Articles

Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.

Articles

Zero Trust API Events

Zero Trust API Events

Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume

JWT Secured Authorization Response Mode (JARM)
July 19, 2022
An overview of the JWT Secured Authorization Response Mode, when and how to use it.
JWT Signatures and EdDSA
June 20, 2022
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
OAuth Troubleshooting for Developers
April 29, 2022
Managing the Identity Server and dealing with errors during application development
OAuth Troubleshooting for DevOps
April 29, 2022
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
April 26, 2022
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mobile Fallback Attestation
April 14, 2022
Managing client attestation before using the Hypermedia Authentication API
OpenID Connect Code Flow
March 21, 2022
The OpenID Connect Code Flow Explained.
Impersonation Approaches
March 9, 2022
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.
Token Handler Overview
February 24, 2022
A summary of the key behavior when using the token handler pattern
Token Handler Deployment Patterns
February 23, 2022
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Dynamic Client Registration Authentication Methods
February 15, 2022
Methods of authentication in order to get a DCR access token.
Using External IDPs
January 17, 2022
Why and when external IDPs may be useful
Integrate Identity with Business Data
December 9, 2021
Design choices when integrating your business data with an IAM system
Federation Requirements Introduced in FIPS 201-3
November 30, 2021
This article provides an overview of FIPS 201-3 and SP 800-C3. It lists the requirements and explains how OpenID fits into the picture.
Vectors of Trust
November 19, 2021
Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.
Logging Best Practices
November 9, 2021
Recommendations for managing logs and troubleshooting the Curity Identity Server.
Encrypted ID Tokens
September 29, 2021
Using JSON Web Encryption to protect the confidentiality of ID tokens
The Token Handler Pattern for Single Page Applications
August 10, 2021
Learn how the Token Handler design pattern strengthens the security of your Single Page Applications and improves user experience.
Open Banking Brazil DCR Request Validation
July 2, 2021
This article describes how to perform advanced validation of a Dynamic Client Registration request to comply with the requirements of Open Banking Brazil specifications.

Topics

API Security Claims & Scopes Client Security Deployment and Operation Financial Grade Hypermedia Authentication API Multi-Factor Authentication OAuth 2.0 OpenID Connect Security Architecture Single Sign-On User Management