{
  "title": "Auth \u2014 Sessions, JWTs, OAuth2 and Why It's All So Hard",
  "description": "Emma and Ryan go deep on the full authentication and authorization stack: authn vs authz, sessions vs JWTs and the statefulness tradeoff, OAuth2 flows including Authorization Code with PKCE, OpenID Connect, refresh token rotation, password hashing with bcrypt and Argon2, TOTP internals, WebAuthn passkeys, common attacks like CSRF and session fixation, and when to roll your own auth vs. reach for Auth0, Cognito or Clerk.",
  "topic": "authentication authorization JWT OAuth2",
  "date": "2026-03-06",
  "episode_num": 8,
  "duration": "00:28:13",
  "size_bytes": 14796845
}