How the SAL claim handshake binds humans to agents without key custody
One of the easiest mistakes in agent identity design is to collapse ownership and key custody into the same thing. If a human owns an agent, it can fe…
AI & ML
⚑ Report a ProblemLatest AI & ML news from Tech News
All topics
AI
News
Tech
agents
ai
api
architecture
automation
aws
beginners
career
claude
database
devchallenge
devops
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
react
security
showdev
tutorial
typescript
webdev
Test Clerk auth lifecycle flows without production users
Most auth bugs do not come from the login button. They show up after login: a user is created in Clerk but not in your app database a session expires …
How to Send Auth Codes via WhatsApp in Your App With Kinde
Your users are in San Francisco, Jakarta, São Paulo, and Sydney. They have WhatsApp open all day. They check it before they check their SMS inbox. Whe…
Why SMS Auth Is Quietly Failing Your Users (And How to Fix It With WhatsApp)
Here is something most developers shipping SMS OTP in 2026 do not want to sit with: the channel they are trusting to verify their users is failing rou…
Authorization at Scale: Access Levels, Roles, and Compact Decisions
Authentication answers "who are you?" Authorization answers the harder question: "are you allowed to do this?" By the time a request reaches this stag…
Multi-tenant auth and routing in Kubernetes
In the first four chapters of this series I've talked about what the Auth Gateway decides. This chapter is about who it decides for. We run a multi-te…
Endpoint classification: OPEN, AUTHENTICATED, ACCESS_CONTROLLED
In Chapter 3 the controller branched on something called the "endpoint type": switch endpointType ( perms ) { case "OPEN" : ... case "AUTHENTICATED" :…
Inside the Auth Service: From Token Validator to Policy Decision Point
Most auth services start simple — verify the token, return 200 or 401. Then requirements accumulate. Tenant isolation. Service accounts. Token revocat…
Why we built an Auth Gateway instead of putting auth in every service
If you've been on a platform team long enough, you've probably watched this slow-motion failure: You ship an auth library. Three services adopt it. Si…
NGINX auth_request: the small primitive that changed everything
In Chapter 1 I claimed our entire Auth Gateway is built on top of one NGINX directive: auth_request . This chapter is a deep dive into how that direct…