Princewill Emeka

One wrong diagnosis in your HealthTech app. One patient data leak. One failed hospital integration. And your startup can collapse overnight. Meanwhile, you’re wondering why almost every smart founder in Nigeria still runs to Fintech. It’s not because HealthTech is useless. It’s because in Nigeria, building HealthTech sometimes feels like carrying the problems of an entire broken system on your head.

@Akintola_steve @Nueltek Make una involve me Can I be a part of this community?

@Nueltek Very well explained. And well said. We just finished a session in my community and all this was explained

An Interviewer asks you this: A user changes their password successfully. Meanwhile they still have 5 active sessions across different devices. Question: How do you handle session invalidation without logging out the current device?

I learnt this the hard way. At the start of this year, I set a clear goal for myself to help at least 50 people from my LinkedIn community land remote jobs. Not just by posting opportunities, but through direct referrals, recommendations, and mentorship. January was… humbling. I genuinely thought opportunities would just come to me. That because I had visibility, things would naturally align. But nothing really moved. It felt slow, almost discouraging. Then February came, and I changed my approach. I stopped waiting, and started giving out the few job opportunities that came my way instead of sitting on them. I reached out to organizations I was already connected to and actively asked about openings for my people. I made a conscious decision to hire from my own community whenever I had the chance, instead of outsourcing. Basically, I went from passive to intentional, and things started shifting. The more I talked about what I was doing, the more people paid attention. The more I showed up with proof, the more trust I built. Now, instead of me chasing opportunities, organizations reach out to me asking for recommendations from my community. That didn’t happen by luck. It happened because I moved. So far, 11 people from my community have landed remote jobs through this effort. The 12th is currently in progress, and if all goes well, it should be sealed by mid next week. A moving man will always meet his luck.

Authentication & Authorization is beautiful. Every concept has a story. You just don't know it yet. You build an API. Anyone can call it. Anyone can read the data. Anyone can delete the records. There is no "who". There is just "anyone". So you add a password. Now the user proves who they are before they get in. That is Authentication. The oldest problem in computing, solved with a string you type and hope nobody guesses. Your server checks the password on login and lets the user in. But HTTP has no memory. Every request arrives like a stranger. The server forgets them immediately. So you create a Session. The server remembers the user server-side and hands them a Session ID. They send it back with every request. The server looks it up and recognises them. One stable ID. One server-side store. It works until you have ten servers and no idea which one holds the session. So you put Session state in Redis. Every server reads from the same store. The user can hit any server. The session survives. Now you have mobile apps, microservices, third-party integrations. They cannot use cookies. They need something they can carry themselves. So you use a JWT. A self-contained token with the user's identity baked in. No database lookup. The server verifies the signature and trusts the claims. It scales. It is stateless. It feels elegant. Then a user gets compromised. You want to invalidate their token. But the token is valid for 24 hours and there is no registry to check. You cannot un-issue a JWT. It is just out there, valid, until it expires. So you make tokens short-lived. 15 minutes. You add a Refresh Token, long-lived and stored securely, used only to get a new access token. Now revocation is possible. The refresh token hits your server. Your server can reject it. The 15-minute window is acceptable risk. Your app needs to access the user's Google Calendar. You ask them for their Google password. They give it to you. You store it. Now you hold credentials you were never supposed to have. So you use OAuth 2.0. Google asks the user directly. The user says yes. Google gives your app a scoped token. Your app never sees the password. The user can revoke access without changing their password. Delegation, not impersonation. The right model. You add OAuth. Users log in with Google. But now you need to know who they are, not just that they have access. The access token lets you call Google APIs. It does not tell you the user's name. So you add OpenID Connect. An identity layer on top of OAuth. Google sends an ID Token, a signed JWT with the user's name, email, and a unique ID. Authentication and Authorization in one handshake. Users are in. Now the question changes. Not "who are you" but "what can you do". You give every user full access. It is simpler. One user deletes the production database. Accidentally. They had no reason to have that permission. You had no reason to give it. So you add Roles. Admin. Editor. Viewer. Each role has specific permissions. Each user gets a role. The Editor cannot delete. The Viewer cannot edit. It works until you have 40 roles and nobody can explain what each one does. So you write Policies. Not roles assigned to users but rules evaluated at request time. This user, this resource, this action, this time of day. OPA evaluates it. You get a decision. Access or deny. Expressible. Auditable. Composable. A user logs in with just a password. An attacker gets the password from a breach database. Your database was not the one that leaked. Your users reuse passwords. The attacker is in. So you add MFA. A second factor the attacker does not have. A TOTP code from an authenticator app. A hardware key. A biometric. The password alone is no longer enough. The attacker has the password. They still cannot get in. A user gets a phishing email. A fake login page, pixel-perfect. They type their password and their TOTP code. The attacker relays both in real time. MFA did not save them. The fake site looked real. The user could not tell the difference. So you use Passkeys. No password to steal. No code to intercept. The user's device holds a private key bound to your site's exact origin. A fake site is a different origin. The key does not work there. Phishing becomes structurally impossible. Not harder. Impossible. Your services talk to each other inside the cluster. Service A calls Service B. But B has no way to know the request actually came from A and not from something that found a way inside the network. You trusted the network. The network is not enough. So you use mTLS. Both sides present certificates. Both sides verify each other. A service cannot lie about its identity. A compromised pod cannot impersonate a trusted service. Zero Trust. Not because it sounds good in a pitch deck. Because the alternative is assuming your internal network is safe. It is not. Authentication answers: who are you. Authorization answers: what can you do. Most teams get Authentication right and treat Authorization as an afterthought. That is where breaches live. Not at the login page. In what you let authenticated users do after they are inside. The pattern across all of it is the same. Every concept exists because the previous one had a gap. Sessions because HTTP is stateless. JWT because sessions do not scale. OAuth because passwords should not be shared. Passkeys because passwords should not exist. Each one is a better answer to the same question. "Who are you. And what are you allowed to do here."

