Hasty Treat - Authentication: LocalStorage vs Cookies vs Sessions vs Tokens

enSeptember 18, 2024

822: Receipt Printer with JavaScript

Wes unveils his Hack-Week project —a thermal printer controlled by JavaScript that prints out Sentry.io errors in real-time. Scott and Wes dive into the nitty-gritty of how it works, from the ESC/POS protocol to tackling socket issues, and whether the project was worth the effort.

Show Notes

00:00 Welcome to Syntax!
00:38 Brought to you by Sentry.io.
01:10 What is Hack Week?
01:41 The project.
- Follow the posts on X.
02:40 Why a receipt printer?
03:55 How do these printers work?
- ESC/POS.
05:20 Communicating with the printer.
07:24 ESC/POS Encoder.
ESC/POS Encoder.
08:42 Socket issues.
09:56 Using Transformers.js to stop ‘toxic comments’.
- Xenova’s toxic-bert.
- Implementation in Wes’ code.
10:48 Back to socket issues.
12:18 Integrating with Sentry.
15:01 Printing images with Playwright.
16:17 Was it worth it?

Hit us up on Socials!

enSeptember 16, 2024

821: Is Tauri the Electron Killer?

In this episode of Syntax, Wes and Scott talk with Daniel Thompson-Yvetot about Tauri. They dive into what Tauri is, the motivations behind its development, its open-source ecosystem, use cases, and more.

Show Notes

00:00 Welcome to Syntax!
02:01 What is Tauri?
02:59 What’s new in Tauri 2.0?
06:41 The benefits of Tauri over Electron
11:28 Can you use Node?
14:21 Mac, Linux, and Windows
- Verso
- Servo
25:05 How does Tauri make money?
- CrabNebula
30:05 Brought to you by Sentry.io
30:30 Accessing Swift from JavaScript
31:44 What’s the hardest part of a project like this?
- Haptics Plugin
37:00 Some of the apps that have shipped with Tauri
43:18 The future of Tauri
50:23 Sick Picks & Shameless Plugs

Sick Picks

Daniel: 5secondfilms

Shameless Plugs

Guest: Manufacturing European Software (Coming Soon)

Hit us up on Socials!

enSeptember 13, 2024

820: Potluck: 8000 ESLint Errors × HTML Time Tag × 7 Meg React Bundle × CSS Modules

In this Potluck episode of Syntax, Scott and Wes answer your questions, from weighing the trade-offs between numerous small npm packages and a few larger ones to managing the challenges of work-from-home life. They also explore CSS modules, strategies for shrinking JavaScript bundles, and even where to find the best replacement ear cups for your headphones.

Show Notes

00:00 Welcome to Syntax!
00:38 Commentating basketball.
01:16 Brought to you by Sentry.io.
02:09 The video podcast doesn’t translate well to audio.
04:08 Many small npm packages vs a few large.
09:55 Developers dealing with WFH, ADHD, and kids.
15:59 CSS modules for scoping styles to components.
20:55 Scoped CSS in React?
23:21 Reducing JS bundle sizes.
- Bundle Phobia.
- Javascript Bundle Analysis [Beta].
29:44 Balancing learning, doing, and teaching.
33:04 Making maps local first.
36:20 How to pronounce ‘schema’.
- Wes Bos Tweet.
37:09 HTML tag.
40:11 Where to get replacement ear cups for headphones?
- wickedcussions.
- Scott’s Audeze Headphones.
42:21 ESLint and hiding errors.
48:48 Sick Picks & Shameless Plugs.

Sick Picks

Scott: Allen Wrench Set.
Wes: Clarkson’s Farm – Amazon Prime.

Shameless Plugs

Wes: Syntax.fm, YouTube

Hit us up on Socials!

enSeptember 11, 2024

819: Fun & Profitable Side Projects for Developers

Scott and Wes serve up a hasty discussion on side projects, sharing their latest Hack Week experiments and tips on how to turn fun ideas into profitable ventures. They cover everything from finding inspiration to choosing the right tech, and even offer advice on how to finish what you start.

Show Notes

00:00 Welcome to Syntax!
01:11 Brought to you by Sentry.io.
01:27 Wes’ Hack Week project.
02:30 Scott’s Hack Week project.
04:18 Where do you get ideas for side projects?
09:22 End goals for a side project.
14:47 Other end goals.
16:45 What tech should you use?
- drop-in.
20:34 Keeping notes.
23:14 Finishing side projects.
26:39 Shameless Plugisode!

Hit us up on Socials!

enSeptember 09, 2024

818: CJ × Hosting Meetups - Lunch and Learn

In this episode of Syntax, Wes and Scott talk with CJ Reynolds about the resurgence of meetups in a post-COVID world. They discuss the benefits of attending and speaking at meetups, and the logistics of organizing them. CJ also shares his experiences running the DenverScript meetup, including sourcing speakers, finding venues, and ensuring a welcoming community.

