View the Projects by pagnition

A Blog full of Web Projects

View the Projects by the navigation at the bottom of the Page sorted by Date...


My CV

15-July-2026

This version of my CV shows my technical background for making this Tech Blog and the Web Projects.

I am a Software Developer with passion for AI, Python, Django, FastAPI, Wagtail CMS, C#, .NET, Umbraco CMS, Java, Node.js, JavaScript, TypeScript, React, Vue.js, Angular, Webpack and Vite as well as other programming languages, tools and DevOps

Besides working with IT and Web Development, I have been working in other areas as well

IT Working experience

  • Freelance
  • Web Developer at VM Kontorteknik
  • IT Worker at the Libraries of Slagelse
  • Web Developer at the former Jara IT
  • Web Developer at the former Bank bankTrelleborg

Higher education

  • AI, Machine Learning, Deep Learning and RAG
  • Backend using Python, C#, .NET, Java and Node.js
  • Frontend with JavaScript, TypeScript, React, Vue.js and Angular
  • Databases with MSSQL, MySQL, MariaDB, PostgreSQL and MongoDB
  • Cloud Services like Azure App Service, Vercel, Render, Neon and MongoDB Atlas
  • Developing ASP.NET MVC Web Applications (20486)
  • Portuguese language exam B1/B2
  • AP Graduate in Computer Science
  • Mathematics level C1

Skills of languages

  • Danish as my native language, and I passed an exam with the level equal to C2
  • English exams did I pass at the level equal to B2 written and spoken
  • Portuguese exams passed in Lisbon at the level equal to B1/B2 written and spoken
  • German exam at level equal to B1
  • Swedish and Norwegian without writing skills

Python FastAPI with PostgreSQL JWT Authentication using Refresh Token Rotation and Refresh Token Reuse Detection with HttpOnly Cookies

15-July-2026

A production-ready starter project showcasing secure JWT authentication with Refresh Token Rotation and Refresh Token Reuse Detection using HttpOnly cookies. It includes OpenAPI / Swagger, SQLAlchemy, Alembic, PostgreSQL, and is hosted on Vercel Cloud with Serverless Functions using a GitHub-based CI/CD workflow

The included Vue 3 SPA supports silent authentication, allowing users to stay signed in even after refreshing the browser

Try the OpenAPI demo...

Try the Vue 3 SPA demo...

The project demonstrates how to build a secure REST API with FastAPI and PostgreSQL using modern JWT authentication, HTTPS, and automated database migrations

CI/CD is implemented with VS Code, GitHub, and Vercel Cloud

The Web API on GitHub

The Vue 3 SPA on GitHub

Python FastAPI and Vue Authentication Boilerplate Recommendations and Use Cases

15-July-2026

Python FastAPI and Vue Authentication Boilerplate Recommendations and Use Cases

Over time, I have built several FastAPI + Vue authentication projects, each introducing a different authentication strategy. The right choice depends on the security requirements, application type, and desired user experience.

1. HTTP Basic Authentication

My Project...

Recommended for:

Internal tools, small APIs, admin dashboards, and simple authenticated services.

This is the simplest authentication approach in the series. It is easy to understand and implement, making it suitable for smaller applications where users authenticate directly with a username and password.

Good use cases:

  • Internal company tools
  • Developer or admin dashboards
  • Simple CRUD applications
  • Learning FastAPI authentication dependencies

Not recommended for:

  • Large public-facing applications
  • Modern SPA applications requiring persistent sessions
  • Systems requiring advanced token security

2. JWT Authentication (Access Tokens)

My Project...

Recommended for:

APIs and applications requiring stateless authentication.

This boilerplate introduces JWT-based authentication where users receive an access token after login. The token is then used to access protected API endpoints.

Good use cases:

  • REST APIs
  • Mobile applications
  • Single Page Applications (SPA)
  • Microservice architectures
  • Systems where server-side sessions are not desired

Advantages:

  • Stateless authentication
  • Easy API integration
  • Scales well across multiple services

Limitations:

  • Users need to log in again when tokens expire
  • Token revocation is more difficult

3. JWT Refresh Token Renewal

My Project...

Recommended for:

Single Page Applications and applications requiring longer user sessions.

This version introduces refresh tokens, allowing users to stay logged in after the short-lived access token expires.

