Pilcrow

I started a new auth project again

I've started a new auth project at auth.pilcrowonpaper.com. It's my own personal collection of guides, recommendations, and examples for implementing auth in web applications. Like all my other projects, it's completely free with zero ads.

I enjoy designing and building libraries a lot but at this point I'm out of (good) ideas. I haven't come up with anything that I genuinely need and would personally use. On the other hand, a resource that goes into detail about auth and its implementation is something I've wanted for a long time and would've found incredibly helpful when I was starting out.

The base domain hosts my personal auth book. Right now, it covers a variety of individual topics. In the future, I plan to add more concrete implementation guides that walk through how I combine those components into a single system. I think both are equally valuable. Understanding the specifications and avoiding common pitfalls is obviously challenging, but a big part of building your own auth is understanding how the individual pieces interact with one another. Unfortunately, there isn't a single answer to that second part. My hope is that I can provide some useful insight into that process.

I also have 2 fully-featured, open-source examples written in Go. One is the basic example at basic-example.auth.pilcrowonpaper.com which implemenets email address and password authentication. The other one is the passwordless example at passwordless-example.auth.pilcrowonpaper.com which implements email code sign-in and passkeys.

I've also created a Discord server as a place to just chat about auth, security, and the web in general. It's not tied to a particular library, framework, or language.

While most of my past projects had cute names like Lucia or Arctic, I've opted for a boring subdomain under my personal domain this time. I’d like to think this will keep the project from becoming its own thing and give me more flexibility with its content and direction. I want it to reflect my personal thoughts and preferences rather than trying to be authoritative or objective.

Finally, the auth book replaces the Copenhagen Book completely. It'll still be available but it will no longer be updated and I have archived the repository. Thank you to everyone who has read and contributed to the book. I hope the new book is a better replacement, even in its current state.