Show Notes

00:00 Welcome to Syntax!
01:35 Brought to you by Sentry.io
01:49 CJ’s history hosting meetups
- DenverScript
- Code Talent
06:35 How do you structure a meetup?
09:50 How do you raise awareness for a meetup and get people to attend?
- Meetup.com
- Guild
13:27 How to pay for a meetup
15:22 How to get speakers at meetups
16:50 The length of these talks
17:03 Does live-streaming hurt attendance?
- Syntax 806 - The King of Drag and Drop: Alex Reardon
19:32 Is there a vetting process for finding speakers?
- Syntax 019 - How to Get Into Speaking at Conferences
24:26 A meetup doesn’t have to be talks
- Develop Happy Hour
27:48 What’s the worst part about hosting a meetup?
29:37 What was your first meetup like?
33:27 What’s the best meetup you’ve been to and why?
37:10 How to be a good attendee
40:45 Are meetups back?
44:00 Tips for organizing a great meetup
45:29 How to find a meetup
47:37 Sick Picks & Shameless Plugs

Sick Picks

CJ: Fillo’s Walking Tamales

Shameless Plugs

CJ:
- DenverScript
- You Should Use Hono in your Next Project

Hit us up on Socials!

enSeptember 06, 2024

817: You Need These 30 Apps - PART 1

Scott and Wes kick off part 1 of a 2-part series, breaking down 30 must-have apps for web developers and productivity enthusiasts. From file management tools to media utilities, they cover everything you need to supercharge your workflow.

Show Notes

00:00 Welcome to Syntax!
01:03 Brought to you by Sentry.io.
01:27 File management applications.
- 01:43 DaisyDisk.
- 04:19 Marta.
- 07:50 EasyFind.
- 10:16 Czkawka.
- 12:53 Backblaze.
- 14:40 Hazel.
- 17:42 AutoMounter.
18:43 Media applications.
- 18:52 Automator HIEC to JPG.
- 20:04 Rant on QuickView.
- 20:32 DVD idea.
- 22:06 IINA.
- 24:07 Capture One.
- 25:02 YouTube Enhance.
- 27:16 HandBrake.
- 28:05 MakeMKV.
- 30:33 Overkill for Mac.
- 33:42 Search by Image.
- 37:09 eqMac.
37:37 Utility applications.
- 37:52 Stats & iStat Menu.
40:19 Alternatives to popular Mac applications.
- 40:23 Ice.
- 41:03 PearCleaner.
- 43:08 Numi.
- 44:17 Bottom (btm).
- 44:53 Sip Color Picker.
50:25 Sick Picks & Shameless Plugs.

Sick Picks

Scott: Wilde Chips
Wes: Apple TV+: The Big Conn

Shameless Plugs

Scott: Syntax on YouTube

Hit us up on Socials!

enSeptember 04, 2024

816: Why Your CSS Sucks

Scott and Wes break down why your CSS might suck—from misusing specificity to not leveraging CSS variables. Tune in as they dive into common pitfalls that are making your stylesheets a hot mess.

Show Notes

00:00 Welcome to Syntax!
00:33 Breakdancing in the Olympics.
05:29 Brought to you by Sentry.io.
05:44 Why your CSS sucks.
07:01 You’re styling the wrong element.
11:01 Nesting too deep.
12:37 You don’t understand specificity.
14:56 Your classes don’t use a system.
16:24 You’re using values instead of CSS vars.
20:16 You don’t understand block vs inline vs inline-block.
- CSS Logical Properties
21:16 You aren’t using the right tool for the job.
- CSS Flexbox, CSS Grid.
24:15 You’re setting the value in too many places.
24:31 You’re scoping to tightly or not tightly enough.

Hit us up on Socials!

enSeptember 02, 2024

815: Deno 2 with Ryan Dahl

In this episode of Syntax, Wes and Scott talk with Ryan Dahl about Deno 2.0, its new features and use of web standards, and how it seamlessly integrates with popular frameworks like Next.js. Ryan shares insights on the motivations behind Deno’s creation, its emphasis on simplicity and security, and offers his take on the evolving JavaScript ecosystem.

Show Notes

00:00 Welcome to Syntax!
00:34 What is Deno?
05:08 Deno 2.0
07:49 NPM compatibility
09:40 What parts of Node aren’t doable in Deno?
11:22 Do we need a hard break from Require?
13:51 Package management
16:25 Security and performance benefits of Deno
20:57 Brought to you by Sentry.io
20:57 Thoughts on Bun and Node additions
26:25 Ryan’s favorite Deno projects
28:42 Will we ever see a unified file system API?
31:49 Typescript
36:12 Jupyter Notebooks with Deno
- Polars
39:11 AI and WASM in JavaScript
42:01 Deno 2.0 features and future
43:08 Sick Picks & Shameless Plugs

Sick Picks

Ryan: McCarren Park

Shameless Plugs

Ryan: https://deno.com/enterprise

Hit us up on Socials!

enAugust 30, 2024

Related Episodes

How To Build Your Own Auth

In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works!

Prismic - Sponsor

Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax.

LogRocket - Sponsor

LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax.

Hasura - Sponsor

With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn.

