Articles
Explore Curity’s expert articles on OAuth, OpenID Connect, API security, identity architecture, AI agent security, CIAM, and financial-grade security. Use these resources to understand standards, compare implementation patterns, and design secure identity systems.
Design AI for Enterprises
A thought process for enterprises to plan ahead on AI initiatives and meet cross-team requirements.
OAuth Client ID Metadata Document
The OAuth Client ID Metadata Document draft specification provides a convenient way for OAuth clients to identify themselves at the authorization server without having to register upfront.
Browserless OAuth
OAuth commonly relies on the browser for user interactions and authentication. This behavior can create friction in the user experience. This is where browserless OAuth comes in.
Dynamic Trust for AI Agents
AI agents need to be able to establish trust at runtime to securely integrate with other services on demand. Read up on how to dynamically establish trust for AI agents.
API Access Across Trust Domains
Secure API access from AI agents that cross trust boundaries: requirements, examples and advices. Secure your AI agents by federating identity and authorization across trust domains.
SSO for AI Agents with OpenID Connect
Implementing Single Sign-On for AI Agents with OpenID Connect: options and examples. Secure your AI agents using a Single Sign-On Service.
OpenID Authorization Exchange (AuthZEN)
This article gives an overview of the AuthZEN Authorization API and how it relates to authentication and authorization.
An Introduction to Authorization
Learn about the common concepts, terms and patterns in authorization.
API Security Best Practices for AI Agents
Secure APIs with OAuth, scopes, and claims. Learn API security best practices for safe, fine-grained authorization in AI integrations.
Design MCP Authorization for APIs
Learn how organizations can extend the reach of APIs and restrict access to sensitive data.
MCP Authorization Lifecycle
Learn about the security standards and endpoints to enable MCP clients to safely access sensitive data.
OAuth With Unsolicited SAML Responses
Struggling with IdP-initiated SAML in OAuth? Learn solutions to handle unsolicited SAML responses, fix PKCE challenges, and secure OAuth 2.0 apps.
An Overview of WebAuthn
WebAuthn is a specification of a JavaScript API that allows applications to perform secure authentication for both multi-factor and single-factor scenarios.
Client Initiated Backchannel Authentication (CIBA) Flow
This article describes the messages in the poll mode as specified by CIBA and aims to help developers understand and implement the specification.
What is an Entitlement Management System?
What is an Entitlement Management System, what are the functions and what components does it include?
User Provisioning With SCIM
Overview of System for Cross-domain Identity Management (SCIM). What is SCIM, and what problems does it solve?
What is PSD2, and How Does it Work?
A brief summary of PSD2 and the security requirements and goals to comply with its regulations.
Authentication vs. Authorization, What's the Difference?
Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences.
What Is OpenID Connect, and How Does It Work?
OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and SAML?
What is Partner Identity and Access Management (PIAM), and How Does it Relate to B2B?
Understand the main principles and benefits of Partner Identity and Access Management, and find out how it can solve various business-to-business use cases.
Customer Stories
Learn how organizations run identity and API security at scale.
Read customer stories