Authentication Roadmap

Note: Not all questions may match a certain category on the roadmap.

Authentication Basics

Concepts

What is authentication? ->

Authentication vs. Authorization ->

Principles of secure authentication ->

Authentication Mechanisms

Concepts

Password hashing and salting ->

Session-based authentication (JWT, OAuth) ->

Token-based authentication (JWT, OAuth) ->

Single sign-on (SSO) ->

Social logins

Two-factor authentication (2FA)

Multi-factor authentication (MFA)

Session management and cookies

Identity and Access Management (IAM)

Concepts

Users, roles, permissions

Access control models (ACLs, RBAC)

Authorization best practices

Identity federation

Understanding OAuth 2.0 and OpenID Connect

Kerberos and LDAP for enterprise authentication

SAML for web-based single sign-on

JSON Web Tokens (JWT) for stateless authentication

Security Considerations

Concepts

Vulnerabilities and exploits (SQL injection, brute force attacks, password spraying, phishing)

Password management best practices

Secure session handling

CSRF protection

Rate limiting and account lockouts for security purposes

Best practices for secure user auth

Legal/compliance (GDPR)

Advanced Authentication Techniques

Concepts

Biometric authentication (fingerprint, facial recognition)

Passwordless authentication (magic links, push notifications)

Adaptive authentication

Risk-based authentication

Certificate-based authentication

Smart card and hardware token auth

Real-world Auth Implementations

Concepts

Auth0

Clerk

Firebase Auth

AWS Cognito

Supabase Auth