Engineering posts about Authentication
Curated summaries and key learnings for engineers working with Authentication.
Snap Cloud: A Backend for Spectacles, Powered by Supabase
Snap Cloud is a backend platform designed specifically for Spectacles developers, leveraging Supabase to provide essential backend services such as databases, file storage, and real-time...
Managed OAuth for Access: make internal apps agent-ready in one click
The article outlines Cloudflare's implementation of Managed OAuth to enhance access for internal applications, allowing agents to authenticate seamlessly. It describes the challenges faced when...
Securing non-human identities: automated revocation, OAuth, and scoped permissions
The article addresses the critical need for securing non-human identities in software development, particularly in the context of agentic AI systems. It outlines the risks associated with credential...
Dynamic, identity-aware, and secure Sandbox auth
The article explores the implementation of dynamic, identity-aware authentication mechanisms for sandbox environments, emphasizing the use of outbound Workers to enhance security and control over...
Cloudflare targets 2029 for full post-quantum security
Cloudflare has set a target of 2029 to achieve full post-quantum security, emphasizing the importance of transitioning to post-quantum authentication alongside encryption. The article outlines the...
Enhancing Security with User-Specific Access Keys for DigitalOcean Functions
The article outlines a significant update to DigitalOcean Functions, transitioning from a shared credential model to user-specific access keys. This change enhances security by ensuring that access...
Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humans
Cloudflare has introduced a suite of fraud prevention capabilities aimed at mitigating account abuse from both automated bots and human attackers. Key features include leaked credentials detection,...
Active defense: introducing a stateful vulnerability scanner for APIs
The article introduces Cloudflare's new stateful vulnerability scanner designed specifically for APIs, addressing the limitations of traditional defensive security measures. It highlights the...
Fixing request smuggling vulnerabilities in Pingora OSS deployments
The article addresses critical HTTP/1.x request smuggling vulnerabilities identified in the Pingora open source framework, particularly when deployed as an ingress proxy. It outlines the nature of...
Stop reacting to breaches and start preventing them with User Risk Scoring
The article presents a proactive approach to cybersecurity by integrating User Risk Scoring into zero trust network access (ZTNA) policies. It outlines how Cloudflare One's platform allows security...
Moving from license plates to badges: the Gateway Authorization Proxy
The Gateway Authorization Proxy is a solution designed to enhance security by shifting user identity verification from devices to the network level. It utilizes Cloudflare's global infrastructure to...
Defeating the deepfake: stopping laptop farms and insider threats
The article highlights the increasing threat of insider fraud facilitated by advanced AI technologies, particularly deepfakes, which challenge traditional security measures. It emphasizes the...
Mind the gap: new tools for continuous enforcement from boot to login
The article introduces new tools from Cloudflare aimed at enhancing security through continuous enforcement from boot to login. It highlights the challenges of maintaining security without hindering...
Always-on detections: eliminating the WAF “log versus block” trade-off
The article presents a novel approach to web application security through the introduction of always-on detections that eliminate the traditional trade-off between logging and blocking malicious...
Introducing the 2026 Cloudflare Threat Report
The 2026 Cloudflare Threat Report outlines significant shifts in the cybersecurity landscape, emphasizing the transition from brute force attacks to high-trust exploitation strategies employed by...
Toxic combinations: when small signals add up to a security incident
The article explores the concept of 'toxic combinations' in cybersecurity, where seemingly harmless signals can converge to create significant security incidents. It highlights how minor...
Supabase Template is Now Available on DigitalOcean App Platform
The article announces the availability of a Supabase template on DigitalOcean App Platform, enabling developers to deploy a complete backend solution with minimal effort. Supabase serves as an...
No Display? No Problem: Cross-Device Passkey Authentication for XR Devices
The article introduces a novel method for enabling cross-device passkey authentication specifically designed for XR devices that lack accessible displays. By leveraging a companion app, the authors...
Technical Deep Dive: How we Created a Security-hardened 1-Click Deploy OpenClaw
The article discusses the development of a security-hardened 1-Click Deploy solution for OpenClaw, an open-source AI assistant. It emphasizes the importance of secure communications through TLS, the...
Technical Deep Dive: How we Created a Security-hardened 1-Click Deploy Moltbot
The article outlines the development of a security-hardened 1-Click Deploy solution for OpenClaw, an AI assistant, emphasizing the importance of secure deployment practices. It discusses the...