Auth Academy

Welcome to the Authress Auth Academy.

Here is a catalog of articles ranging from introductory to advanced in the areas of Authentication and Authorization. You'll be able to learn everything there is to know about Auth through these easy to follow articles in the Authress Academy.

If you are looking for implementing Authress instead, check out the Document Knowledge Base.

📄️ What is Authentication?

Learn how to securely implement Authentication and user Login. Here we'll review what auth means, how to use JWTs, and why we need them.

📄️ Choosing the best access control strategy

A comparison of different access control strategies such as role-based access control (RBAC) and others.

📄️ Securing your secrets: Credential management

Keeping credentials secure can be a nightmare. Here, we'll explore the different ways to keep your sensitive credentials and private keys secure.

📄️ How does machine to machine authentication work?

Machine to machine auth is how you ensure secure communication between individual services, and each service can authorize others to access protected resources.

📄️ Denylists and Invaliding user access

Learn how to securely log a user out, revoke or invalidate the current access, and support denylists in your application for OAuth JWTs

📄️ Scoping and Attenuating Tokens

What is permission attenuation and how to deal with potentially untrusted environments.

📄️ The risks of user impersonation

User impersonation and logging in as a customer can be used as a tool to help identify many issues from user authentication and onboarding to corrupted data in complex multi-service execution paths.