
Ask HN: What are some good resources and patterns for authentication? - vonklaus
The oauth guide[0] is incomplete and outdated but helpful. Auth0 has a lot of good information and stackoverflow does as well, although a bit balkanized.<p>Do you have resources or design patterns for authentication that provide a conceptual walkthrough of the components. Not the implementation, but the design &amp; possibly routing diagrams of:<p>* creating a new user &amp; account routing &amp; login<p>* confirming email and moving user from temp to verified account<p>* transactional email &amp; alerting user of sign ins as well as password updates.<p>* 2fa<p>Scotch.io has a pretty good guide I looked at a few years ago. It is great for a beginner side project, but most guides seem at that level. Get password, use bcrypt, verify, send token&#x2F;cookie.<p>[0]https:&#x2F;&#x2F;www.owasp.org&#x2F;index.php&#x2F;Guide_to_Authentication
======
niftich
The best (in terms of 'best effort') masterpost on this is at
[https://stackoverflow.com/questions/549/the-definitive-
guide...](https://stackoverflow.com/questions/549/the-definitive-guide-to-
form-based-website-authentication)

It's also a perpetual work-in-progress, but that's both my necessity and
design.

