NewsNews

NewsRSS

ROPC is dead — Long Live the Authentication API

ROPC is dead — Long Live the Authentication API

The Resource Owner Password Flow (ROPC) limitations have been something we’ve dealt with ever since the OAuth 2.0 specification was finalized. It was intended to support legacy applications that did not have a browser available or used as a last resort for legacy use-cases. The authors of the specification clearly signal that this flow is not recommended and should be avoided.

Curity’s CTO Jacob Ideskog recently wrote an article outlining that the authentication API may be the answer and how a hypermedia API allows you to perform browserless, multi-factor login from your apps securely.

Have a read of his article ROPC is dead — Long Live the Authentication API here.

Back to news

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Free trial icon representing Start a free trial

Start a Free Trial

Calendar icon representing Schedule a demo

Schedule a demo

User with a computer icon representing Speak to an Identity Specialist

Speak to an Identity Specialist

Book icon representing Explore learning resources

Explore learning resources