pilcrow

Hi! I'm a university student in Japan interested in application security.

I maintain various open source libraries in the JavaScript ecosystem, mostly around authentication and cryptography. I really enjoy building stuff from scratch and re-inventing the wheel, learning all the little details along the way. I also really enjoy designing library APIs

Aside from programming, my hobbies include cooking, drawing, and playing games.

You can find me on Twitter, GitHub, and BlueSky. You can also email me at [email protected].

Projects

Lucia : A learning resource on implementing auth with JavaScript. Former auth library.
Oslo : A collection of auth-related packages written in pure JavaScript, including WebAuthn, ASN.1, CBOR, hashing, ECDSA, HMAC, RSA, HOTP/TOTP, and base16/32/64.
The Copenhagen Book : A guideline on implementing auth in web applications.
Arctic : OAuth 2.0 and OIDC clients for JavaScript with 50+ providers.
Faroe : A self-hosted modular authentication backed.
Malta : Generate simple and clean documentation with markdown.

Go is by far my favorite language so I've been trying to use it more often. In the future, I'd like to explore infrastructure, low-level languages like Zig and Rust, and network protocols.

Blog

How I would do auth

July 14, 2024

Please stop using middleware to protect your routes

March 31, 2024

Investigating a major security vulnerability with Clerk's Next.js integration

January 26, 2024

Generating random values in TypeScript

January 3, 2024

A beginner's guide to OAuth 2.0

November 13, 2023

The never-ending discussion of cookies vs. local storage

November 12, 2023

Next.js, just why?

September 9, 2023

A look into "GDPR compliant" analytics

May 9, 2023