Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.

CIAM vs IAM: What's the Difference?
Explores the difference between CIAM and IAM, as well as the common security requirements and behaviors needed for digital solutions.
Token Handler Development Setup
How to manage an API driven application cookie layer for SPAs on a development computer
The Nonce Authenticator Pattern
An additional option to ensure your desired Single Sign-On behavior
Authentication vs. Authorization, What’s the Difference?
Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences.
Implementing Zero Trust APIs
A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect
Account Linking Recipes
Safely change the primary authentication factor, without duplicating identities
IAM Configuration Best Practices
Managing configuration in your Identity and Access Management (IAM) System for multiple environments
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
JWT Secured Authorization Response Mode (JARM)
An overview of the JWT Secured Authorization Response Mode, when and how to use it.
JWT Signatures and EdDSA
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
OAuth Troubleshooting for Developers
Managing the Identity Server and dealing with errors during application development
OAuth Troubleshooting for DevOps
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mobile Fallback Attestation
Managing client attestation before using the Hypermedia Authentication API
OpenID Connect Authorization Code Flow
A thorough explanation of the OpenID Connect Authorization Code Flow. Learn how to authenticate users and clients with OIDC.
Impersonation Approaches
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.
Token Handler Overview
A summary of the key behavior when using the token handler pattern
Token Handler Deployment Patterns
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Dynamic Client Registration Authentication Methods
An overview of the main DCR use cases, how to secure DCR, user and client authentication, Financial-grade DCR authentication and dynamic client management.
Using External IDPs
Why and when external IDPs may be useful