Good use cases:

  • Vue, React, and Angular applications
  • User dashboards
  • SaaS applications
  • Applications where user experience is important

Advantages:

  • Better user experience
  • Short-lived access tokens improve security
  • Users do not need frequent logins

Limitations:

  • Refresh tokens must be protected carefully
  • Basic refresh token handling does not detect token theft

4. JWT Refresh Token Rotation

My Project...

Recommended for:

Production applications requiring stronger session security.

Refresh token rotation improves security by replacing the refresh token every time it is used. Each refresh operation creates a new token pair.

Good use cases:

  • SaaS platforms
  • Customer-facing applications
  • Applications handling sensitive user data
  • Long-lived user sessions

Advantages:

  • Reduces the lifetime of stolen refresh tokens
  • Makes token replay more difficult
  • Follows modern authentication practices

Limitations:

  • Requires more backend logic
  • Token management becomes more complex

5. Refresh Token Reuse Detection (Without HTTP-only Cookies)

My Project...

Recommended for:

Advanced authentication systems where refresh token attacks need to be detected.

This version adds detection of revoked refresh token reuse. If an old refresh token is used after rotation, the system can identify suspicious activity.

Good use cases:

  • Security-focused applications
  • Learning advanced authentication concepts
  • Systems requiring visibility into suspicious sessions

Advantages:

  • Detects refresh token replay attempts
  • Improves security monitoring
  • Adds protection against stolen refresh tokens

Limitations:

  • Refresh tokens are still exposed to JavaScript if stored client-side
  • Requires careful client-side handling

6. Refresh Token Reuse Detection with HTTP-only Cookies

My Project...

Recommended for:

Production-grade web applications with high security requirements.

This is the most advanced version in the series. It combines refresh token rotation, reuse detection, and HTTP-only cookies to reduce exposure of sensitive tokens in the browser.

Good use cases:

  • Production SaaS applications
  • Banking and finance systems
  • Enterprise applications
  • Applications handling sensitive user information

Advantages:

  • Refresh tokens are protected from JavaScript access
  • Detects refresh token replay attempts
  • Provides stronger protection against XSS-related token theft
  • Better aligned with modern browser security practices

Considerations:

  • Requires CSRF protection strategies
  • More complex cookie and session management

Suggested Default Choice

  • Learning project: HTTP Basic Authentication or JWT Authentication
  • Small production API: JWT with Refresh Token Renewal
  • Modern SaaS application: Refresh Token Rotation
  • Security-focused production system: Refresh Token Rotation with Reuse Detection and HTTP-only Cookies

The final HTTP-only cookie version is the strongest foundation for most new web applications, while the earlier versions remain valuable as lightweight templates depending on project requirements...

Happy coding :-)


Python FastAPI with PostgreSQL JWT Authentication using Refresh Token Rotation and Refresh Token Reuse Detection

14-July-2026

A production-ready starter project showcasing secure JWT authentication with Refresh Token Rotation and Refresh Token Reuse Detection. It includes OpenAPI / Swagger, SQLAlchemy, Alembic, PostgreSQL, and is hosted on Vercel Cloud with Serverless Functions using a GitHub-based CI/CD workflow

The included Vue 3 SPA does not support silent authentication, and the users will also be logged out if refreshing the browser

Try the demo by OpenAPI...

Try the demo by Vue 3 SPA...

The project demonstrates how to build a secure REST API with FastAPI and PostgreSQL using modern JWT authentication, HTTPS, and automated database migrations

CI/CD is implemented with VS Code, GitHub, and Vercel Cloud

The Web API at GitHub

The Vue SPA at GitHub

Python FastAPI with PostgreSQL JWT Authentication using Refresh Token Rotation

14-July-2026

A production-ready starter project showcasing secure JWT authentication with Refresh Token Rotation. It includes OpenAPI / Swagger, SQLAlchemy, Alembic, PostgreSQL, and is hosted on Vercel Cloud with Serverless Functions using a GitHub-based CI/CD workflow

The included Vue 3 SPA does not support silent authentication, and the users will also be logged out if refreshing the browser

Try the demo by OpenAPI...

Try the demo by Vue 3 SPA...

The project demonstrates how to build a secure REST API with FastAPI and PostgreSQL using modern JWT authentication, HTTPS, and automated database migrations

CI/CD is implemented with VS Code, GitHub, and Vercel Cloud

The Web API at GitHub

The Vue SPA at GitHub




A Blog made with Gatsby React and GraphQL