That works. But I do not understand some components as <token> and <secret_key>. Can somebody clarify those ...
- 69
1
vote
1
answer
40
views
Email Claim is always missing in the startup.auth.cs but it present in the Token
I am using a .NET 4.8 application with Angular v22. When I try to login via a controller method, it always throws an exception that the email claim is missing. But it is present in the JWT token.
Here ...
- 40
0
votes
1
answer
103
views
Azure AD login returning unauthorize (401) inspite of having up-to-date configs
I am trying to integrate Azure AD login in my .NET 4.8 application with an Angular frontend.
But when I try to authenticate, it's returning an http 401 "Unauthorized" error.
In the ...
- 40
Best practices
0
votes
0
replies
12
views
Next.js App Router + ASP.NET Core Web API: Best practice for access token in memory and refresh token HttpOnly cookie
I have a Next.js application using the App Router and an ASP.NET Core Web API.
Current authentication model:
Access token: short-lived, intended to be kept in memory
Refresh token: stored as an ...
Best practices
2
votes
0
replies
18
views
What are the security and feature checkpoints for considering an authentication system “complete” in a web application?
I’m building a web application and started with authentication, but I keep feeling it’s incomplete. In a professional production environment, what are the essential steps or criteria to ensure the ...
- 1
0
votes
1
answer
83
views
Next.js UI flicker after login
I’m facing an issue with Next.js + NextAuth. I recently implemented authentication in my Next.js project. The login works fine—but after refreshing the page, something strange happens:
What’s ...
1
vote
0
answers
82
views
Issue regarding authentication from the Coinbase using websocket (WS) in the Visual Basic 6.0
With FIX 4.2 being deprecated soon, I have been doing a client work to get me some websocket data for my PC here. He has had difficulty in connecting to the sandbox (see below). I'm afraid it came in ...
- 11
2
votes
1
answer
101
views
AADSTS7000215: Invalid client secret provided for unexpired key
While loading a project I hadn't touched in a few weeks in Visual Studio 2022, I received this:
MsalServiceException: A configuration issue is preventing authentication... Original exception: ...
- 753
0
votes
0
answers
82
views
Why can’t my client-side Supabase auth read the session after middleware sets cookies in Next.js 16?
I’m using Next.js 16 (App Router) with Supabase SSR auth, and I’m stuck on a mismatch between server-side and client-side auth state.
The server clearly knows the user is authenticated, but the ...
0
votes
0
answers
27
views
Heroku Review App Links don't properly get redirected with Google Auth
I have an app deployed through Heroku and running in multiple environments. Staging and production have dedicated links which are registered with an auth application in Google Cloud Console and work ...
- 79
1
vote
1
answer
68
views
"forbidden" error message in ASP.NET Core OIDC authentication flow
I am trying to configure an ASP.NET Core app to use the OIDC authentication flow.
I have successfully done this in the past, with the Microsoft.AspNetCore.Authentication.OpenIdConnect package and the ...
- 8,211
0
votes
1
answer
62
views
Href Url redirect after Login NextJS & Next Auth
I am trying, when I have a dedicated link like https://mywebsite.com/user/4545454554, to be redirected on this page after the authentication is done. Indeed when a customer has a link to click, he ...
- 1,037
0
votes
0
answers
62
views
How to sync Fundraise Up webhook data to external authentication provider?
I'm integrating Fundraise Up donations with a membership system that needs authentication. When a user donates, Fundraise Up sends a webhook with donor information, and I need to automatically create/...
- 21
Best practices
0
votes
0
replies
56
views
What is the Best Approach to both Authenticate and Persist Authentication for Federated Systems?
For this setup, let's assume that here are no libraries to use (public/private/paid or otherwise) and so this task has to be completed without them. Also, let's assume that all communication between ...
- 43
Best practices
0
votes
0
replies
18
views
Good Authentication/Authorization method for media streaming platform
I’m building a music streaming platform (like Spotify) as a study project and I’m working on authen/author mechanism. Can I have some advices on what kind of authen/author I should use for the ...
- 23
Advice
0
votes
2
replies
44
views
Firefox keeps asking gmail login for udemy
I login to Udemy.com using Gmail, in Firefox. The Firefox browser doesn't remember the Gmail credentials and prompts for login everyday.
In the Firefox Settings > Cookies & Site Data, I have ...
- 2,409
1
vote
0
answers
30
views
Laravel 12 Handling Multiple Session Guards [duplicate]
I am creating a Laravel application that will need two different authentication guards both leveraging database sessions.
