Webinar: Introduction to OAuth and OpenID Connect
We're launching a series of free webinars. The first session 'An introduction to OAuth and OpenID Connect' is taking place on Tuesday 11 June at 3:00 PM CEST.
We're launching a series of free webinars. The first session 'An introduction to OAuth and OpenID Connect' is taking place on Tuesday 11 June at 3:00 PM CEST.
We've recently published a new resource section on the Curity.io website. The resource center features articles on a range of topics including OAuth scopes, claims, tokens, Single Sign On and more.
Curity will participate in Nordic APIs' LiveCast ‘Scaling API Security For Enterprises’ on Wednesday June 19th. During the hour-long webinar, the speakers will discuss ways to scale API Security for large organizations.
We’re excited to tell you about OAuth.tools - An OAuth laboratory where you can easily connect to any OAuth server and try the full set of flows. The clean UI lets you see the flows clearly, in what order things happen, what tokens are returned and if signatures are valid and so on.
We're pleased to announce the release of Curity Identity Server 4.0. This release is very rich in features and includes more improvements than any of our previous releases.
The biggest, and most exciting new feature is delegated administration. It is now event easier to restrict access to any configuration element in the entire data model. Read on for more.
The Curity team continues to grow, and we are pleased to announce that Peter Hagren and Dimitrios Zografos have just joined our Stockholm office. Read on to learn more about Peter and Dimitris.
Curity will join the IDM Europe conference Frankfurt on March 14th, which we are proud to be a part of. During the conference you will be able to meet us in person at our booth to discuss identity management and API Security related questions.
We are happy to announce that version 3.4.1 of the Curity Identity Server has been released. The latest version contains performance updates and bug fixes that we believe you will find useful. The main update being the pooling of HTTP Clients, which will increase throughput when connecting to downstream services.
We're pleased to announce that Curity will be hosting two workshops at Nordic APIs 2019 Austin API Summit on May 13th.
Curity will host both an introductory workshop about OAuth and OpenID Connect in Practice as well as Advanced OAuth and OpenID Connect, for those who want to learn about the advanced aspects of OAuth and OpenID Connect.
This year we’re giving a special donation to the Swedish Cancer Society. It is a charity that is very close to our hearts. They do incredibly important work and fund vital cancer research projects.
It’s not too late to give the gift of giving this Christmas. Go to www.cancerfonden.se – or a charity of your choice
On May 14-15, 2019, Nordic APIs are hosting the Austin API Summit in Texas. As supporters of Nordic APIs we’re pleased to announce that we will be at the event. Attendees of the Summit will hear from a long list of API experts as well as Curity’s Travis Spencer, Jacob Ideskog and Daniel Lindau.
More info and tickets are available on the website.
We are happy to announce that version 3.3.0 of the Curity Identity Server has been released. It’s a minor release; but contains several enhancements, fixes and new features that we believe you will find useful.
In a recent customer story, Anu Shahi from First Utility talks about how Curity has helped the organization to implement a versatile and modern identity and security mechanism, which supports multi-factor authentication, linking of various types of user accounts, Single Sign On (SSO) as well as user self-service actions.
Version 3.3 of the Curity Identity Server is due out later this month and includes new features to make it easy to comply with PSD2 regulations.
OAuth is a powerful solution for many providers. As with any tool, however, it’s only as powerful as it is understood by the user who chooses it. Understanding what OAuth is and, at the very least, having a general overview of each particular flow is extremely important. In a recent blog post, Daniel Lindau, looked at OAuth, and gave a brief rundown of each flow type.
The 2018 edition of the Platform Summit took place in Stockholm 22-24 October. This was the biggest event to date with about 480 total attendees, as organizers of the event we’re obviously thrilled. An international speaker panel from a wide range of industries involved in APIs, discussed the best practices that will propel the global API industry into the future. This year’s theme was ‘explore the API universe’ and generated a lot of interesting discussions both during speaker talks and in the coffee breaks.
Sessions were recorded so if you were unable to attend you can still get a flavor of the event and gain some valuable insights. The speaker line-up included some of Curity’s identity experts, you can view our sessions here.
On November 19-23 Curity will attend GOTO Copenhagen, which we are proud sponsors of. During the conference you will be able to meet us in person at our booth and discuss API Security related questions.
On Tuesday November 20th (at 11:30) our CEO, Travis Spencer will give a talk on Securing APIs and Microservices with OAuth and OpenID Connect. In addition to this, Jacob Ideskog, Identity Specialist at Curity, is hosting a workshop on OAuth and OpenID Connect in Practice.
