Authentication on Commentary of Takaohttps://takao.blog/en/tags/authentication/Recent content in Authentication on Commentary of TakaoHugo -- gohugo.ioenCommentary of TakaoSat, 13 Jun 2026 23:11:50 +0900WebAuthn and Passkeys: Passwordless Authentication in 2024https://takao.blog/en/web/webauthn-passkeys/Tue, 02 Apr 2024 00:00:00 +0900https://takao.blog/en/web/webauthn-passkeys/<img src="https://takao.blog/img/thumnail.webp" alt="Featured image of post WebAuthn and Passkeys: Passwordless Authentication in 2024" /><p>Passwords have been the primary authentication mechanism for decades, but they come with well-documented security and usability problems. WebAuthn (Web Authentication) and the emerging passkey ecosystem promise to replace passwords with cryptographically secure, phishing-resistant authentication. As of 2024, passkey support has reached critical mass across all major platforms, making this the ideal time to implement passwordless authentication.</p> <h2 id="understanding-webauthn">Understanding WebAuthn </h2><p>WebAuthn is a W3C standard that enables public-key cryptography-based authentication on the web. The core flow involves two operations: registration and authentication. During registration, the server sends a cryptographic challenge to the client, the authenticator creates a new key pair, and the public key is stored on the server. During authentication, the server sends a challenge, the authenticator signs it with the private key, and the server verifies the signature against the stored public key.</p>OAuth 2.0 and OpenID Connect: Modern Authentication Guidehttps://takao.blog/en/web/oauth-oidc/Mon, 29 Jan 2024 00:00:00 +0900https://takao.blog/en/web/oauth-oidc/<img src="https://takao.blog/img/thumnail.webp" alt="Featured image of post OAuth 2.0 and OpenID Connect: Modern Authentication Guide" /><p>OAuth 2.0 and OpenID Connect form the backbone of modern web authentication and authorization. Despite their ubiquity, these protocols are frequently misunderstood and misconfigured, leading to preventable security vulnerabilities. This guide covers the core concepts, implementation patterns, and security best practices you need to integrate authentication securely in your applications.</p> <h2 id="oauth-20-fundamentals">OAuth 2.0 Fundamentals </h2><p>OAuth 2.0 is an authorization framework, not an authentication protocol. This distinction is critical: OAuth defines how a client application can obtain delegated access to protected resources, but it does not specify how to verify the user&rsquo;s identity. That is where OpenID Connect comes in.</p>