Glossary Term Authentication & APIs

OAuth

A standard way to let users sign in with another service, or let one app access another service on a user’s behalf, without handing over the user’s password.

#security #auth

When this matters

OAuth shows up when you want one-click login, or when your app needs permission to read a user’s Google Calendar, GitHub repos, or Slack workspace. It matters because the setup is easy to underestimate and usually involves callback URLs, scopes, and redirect handling.

Small example

A typical OAuth flow sends the user to a provider, then the provider redirects back to your app with a temporary code your server exchanges for tokens.

1. User clicks "Continue with GitHub"
2. GitHub asks for permission
3. GitHub redirects to /auth/callback?code=...
4. Your server exchanges the code for tokens
5. Your app creates a signed-in session

Common mistake or lookout

Mixing up authentication and authorization. OAuth can help you prove identity, request permissions, or both depending on the setup, but it is not just a fancy password box and it needs the correct provider config in every environment.

Why this matters for vibe coders

For vibe coders, OAuth is often the first place where “the AI built it” collides with real production constraints. One wrong callback URL or mismatched environment value and your login flow turns into an infinite redirect carnival.

Where this shows up on the site

Job guide

Add Authentication

You need logins, sessions, and account recovery without accidentally turning your weekend into a security incident.

Tool review

Auth.js

Open-source authentication toolkit formerly known as NextAuth.js, now maintained under the Better Auth umbrella. Worth considering when you want more direct control over auth wiring and are comfortable owning the implementation details.

Tool review

Clerk

Hosted authentication and user management for modern web apps. The polished default when you want sign-in, account management, organizations, and session handling to feel real quickly.

Blog post

Supabase, Mattsplained

Read the full post.

Related tool or page

collection

Add Authentication

Compare the easiest ways to add login without building the whole auth stack from scratch.

Related glossary terms

JWT

Stands for "JSON Web Tokens", a signed token proving your identity that servers can verify.

Shared tags: security, auth

API key

API keys are app-to-app credentials. They tell a service which project is making the request, but they are not the same thing as user login.

Shared tags: security

CORS

Rules that control which websites can talk to your server.

Shared tags: security