Come and meet us at the API Security for Open Banking Summit, taking place 21st November in London. Travis Spencer, our CEO, will give a session on OAuth and OpenID Connect for PSD2, Open Banking and Third-Party Access.
You will also be able to meet us in person at our booth and discuss API Security related issues
We are happy to announce the release of Curity 3.1.0 and 3.2.0. Though not a major update, this release includes a lot of fixes and features. In addition to the thousands of tests that run on each commit, we spent a lot of additional time during this release cycle on testing. We added a lot more tests and ways of testing to help us detect issues more quickly. We also made a lot of improvements to the core system, resulting in a more secure and performant base. We noticed that some flows ran over three times faster and were able to sustain 300% more concurrent users. If you're still on 2.X, you can expect a tremendous speed boost after upgrading!
As we mentioned a few weeks ago, 3.2 includes a supported Java Virtual Machine (JVM) from Azul Systems, alleviating customers' concerns about the changes to the Oracle JVM licensing model, support terms, and release cycle. One of the few dependencies of the Curity Identity Server is Java. Before now, the only supported Java Runtime Environment (JRE) was Oracle's; however, a supported JRE is now included!
A forthcoming version of the Curity Identity Server will include a supported Java Virtual Machine (JVM) from Azul Systems, alleviating customers' concerns about the changes to the Oracle JVM licensing model, support terms, and release cycle.
On September 24 – 26 Curity will attend the API Conference in Berlin, which we are proud sponsors of. During the conference you will be able to meet us in person at our booth and discuss API Security related questions.
On Tuesday September 25th (14:30 - 15:30) our CEO, Travis Spencer will give a deep dive talk about OAuth and OpenID Connect in Room: Saal A+B.
Come and meet us next week at the API:World, the world’s largest API conference next week in San Jose, CA between September 10 and 12. Travis Spencer, CEO of Curity, will give a session on Advanced OAuth. Come and and discuss your API security challenges with us at booth #316.
On October 22nd, Curity will be hosting two workshops at Nordic APIs 2018 Platform Summit. Later on October 23rd – 24th we will have three speakers from Curity presenting on different API security topics.
Curity will host one introductory workshop about OAuth and OpenID Connect where we in short will talk about: OAuth flows and Actors, OpenID Connect, Token Formats, Token handling, and Securing an API. We will also in parallel host another workshop on Advanced OAuth and OpenID Connect, where we will go through some of the more intricate aspects of the code and implicit flow, the hybrid flow, form response more, Proof Key for Code Exchange (PKCE or “pixie”), Proof-of-Possession / Holder of Key and much, much more. Attendees for the 2nd workshop are expected to have used or implemented these protocol before or to at least have attended a previous OAuth workshop.
More info and tickets for the introductory workshop are available here, and for the advanced workshop here. Info and registration for the main event on October 23rd – 24th can be found here.
On August 22nd, Curity will host a new Java Meetup together with Oracle, at their office on Söder Mälarstrand 29 in Stockholm.
The event is free but registration via meetup.com is required. We will serve light dinner and drinks from 5:30 pm, and later we will have three speakers presenting. Firstly, Matthew Gillard, Java and Clojure Programmer at Oracle, will talk about "Java and Serverless – A Match Made In Heaven". Matthew will share some ideas about why Java has not caught on so much with serverless fans and what the future holds. Claes Redestad, JVM Performance Engineer at Oracle will then continue on the same topic. Lastly, Renato Athaydes, Software Developer at Curity, will talk about "Running Java As A Native Application with GraalVM". Renato will talk about what GraalVM is, what is can be used for, and the new exciting possibilities it brings to the Java world.
This is our most featureful, documented, and performant release ever! 3.0 marks a tremendous step forward in terms of capabilities, standard-compliance, user experience, and functionality. One of the most exciting new features is support for authentication actions. These are additional steps that can be configured to run after a user logs in. They enable not only actions that were previously available, like account linking, but many new possibilities. They allow authentication to be completed only after the user takes some additional step, for example, accept new terms or register a new account. They can also be configured to run after SSO instead of login. The admin UI has been updated to allow these workflows to be configured in an intuitive manner using drag and drop visual elements. New actions can also be built using the SDK. Using authentication actions, account linking has been revamped, making it much simpler to configure. Additionally, new security measures, guides, and best practices are in place around linked accounts to ensure that it is used correctly.
Curity will be joining Nordic APIs event The Austin API Summit in Austin, Texas, on June 11-13th.
