https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 15 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive.en The password era is genuinely ending. iOS 18 Passwords app, Android 15 Credential Manager, WebAuthn Level 3 Conditional UI, and Hybrid transport (caBLE then CTAP 2.2) accumulated between 2024 and 2026 so that ordinary users now encounter passkey logins. Meanwhile the auth SaaS market exploded with Auth0/Okta, Clerk, Stytch, SuperTokens, Logto, Hanko, and Passage, each targeting different niches. This post maps the standard stack, platform UX, auth SaaS, Korean and Japanese operators, and the gradual migration strategy in one go. Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) passkeywebauthnfido2passwordlessauth0clerkstytchlogtosupertokenshankopassageauthentication2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive.ja パスワード時代の終わりが本当に始まっている。iOS 18 の Passwords アプリ、Android 15 の Credential Manager、WebAuthn Level 3 の Conditional UI、Hybrid transport(caBLE → CTAP 2.2)まで、2024-2026 年の積み重ねで一般ユーザーもパスキーログインに出会うようになった。一方で認証 SaaS 市場は Auth0/Okta・Clerk・Stytch・SuperTokens・Logto・Hanko・Passage と爆発し、それぞれ別の場所を狙っている。本記事は標準スタック・プラットフォーム UX・認証 SaaS・韓国/日本の事業者状況・段階的移行戦略までを一度に整理する。 Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) passkeywebauthnfido2passwordlessauth0clerkstytchlogtosupertokenshankopassageauthentication2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive https://www.youngju.dev/blog/culture/2026-05-15-passkeys-webauthn-2026-fido2-clerk-stytch-logto-supertokens-hanko-deep-dive 비밀번호 시대가 진짜로 끝나가고 있다. iOS 18의 Passwords 앱, Android 15의 Credential Manager, WebAuthn Level 3의 Conditional UI, Hybrid transport(caBLE → CTAP 2.2)까지 2024-2026 사이의 변화가 누적돼서 이제 일반 사용자도 패스키 로그인을 만난다. 한편 인증 SaaS 시장은 Auth0/Okta·Clerk·Stytch·SuperTokens·Logto·Hanko·Passage로 폭증했고, 각자 다른 곳을 노린다. 이 글은 표준 스택·플랫폼 UX·인증 SaaS·한국/일본 사업자 현황·점진적 마이그레이션 전략까지 한 번에 정리한다. Fri, 15 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) passkeywebauthnfido2passwordlessauth0clerkstytchlogtosupertokenshankopassageauthentication2026deep-dive https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive.en In 2026 the build-vs-buy line for web app auth is sharper than ever. From libraries like Auth.js v5, Lucia v3, and better-auth to managed SaaS like Clerk, Stytch, WorkOS, Kinde, SuperTokens, and Frontegg — this deep dive covers OAuth flows, passkeys, magic links, OTP, TOTP, sessions vs JWT, B2B SSO/SCIM, OWASP A07, and Korean (NAVER/Kakao) / Japanese (LINE/Yahoo!JP) local ID providers. Which team should pick what, with migration scenarios and 30+ real references. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) englishauth-librariesauth-jsluciabetter-authclerkstytchworkoskindesupertokensfronteggoauthpasskeyswebauthn2026deep-dive https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive.ja 2026年、ウェブアプリ認証における「作るか、買うか」の境界はかつてないほど鮮明になった。Auth.js v5、Lucia v3、better-auth といったライブラリから、Clerk、Stytch、WorkOS、Kinde、SuperTokens、Frontegg のようなマネージド SaaS まで — OAuth フロー、パスキー、マジックリンク、OTP、TOTP、セッション vs JWT、B2B SSO/SCIM、OWASP A07、韓国(NAVER/Kakao) と日本(LINE/Yahoo!JP) のローカル ID プロバイダまで、まとめて整理する。どのチームに何を選ぶべきか、移行シナリオと 30+ の本物のリファレンスとともに語る。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) 日本語auth-librariesauth-jsluciabetter-authclerkstytchworkoskindesupertokensfronteggoauthpasskeyswebauthn2026deep-dive https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-api-web-auth-libraries-2026-authjs-v5-lucia-better-auth-clerk-stytch-workos-kinde-supertokens-frontegg-deep-dive 2026년 웹앱 인증은 "직접 만든다 vs 산다"의 갈림길이 더 선명해졌다. Auth.js v5, Lucia v3, better-auth 같은 라이브러리부터 Clerk, Stytch, WorkOS, Kinde, SuperTokens, Frontegg 같은 매니지드 SaaS까지 — OAuth 흐름, 패스키, 매직 링크, OTP, TOTP, 세션 vs JWT, B2B SSO/SCIM, OWASP A07, 한국(NAVER·Kakao) / 일본(LINE·Yahoo!JP) 로컬 ID 제공자까지 한 번에 정리한다. 어떤 팀이 무엇을 골라야 할지, 실전 마이그레이션과 함정까지 30+ 출처와 함께 풀어낸다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) auth-librariesauth-jsluciabetter-authclerkstytchworkoskindesupertokensfronteggoauthpasskeyswebauthn2026deep-dive