All articles

Authentication

(3 articles)
Clerk `auth().userId` Returns Truthy for Unauthenticated Users — Sometimes
ClerkAuthenticationNext.js

June 4, 2026 · VibeWShield Team

Clerk `auth().userId` Returns Truthy for Unauthenticated Users — Sometimes

Clerk's App Router helpers return a userId that looks truthy even when the caller isn't authenticated. Here's the trap and the right guard.

Read article
Convex Auth: 5 Mistakes AI Tools Keep Making in Your Queries
ConvexAuthenticationVibe-Coding

April 24, 2026 · VibeWShield Team

Convex Auth: 5 Mistakes AI Tools Keep Making in Your Queries

Convex's reactive model makes authorization hide in plain sight. Cursor / Claude scaffold queries without auth checks, and the whole app leaks user data by default. Here are the five patterns to fix.

Read article
tRPC Procedure Authentication: Why AI-Generated Code Leaks User Data
tRPCAuthenticationVibe-Coding

April 21, 2026 · VibeWShield Team

tRPC Procedure Authentication: Why AI-Generated Code Leaks User Data

AI coding tools scaffold tRPC routers without auth middleware. See the exact pattern attackers use to read other users' orders, invoices and messages — and how to fix it in one line.

Read article