On June 11th Curity will host a half-day workshop “OAuth and OpenID Connect in Practice” in Austin. We will discuss why things are designed the way they are, how they should be deployed in a scalable fashion, and what it means to build an entire platform that uses these standards.
On the first day of the main event, June 12th, our CEO Travis Spencer will host an introductory session on OAuth and OpenID Connect where he will “cram as much about these two protocols as will fit into 20 minutes”. And on the second day of the conference Daniel Lindau, Solution Architect at Curity, will give a keynote talk on OAuth Assisted Token Flow for Single Page Applications. In this session, Daniel will show how OAuth can be integrated into Single Page Applications (SPAs) using the assisted token flow – a new OAuth message exchange pattern introduced at IETF 101.
Curity and Verisec, the company behind the mobile e-ID service Freja eID, enters into a technical partnership.
The Curity Identity Server makes it easier for companies and organizations with different databases, APIs and existing applications to make use of and integrate log in methods such as Freja eID. In turn, Freja eID and the service’s countrywide network for ID verification simplifies for organizations with thousands of users and complex services to make use of a secure login method. Additionally, end-users and organizations are free from the burden of forgotten passwords and all that it entails.
You may have heard about the new General Data Protection Regulation ("GDPR"), that comes into effect May 25, 2018. Our aim is to be as transparent as possible regarding how and why we process your personal data, and as such we have updated our Privacy Policy.
On April 11th – 13th Curity will be exhibiting at the API Conference which will be held at Business Design Centre in London. The CEO of Curity, Travis Spencer, will also be giving a talk: Secure Your APIs and Microservices Using OAuth & OpenID Connect.
Come by our booth and sign up to enter the lottery and you might go home with a Nintendo Switch!
At IETF 101 in London, we were presenting the recently suggested RFC to the OAuth working group that will allow developers to secure their SPA in a standardized way. Until now, there hasn’t been a way in OAuth for clients to request user authorization when using scripting languages such as JavaScript. The Assisted Token flow leverages HTML's iframe element, child windows, and the postMessage interface and is a way simpler approach compared to building your own solution based upon the with the implicit grant type flow. The proposed RFC is found here
On March 22nd, Curity will host a half-day workshop on OAuth and OpenID Connect at Nordic APIs and Copenhagen Fintech’s event APIs for Banking and FinTech, in Copenhagen. If you are architecting your APIs, or doing back-end development, then this workshop is for you – previous experience with the technologies is not required to participate.
After the workshop, the event continues with and afternoon full of sessions where, in example, Jacob Ideskog, Solution Architect at Curity, will talk about Third Party Provider Integration for Banking APIs.
Curity is the proud organizer behind the Stockholm Java User Group meetup. The next meetup will be hosted together with Computer Futures. The meetup, with the theme Patterns and Performance, will take place at 6 pm on February 20th, at SUP 46’s offices on Regeringsgatan 65 in Stockholm. The meetup is free and we will have three speakers presenting.
Klara Ward, Senior Software Engineer at Oracle, will talk about Java Flight Recorder – a low overhead profiling tool built into the Oracle JDK. Then, Jacob Ideskog, Solution Architect at Curity, will talk about Plug-ins with Dynamic Configuration and the small DSL with proxy pattern which Curity has developed. Jacob will demo how this works. Lastly, Renato Athaydes, Sofware Developer at iZettle, will talk about Modularization patterns: Java Modules vs. Microservices. Renato will discuss common patterns used to modularize Java applications, how microservices fit into the pattern, and the challenges and benefits of each different approach.
We are happy to be attending API Days in Paris on January 30th, where our CEO Travis Spencer will be holding a session on Secure Your APIs with Phantom Tokens.
In his session, Travis will be talking about how it is not sufficient to simply follow the standards to secure your APIs. How do you properly handle PII and other sensitive data inside JWTs and what about of devs depending on the data where changes to the token format breaks the app? The presentation will show how this is resolved using Phantom Tokens in the Curity Identity Server, still being 100% OAuth 2 compliant and benefiting from JWTs in the API backend protected by normal Reverse Proxy.
We are very happy to announce that the Curity Identity Server is now OpenID Connect certified by the OpenID Foundation. Curity is a strong proponent of organizations following the OpenID Connect standard and the for many reasons and we’re proud to pass all test required for certification. The working being done in the OpenID Foundation is in the benefit of the entire Internet community. The conformance profiles are: Basic OP, Implicit OP, Hybrid OP and Config OP.