Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
Decentralized Identifiers (DIDs) Explained
Overview of Decentralized Identities
Verifiable credentials are essentially a piece of cryptographic data that asserts information about a subject. They are part of a bigger identity ecosystem with several building blocks where decentralization plays an important role.
Verifiable Credentials Explained
An in-depth description of Verifiable Credentials and their data models.
An Introduction to Identity and Access Management
Learn what IAM is, how it works and why it is important. Get some guidance on IAM tools and strategies.
Concepts for Serving Identities in a Kubernetes Environment
This article describes some architectural concepts for providing identity data to APIs and applications in a Kubernetes environment.
Best Practices - OAuth and Same Site Cookies
Best practices for using web cookies and authorization server cookies securely and reliably
OAuth 2.0 Overview
An overview of the OAuth 2.0 authorization framework, summarizing the roles of resource owner, client, resource server and authorization server.
CIAM vs IAM: What's the Difference?
Explores the difference between CIAM and IAM, as well as the common security requirements and behaviors needed for digital solutions.
Token Handler Development Setup
How to manage an API driven application cookie layer for SPAs on a development computer
The Nonce Authenticator Pattern
An additional option to ensure your desired Single Sign-On behavior
Authentication vs. Authorization, What’s the Difference?
Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences.
Implementing Zero Trust APIs
A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect
Account Linking Recipes
Safely change the primary authentication factor, without duplicating identities
IAM Configuration Best Practices
Managing configuration in your Identity and Access Management (IAM) System for multiple environments
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
JWT Secured Authorization Response Mode (JARM)
An overview of the JWT Secured Authorization Response Mode, when and how to use it.
JWT Signatures and EdDSA
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
OAuth Troubleshooting for Developers
Managing the Identity Server and dealing with errors during application development
OAuth Troubleshooting for DevOps
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
