Authentication remains a complicated yet critical aspect of application security. In this talk, I'll demystify the core concepts, diving into access tokens, refresh tokens, and browser security mechanisms like WebAuthn for hardware-based authentication. Additionally, I'll explore techniques such as session handling, revocation strategies, silent authentication for improved security UX, and the usage scopes for controlling access granularity.

Finally, I'll delve into JSON Web Tokens (JWTs), the use of EdDSA signatures for enhanced security and performance, as well as the common pitfalls that seasoned pro and newcomer alike struggle with when it comes to auth. By the conclusion, you'll be equipped with some additional knowledge to navigate the complexities of auth and build secure, user-friendly systems.