Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
SSO for Web with OpenID Connect
Explore use cases for web Single Sign-On, the benefits of using SSO for web, cookie security and how to maximize user experience using iFrames.
Administrative Management of SSO
A short overview of typical Single Sign-On use cases for applications and clients. Read about the benefits of having a differentiated approach.
Prompting for Login during SSO
Learn how you can allow the client to manage Single Sign-On prompts based on the duration of sessions or OpenID Connect parameters.
SSO for Mobile Apps with OpenID Connect
Implementing Single Sign-On for mobile apps with OpenID Connect: options and examples. Secure your mobile apps using a Single Sign-On Service.
SSO and Authentication Methods
Examples of how you can adjust the Single Sign-On (SSO) behavior depending on the authentication methods used, as a way of improving your security architecture.
Proof Key for Code Exchange Overview
Learn how the Proof Key for Code Exchange (PKCE) should be used in the OAuth server.
Using OpenID Connect for a Single Sign-On Solution in Web Clients
An example of the process of implementing Single Sign-On for a web client. Learn about SSO requirements and what clients do.
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
What is a Single Sign-On Session?
Single Sign-On (SSO) sessions are not web sessions - how do you tell them apart? Learn what the Single Sign-On session is and how to design your SSO solution
Single Sign-On Introduction
A brief introduction to Single Sign-On. Read about the benefits of SSO and how it can be used with OpenID Connect to authenticate users.
API Security Best Practices
Security tips to consider when designing and creating APIs.
What's Customer Identity and Access Management, and Why Does it Matter
Understand the main principles and benefits of customer identity and access management, and find out how it can be used by different industries.
How Customer Identity Access Management Protects Data
Understand how organizations can leverage CIAM systems to better protect their user's data.
Passkeys - Design your Solution
Passkeys technology support and design recommendations
What are Passkeys?
Passkeys offer a passwordless and convenient way to sign in to online accounts and services. They improve both security and user-experience of logins.
Claims Best Practices
Best practices for implementing claims. Learn how to issue custom claims step by step.
Scope Best Practices
Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes.
Selective Disclosure for JWTs (SD-JWT)
Selective disclosure is the ability to select which data within a signed document to disclose to a counterpart compared to sharing all data at once. This article describes SD-JWT, a format that allows for selectively disclosing parts of a signed JWT.
OpenID Connect Overview
OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and SAML?
Device Flow vs CIBA | Which Flow Should You Choose?
Which Flow Should You Choose, the OAuth Device Authorization Grant or OpenID Client Initiated Back-Channel Authentication?
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
