Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
Supported OAuth 2.0 RFCs
An overview of the OAuth 2.0 related standards and their support in the Curity Identity Server.
OpenID Authorization Exchange (AuthZEN)
This article gives an overview of the AuthZEN Authorization API and how it relates to authentication and authorization.
OAuth Device Flow
Learn how OAuth 2.0 Device Flow enables secure authentication on input-constrained devices like smart TVs and consoles: easy setup and seamless user experience.
OAuth Resource Owner Password Credentials Flow
The OAuth Resource Owner Password Credentials Flow Explained.
OAuth Revoke Flow
Learn how OAuth 2.0 token revocation works to securely revoke access and refresh tokens, enhance security, and prevent unauthorized access.
OpenID Connect Standards
Overview of OpenID Connect standards and how they used by the Curity Identity Server.
Dynamic Client Registration Overview
An overview of the Dynamic Client Registration (DCR) protocol. Learn about its use cases, deployment patterns and how to build a more dynamic network.
Using Dynamic Client Registration
Dynamic Client Registration allows new clients to be registered using a standard API. In this article we provide examples of use cases.
Which OAuth Flow Should I Use?
Learn how to select the right OAuth 2.0 flow for your app, including code flow, client credentials flow, device flow, and more for various use cases.
Consent and Claims
Learn how consent relates to claims in the authorization process.
What is a Claims Authority?
A brief overview of what a claims authority is and what role it plays in the process of issuing claims.
SSO for Web with OpenID Connect
Explore use cases for web Single Sign-On, the benefits of using SSO for web, cookie security and how to maximize user experience using iFrames.
Administrative Management of SSO
A short overview of typical Single Sign-On use cases for applications and clients. Read about the benefits of having a differentiated approach.
Prompting for Login during SSO
Learn how you can allow the client to manage Single Sign-On prompts based on the duration of sessions or OpenID Connect parameters.
SSO for Mobile Apps with OpenID Connect
Implementing Single Sign-On for mobile apps with OpenID Connect: options and examples. Secure your mobile apps using a Single Sign-On Service.
SSO and Authentication Methods
Examples of how you can adjust the Single Sign-On (SSO) behavior depending on the authentication methods used, as a way of improving your security architecture.
Proof Key for Code Exchange Overview
Learn how the Proof Key for Code Exchange (PKCE) should be used in the OAuth server.
Using OpenID Connect for a Single Sign-On Solution in Web Clients
An example of the process of implementing Single Sign-On for a web client. Learn about SSO requirements and what clients do.
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
What is a Single Sign-On Session?
Single Sign-On (SSO) sessions are not web sessions - how do you tell them apart? Learn what the Single Sign-On session is and how to design your SSO solution
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