@ObinnaUkwueze Thanks. I've always had this in mind, how to reach prospects are always the problem.

@princewill_dev_ AI GTM product.

If you're a cracked Nigerian or African engineer who wants to build world-class products for Europe and North America, let's talk. I'm actively looking for serious partners & collaborators (engineers, technical founders, co-builders) for high-impact projects.

@ObinnaUkwueze How to get to them

There are thousands of painters in Europe and Canada, build for them. Ship in days and not weeks.

@remote_jobs_hub I'm interested @remote_jobs_hub Check out my portfolio princewill-theta.vercel.app

#hiring ServiceTitan is hiring a Web Developer Experience: 0 - 3 years Location: Remote (Canada) Salary : $20 per hour -Proficiency in HTML5, CSS3, TypeScript, JavaScript, React, Vue, and TailwindCSS Let me know if you are interested 👇

I saw a woman at the bank arguing over charges She was tired and wasn't shouting but trying to explain calmly. "Last week you removed ₦100. Yesterday, ₦200. Now another ₦200 again… for what exactly?" She wasn’t even raising her voice. Just trying to understand where her money was going. "I had over ₦2,000 in this account. Now it’s around ₦1,300." Then a man behind her said, "It’s just ₦200, why all this?" She told him, "That ₦200 is my transport" Because the truth is, It’s easy to call ₦200 "small money" when it’s not coming out of the last ₦2,000 you’re holding onto. Until it gets to your turn, you’ll understand.

@arjunstwtx @fidexcode Okay then Mutuals?

@princewill_dev_ @fidexcode It went well. It’s not live anymore it’s been 3 to 4 years.

Do you still remember your first project? What is it?

@juiceboy_of_abj Did you uninstall your terminals too?

So if you buy a new laptop and mistakenly uninstall the browser that comes with it, how would you download the browser back since you don’t have a browser to install the browser?🤔🤔

@SKIDDOWNDR @JenomSenju Mad man😂😂

@JenomSenju The hair on her head abi which one

Lecturer walked into class and I told her that her hair looked nice. till today I don’t understand why she slapped me and sent me out of the class.

@webdeveloper_NG Quick recovery

Gun to your head,what does QR in QR code mean?

@fidexcode ImageVault😂 Used Pixabay's API to search the web and return images based on search keywords. I remember using 3 days to solve modulus maths trying to get an algorithm to display images in the right grid I felt like a god man, still laugh at that shii till today😂

@arjunstwtx @fidexcode Currently building something similar to this. How'd it go for you Any chance it's still live?

@fidexcode Online blood bank management system using php

@Akintola_steve Mind of a great founder!

I often say this, and I’m not sure if it’s pride, but I doubt it. Regardless of how tough or uncertain the tech market may seem, my product will scale! The right audience will find it because it’s a great product. Don’t let the fact that similar solutions already exist stop you. Focus on building quality, invest in marketing, and then pray. Market conditions may be challenging, but I will scale, that I know for sure!

@smartnakamoura undefined = a variable exists but has no value assigned yet - it's "empty by default" null = a variable exists and has been intentionally set to "nothing" - it's "empty on purpose"

You write JavaScript every day. Quick question: what's the difference between null and undefined? Most devs with 2 years experience can't explain it cleanly. Can you?

Funny how I had dedicated this new week to researching these auth libraries docs to find out one I can start using. One thing I discovered tho', these libraries are mostly frontend. I loved and had previously always built my auth service layer at the backend level. So my question, is there any diff or upside to handling auth on the frontend?

spent 3 months trying every auth library and this is the honest breakdown: – Clerk: fastest to set up, great UI out of the box, costs money at scale – Better Auth: open source, flexible, my current go-to – NextAuth: free, messy to configure, community is huge – Supabase Auth: great if you're already using Supabase Stop copy-pasting tutorials and pick one. Stick with it. What are you using? Drop it below 👇

@richsongocrazy Show me a government website with good UI

That NYSC website be like my side project for 2020.