Before someone suggests using roles and permission to solve the problem, there ...
- 4,169
0
votes
0
answers
96
views
User-managed identity with Graph API in Azure Function
We are moving to user-managed identity-based authentication from certificate-based. Current code uses PnP core to talk to SharePoint.
However, even after providing the site.fullcontrol permission to ...
- 284
0
votes
1
answer
101
views
Why am I getting a 401 from Coinbase Advanced API using ES256 JWT, even with a valid JSON key and permissions?
I’m trying to authenticate with the Coinbase Advanced API using an ES256 signed JWT, but I keep getting a 401 response from every endpoint.
I’m using a JSON API key created in the Coinbase Developer ...
3
votes
1
answer
155
views
Access VBA for MDW User-Level Security
I have a .accdb front-end, and a .mdb backend.
I am opening the Front-End as a COM object via PowerShell ...
$accessApp = New-Object -ComObject Access.Application
$accessApp.OpenCurrentDatabase($...
- 93
0
votes
1
answer
60
views
Multi Authentication in .NET 4.6.1
I have a case where I have to implement multi authentication in my API.
controller.cs:
public class TestController
{
[Authorize]
[CustomAuthFilter]
public async Task<IHttpActionResult&...
3
votes
1
answer
261
views
Authentication error when trying to install @livewire/vite-plugin
I've been trying to install @livewire/vite-plugin since last week, but I'm getting an authentication error. I researched it and saw that npmjs is forcing the creation of tokens for validation. I ...
1
vote
1
answer
123
views
angular-auth-oidc-client with AWS Cognito PKCE Flow state error
I'm building an application that uses AWS Cognito as IDP for authentication and angular-auth-oidc-client library to handle authentication on my Angular 21 client.
I configured it as follows:
config: {
...
0
votes
1
answer
74
views
How to hide UI elements in a custom frontend based on Dataverse security roles when using MSAL authentication?
We are building a custom frontend application (SPA) that authenticates users against Microsoft Dataverse using MSAL and OAuth.
The UI should hide certain navigation items and actions, e.g. show the &...
- 21
0
votes
0
answers
83
views
Authentication persistence issues when upgrading Supabase Flutter from v1 to v2
I want to ensure that users only need to log in the first time after downloading my mobile app, and save their user sessions so they don't need to re-authenticate every single time they open the app.
...
- 1
Advice
0
votes
4
replies
45
views
Best Approach to High Volume Azure App Service Authentication
What would be the best approach for a MAUI app with a potentially very large volume request usage of an Azure App Service API for implementing authentication for the app only vs a user? I envision ...
- 112
1
vote
0
answers
58
views
FastAPI-Login optional dependency always returns None even with a valid token
I'm building a login system with FastAPI and fastapi-login. I already have a /register route working.
My goal is:
If a valid token is present, allow access to certain routes.
If no token or an invalid ...
- 48
0
votes
1
answer
82
views
Autodesk Platform Services (APS) Authentication (OAuth) error
I’m trying to implement 3-legged authentication for APS using this source and this source.
I’ve written C# code that generates the authorization URL and opens it in the browser for the user to sign in....
- 59
0
votes
1
answer
102
views
Trino Select from public aws S3 storage anonymously (hive connector)
My hive connector config, hive_aws.properties:
connector.name=hive
hive.metastore.uri=thrift://hive-metastore:9083
fs.native-s3.enabled=true
s3.endpoint=https://s3.amazonaws.com
s3.region=us-east-1
(...
- 353
1
vote
1
answer
77
views
Using API Generated Token To Authenticate User In Blazor Server Application
I have an ASP.NET Core Web API which uses JWT to authenicate users. It all works as expected. I call to my login endpoint and get a JWT. I can then pass this JWT in the "Authorization" ...
- 11
Best practices
2
votes
0
replies
70
views
How should I pass user secrets from my frontend to my backend with Tauri?
I'm currently working on an app that stores secrets in an encrypted vault, and the key is derived from a user password. How can I securely prompt the user for their password? Is the IPC with invoke ...
- 191
0
votes
0
answers
98
views
DefaultAzureCredential failed to retrieve a token from the included credentials
I am trying to follow this: https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/tools/code-interpreter?view=foundry-classic&pivots=csharp
I have (in my local Visual Studio Environment)...
- 149
0
votes
1
answer
38
views
apache auth-kerb and a user list to allow doesnt work
I guess the solution is quite easy, but I just dont see the point:
We had a kerb auth working, but s'one destroyed it quite a while ago.
Now I dont get it working again:
kerb authentication works and ...
- 374