๐—ง๐˜„๐—ผ ๐—•๐˜‚๐—ด๐˜€ ๐—ง๐—ต๐—ฎ๐˜ ๐—ง๐—ฎ๐˜‚๐—ด๐—ต๐˜ ๐— ๐—ฒ ๐— ๐—ผ๐—ฟ๐—ฒ ๐—ง๐—ต๐—ฎ๐—ป ๐—”๐—ป๐˜† ๐—ง๐˜‚๐˜๐—ผ๐—ฟ๐—ถ๐—ฎ๐—น

I learned more from two bugs than from any tutorial. These errors showed me the gap between how tools work and how I thought they worked.

Bug 1: The PKCE State Failure

I built a CLI tool for GitHub authorization. The flow worked like this:

The code broke during deployment. I used the state parameter to find the verifier in my database. I assumed the state would stay consistent. I learned that you cannot trust every external parameter to behave the same way in production as it does on your machine.

Bug 2: The Argon2 Hashing Error

I worked on a team project to handle user sessions. Here was my mistake:

This failed every time. Argon2 is non-deterministic. This means the same input produces a different hash every single time. You cannot use a hashed value in a database query to find a record.

How I fixed it:

The Lesson

Both bugs shared a pattern. The code looked correct. The local tests passed. The failures happened because of my assumptions about how libraries function.

Argon2 documentation explains its behavior. However, you do not feel the risk until you use it incorrectly.

Do not just read documentation. Build a habit of asking one question before you trust a library:

"What assumptions am I making about this tool?"

Asking this question saves more debugging time than any other skill I have learned during my internship.

Source: https://dev.to/clinztouch/two-bugs-that-taught-me-more-than-any-tutorial-2jh7