Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.

An Introduction to Identity and Access Management
Learn what IAM is, how it works and why it is important. Get some guidance on IAM tools and strategies.
Concepts for Serving Identities in a Kubernetes Environment
This article describes some architectural concepts for providing identity data to APIs and applications in a Kubernetes environment.
Best Practices - OAuth and Same Site Cookies
Best practices for using web cookies and authorization server cookies securely and reliably
OAuth 2.0 Overview
An overview of the OAuth 2.0 authorization framework, summarizing the roles of resource owner, client, resource server and authorization server.
CIAM vs IAM: What's the Difference?
Explores the difference between CIAM and IAM, as well as the common security requirements and behaviors needed for digital solutions.
Token Handler Development Setup
How to manage an API driven application cookie layer for SPAs on a development computer
The Nonce Authenticator Pattern
An additional option to ensure your desired Single Sign-On behavior
Authentication vs. Authorization, What’s the Difference?
Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences.
Implementing Zero Trust APIs
A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect
Account Linking Recipes
Safely change the primary authentication factor, without duplicating identities
IAM Configuration Best Practices
Managing configuration in your Identity and Access Management (IAM) System for multiple environments
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
JWT Secured Authorization Response Mode (JARM)
An overview of the JWT Secured Authorization Response Mode, when and how to use it.
JWT Signatures and EdDSA
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
OAuth Troubleshooting for Developers
Managing the Identity Server and dealing with errors during application development
OAuth Troubleshooting for DevOps
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mobile Fallback Attestation
Managing client attestation before using the Hypermedia Authentication API
OpenID Connect Authorization Code Flow
A thorough explanation of the OpenID Connect Authorization Code Flow. Learn how to authenticate users and clients with OIDC.
Impersonation Approaches
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.