🍔🧠 How Grab Built An Authentication System for 180+ Million Users

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }
Today’s issue of Hungry Minds is brought to you by:Happy Monday! ☀️Welcome to the 132 new hungry minds who have joined us since last Monday!If you aren’t subscribed yet, join smart, curious, and hungry folks by subscribing here.This week I also include a special recommendation newsletter if you want to learn system design with visuals 👇️ 📚 Software Engineering ArticlesCLI agents that finally workDiscover the differences between forward and reverse proxiesLearn 9 battle-tested practices to secure your APIsSee how Rails team cut CI time in halfMaster modern browser architecture for better web developmentExplore why deleting tests can improve your codebase🗞️ Tech and AI TrendsMistral secures €1.7B funding to challenge OpenAIEU declares nuclear power as clean energySamsung leaks trifold phone design in animation👨🏻‍💻 Coding TipUse Go’s errgroup for concurrent error handling and graceful shutdownsTime-to-digest: 5 minutesBig thanks to our partners for keeping this newsletter free.If you have a second, clicking the ad below helps us a ton—and who knows, you might find something you love. 💚Meet Auggie CLIAuggie CLI brings the power of Augment Code’s AI coding agent right to your terminal. From standalone terminal sessions to every piece of your dev stack, with Auggie CLI, you can:Build features and debug issues. Get instant feedback suggestions for your PRs and builds. Triage customer issues and alerts from your observability stack. Try Auggie today How Grab built an authentication system for 180+ million users 🔒Grab, Southeast Asia’s super app serving 800+ cities, needed to unify authentication across its vast ecosystem of services. Their journey from fragmented auth systems to a scalable, standardized solution shows how to tackle identity management at massive scale.The challenge: Build a unified authentication system that works seamlessly across internal apps and third-party services while maintaining security and scalability for 180M+ users.Implementation highlights:Adopted OpenID Connect (OIDC) as the standard protocol over SAML and basic OAuth2.0Leveraged Dex as a federated OIDC provider to bridge multiple identity systemsImplemented token exchange for secure service-to-service communication without service accountsBuilt multi-IdP failover to ensure high availability during provider outagesIntegrated with existing R2PM (Role-to-Permission Matrix) for granular access controlResults and learnings:Unified experience: Single sign-on across all internal and external applicationsEnhanced security: Standardized tokens and reduced attack surface through scoped accessImproved scalability: Cloud-native architecture supporting millions of authentication requestsThis case study demonstrates how standardizing on modern protocols and leveraging open-source solutions can solve complex authentication challenges. Remember: good auth is like a bouncer at a club – strict enough to keep trouble out, but smooth enough that legitimate guests don’t notice it’s there! Forward Proxy vs Reverse Proxy (4 Minutes) | Core Ideas, Benefits, Trade-offs, Where and When to Use Each 9 Best Practices for API Security ⚔️ #87: Break Into API Security (7 Minutes) How DNS Actually Works When you type a website address into your browser, something almost magical happens. Career Longevity Beats Constant Job Hopping Frequent job switches can be great for short-term financial gains. I believed that early in my career as well, but here’s what I’ve learnt over the years. The Secret Sauce of Amazon’s Execution It’s not a tool or a process. It’s a specific mindset about agency that changes everything. How modern browsers work A web developers guide to browser internals LLM Evaluation: Practical Tips at Booking.com Lessons learned from 1 year of Judge-LLM Development ARTICLE (queue-taming wizardry)How I solved a distributed queue problem after 15 yearsARTICLE (vectors vs. wallets)Will amazon S3 vectors kill vector databases—or save them?ARTICLE (tree-hugging data nerds)Fenwick layout for interval treesESSENTIAL (Linus vs. trash code)How to Write “Garbage Code”ARTICLE (debug like a detective)Python Debugging Tricks Every Developer Must KnowARTICLE (test deletion therapy)You Should Delete TestsGITHUB REPO (sorting sorcery)The Unreasonable Effectiveness Of Modern Sort AlgorithmsARTICLE (Rails goes zoom)The Whop chop: how we cut a Rails test suite and CI time in halfARTICLE (PNGs go bye-bye)Stop Shipping PNGs In Your GamesARTICLE (CSS rainbow magic)Color Shifting in CSSARTICLE (database glow-up)An Interactive Guide to TanStack DBARTICLE (React on steroids)React Fast Refresh: Next-Gen Hot Reloading ExplainedWant to reach 190,000+ engineers? Let’s work together! Whether it’s your product, service, or event, we’d love to help you connect with this awesome community. WORK WITH US 👁️ Elon Musk Claims Neuralink Could Restore Partial Vision to the Blind by 2026 (2 min)Brief: Neuralink’s “Blindsight” BCI could enable partial vision restoration for the blind by 2026, targeting the visual cortex to bypass damaged eyes, per Elon Musk’s latest X update.🤖 Google AI Mode Set to Become Default Search Experience “Soon” (3 min)Brief: Google’s AI Mode, offering multimodal searches and AI-powered answers, may soon replace the traditional search interface, signaling a major shift for SEO strategies.📱 Samsung’s Galaxy Trifold Leaked Animation Sparks Speculation (2 min)Brief: A leaked animation of Samsung’s rumored Galaxy Trifold device fuels speculation about its foldable screen design and potential multitasking features.🤯 ‘Near Telepathic’ Wearable Converts Silent Speech Into Commands (3 min)Brief: Boston startup AlterEgo unveils a non-invasive wearable that interprets neuromuscular signals from jaw and throat movements, enabling silent communication with devices via AI-powered subvocal speech recognition.⚡ EU Court Officially Declares Nuclear Energy “Clean,” Green Groups Divided (3 min)Brief: The EU Court of Justice dismisses Austria’s lawsuit, cementing nuclear power’s role in the EU green finance taxonomy, as critics like Greenpeace vow to continue opposing the science-backed ruling.This week’s coding challenge: Build Your Own Interpreter Real-world proficiency projects designed for experienced engineers. Develop software craftsmanship by recreating popular devtools from scratch. This week’s tip:Use Go’s errgroup package to manage concurrent error handling and graceful shutdowns in distributed systems. This pattern combines goroutine lifecycle management with clean error propagation and context cancellation.Wen?Batch processing: Managing multiple concurrent API calls or data transformations while handling errors uniformly.Service shutdown: Coordinating graceful shutdown of multiple subsystems with proper cleanup.Fan-out operations: Distributing work across multiple goroutines while maintaining error control and cancellation propagation.”If you look at what you have in life, you’ll always have more. If you look at what you don’t have in life, you’ll never have enough.”Oprah WinfreyThat’s it for today! ☀️Enjoyed this issue? Send it to your friends here to sign up, or share it on Twitter!If you want to submit a section to the newsletter or tell us what you think about today’s issue, reply to this email or DM me on Twitter! 🐦Thanks for spending part of your Monday morning with Hungry Minds.See you in a week — Alex.Icons by Icons8.*I may earn a commission if you get a subscription through the links marked with “aff.” (at no extra cost to you).Powered by beehiiv