Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
IAM Configuration Best Practices
Managing configuration in your Identity and Access Management (IAM) System for multiple environments
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
JWT Secured Authorization Response Mode (JARM)
An overview of the JWT Secured Authorization Response Mode, when and how to use it.
JWT Signatures and EdDSA
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
OAuth Troubleshooting for Developers
Managing the Identity Server and dealing with errors during application development
OAuth Troubleshooting for DevOps
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mobile Fallback Attestation
Managing client attestation before using the Hypermedia Authentication API
OpenID Connect Code Flow
The OpenID Connect Code Flow Explained.
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.
Token Handler Overview
A summary of the key behavior when using the token handler pattern
Token Handler Deployment Patterns
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Dynamic Client Registration Authentication Methods
Methods of authentication in order to get a DCR access token.
Using External IDPs
Why and when external IDPs may be useful
Integrate Identity with Business Data
Design choices when integrating your business data with an IAM system
Federation Requirements Introduced in FIPS 201-3
This article provides an overview of FIPS 201-3 and SP 800-C3. It lists the requirements and explains how OpenID fits into the picture.
Vectors of Trust
Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.
Logging Best Practices
Recommendations for managing logs and troubleshooting the Curity Identity Server.
Encrypted ID Tokens
Using JSON Web Encryption to protect the confidentiality of ID tokens
The Token Handler Pattern for Single Page Applications
Learn how the Token Handler design pattern strengthens the security of your Single Page Applications and improves user experience.