Show Notes

01:51 - Overview

Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table.
Accounts.js

05:13 - JWT

Base 64 encoded (not encrypted) token that contains data. We have both accessTokens and refreshTokens.
JWT has three parts:
- Header
  - What kind of algo was used
- Payload
  - Data about the user
  - Email
  - Username
  - UserID
  - refreshToken, authToken, sessionId
- Signature
  - This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it.
accessToken
- A short lived JWT that contains the sessionToken, userId and expires after 90min.
refreshToken
- A long lived JWT that contains just the sessionToken and doesn’t expire.
JWT can be decoded and read, but you have to encode them with your secret.
JWT can be stored anywhere, there are two main places:

20:26 - Cookies

We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated.
Because these are httpOnly cookies, they cannot be accessed by JavaScript in the client and can only be set and removed on the server.
Note: Safari has stricter rules than others for same domain cookies (e.g. localhost won’t work).

34:26 - Sessions

Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user’s connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session.
Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false.
Sessions also have sessionToken which are generated on authentication or create account.

38:10 - CORS

Cross-origin-resource-sharing
Can be super tricky to get working cross-domain
You usually have to actually visit the website for the cookie to be set, even with lax cors

46:06 - CSRF

48:47 - Authentication process

bcrypt.js

52:13 - Helper Packages

NextAuth.js is super easy
Passport.js
auth0

××× SIIIIICK ××× PIIIICKS ×××

Scott: reMarkable 2
Wes: Opration Odessa

Shameless Plugs

Scott: Node Fundamentals Authentication - Sign up for the year and save 25%!
Wes: Advanced React - Use the coupon code ‘Syntax’ for $10 off!

Tweet us your tasty treats!

Scott’s Instagram
LevelUpTutorials Instagram
Wes’ Instagram
Wes’ Twitter
Wes’ Facebook
Scott’s Twitter
Make sure to include @SyntaxFM in your tweets

The Polyglot Developer Podcast

enMarch 17, 2021

TPDP015: Authorizing Access with OAuth

In this episode I am joined by Ryan Chenkie, Developer Advocate at the internet safety company, Auth0. Ryan and I discuss OAuth and how it can be used for authorizing third-party access to your data. If you've been keeping up, you'll remember that I wrote the very popular ng-cordova-oauth and ng2-cordova-oauth libraries for Ionic Framework that allowed mobile applications to work with OAuth providers like Google and Facebook. There are a lot of common questions around the protocol such as storing tokens, refreshing tokens, and implementing OAuth logic within code. The goal in this episode is to clear up the common questions and give everyone a better understanding on how OAuth works as well as the best practicies. A writeup to this episode can be found via https://www.thepolyglotdeveloper.com/2017/08/tpdp-e15-authorizing-access-oauth/

en-usAugust 02, 2017

Supper Club × Open Table LIVE SHOW

In this supper club episode of Syntax, Wes and Scott recorded a live open table episode with guests calling in to talk about Wasm, building Riverside.fm, home networking, getting a job at Microsoft, Svelte and Sveltekit, htmx, and more!

Auth0 - Sponsor

Auth0 is the easiest way for developers to add authentication and secure their applications. They provides features like user management, multi-factor authentication, and you can even enable users to login with device biometrics with something like their fingerprint. Not to mention, Auth0 has SDKs for your favorite frameworks like React, Next.js, and Node/Express. Make sure to sign up for a free account and give Auth0 a try with the link below. https://a0.to/syntax

Appwrite - Sponsor

Appwrite is a self-hosted backend-as-a-service platform that provides developers with all the core APIs required to build any application. Get free cloud credits by signing up for early access to the Appwrite Cloud launch!

Show Notes

00:30 Welcome
01:49 Safari aspect ratio bug
04:17 Thoughts on Vercel announcements?
NextJS Conf
10:07 Gideon Riverside CTO
Riverside.fm Careers
14:44 Do JS devs need to branch out?
16:52 Wasm
Web Assembly (WASM)
Rustlings
19:46 Sponsor: Auth0
21:03 Which company will Vercel aquire next?
Guillermo Rauch
Akamai Acquires Linode
27:12 Svelte Kit and Vercel
30:20 Why don’t you terminate your own ethernet cables?
30:58 How does Fly.io compare to Vercel?
Fly.io
31:36 Did Wes learn Vue?
32:10 Brad jumping on the Remix train
Remix
34:18 Layout shift caused by images in Markdown
38:30 Maintaining home networking
Ubiquiti
44:44 Taking a course lead to a job with Microsoft
Soumya’s YouTube - Geekysrm / website / Twitter
47:38 Sponsor: Appwrite
48:39 Are you still using your Synology NAS?
Synology
53:53 Is Svelte ready for smaller team projects?
Svelte Kit
Wyze
56:03 HTMX
htmx
Alpine.js
01:49 Docker Wasm preview
Introducing the Docker+Wasm Technical Preview
WebAssembly System Interface

Tweet us your tasty treats

Scott’s Instagram
LevelUpTutorials Instagram
Wes’ Instagram
Wes’ Twitter
Wes’ Facebook
Scott’s Twitter
Make sure to include @SyntaxFM in your tweets