Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
Device Flow vs CIBA | Which Flow Should You Choose?
Which Flow Should You Choose, the OAuth Device Authorization Grant or OpenID Client Initiated Back-Channel Authentication?
OAuth Token Exchange Flow
OAuth 2.0 Token Exchange Explained.
Passkeys - Design your Solution
Passkeys technology support and design recommendations
Issue Verifiable Credentials using OpenID4VC
How an issuing organization can issue verifiable credentials within the context of an OAuth flow
What are Passkeys?
Passkeys offer a passwordless and convenient way to sign in to online accounts and services. They improve both security and user-experience of logins.
Decentralized Identifiers (DIDs) Explained
Decentralized Identifiers are globally unique, persistent and resolvable identifiers that support cryptographic verification of ownership without relying on any central registration authority.
Overview of Decentralized Identities
Verifiable credentials are essentially a piece of cryptographic data that asserts information about a subject. They are part of a bigger identity ecosystem with several building blocks where decentralization plays an important role.
Verifiable Credentials Explained
An in-depth description of Verifiable Credentials and their data models.
An Introduction to Identity and Access Management
Learn what IAM is, how it works and why it is important. Get some guidance on IAM tools and strategies.
Concepts for Serving Identities in a Kubernetes Environment
This article describes some architectural concepts for providing identity data to APIs and applications in a Kubernetes environment.
Best Practices - OAuth and Same Site Cookies
Best practices for using web cookies and authorization server cookies securely and reliably
OAuth 2.0 Overview
An overview of the OAuth 2.0 authorization framework, summarizing the roles of resource owner, client, resource server and authorization server.
CIAM vs IAM: What's the Difference?
Explores the difference between CIAM and IAM, as well as the common security requirements and behaviors needed for digital solutions.
Token Handler Development Setup
How to manage an API driven application cookie layer for SPAs on a development computer
The Nonce Authenticator Pattern
An additional option to ensure your desired Single Sign-On behavior
Authentication vs. Authorization, What’s the Difference?
Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences.
Implementing Zero Trust APIs
A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect
Account Linking Recipes
Safely change the primary authentication factor, without duplicating identities
IAM Configuration Best Practices
Managing configuration in your Identity and Access Management (IAM) System for multiple environments
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial