Articles Getting Started How-tos Guides Code Examples Documentation What's new RSS

Articles

Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.

Articles

OAuth Troubleshooting for Developers

OAuth Troubleshooting for Developers

Managing the Identity Server and dealing with errors during application development

OAuth Troubleshooting for DevOps
April 29, 2022
Managing the Identity Server and dealing with issues in production environments
Client Assertions and the JWKS URI
April 26, 2022
Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions
Mobile Fallback Attestation
April 14, 2022
Managing client attestation before using the Hypermedia Authentication API
OpenID Connect Code Flow
March 21, 2022
The OpenID Connect Code Flow Explained.
Impersonation Approaches
March 9, 2022
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.
Token Handler Overview
February 24, 2022
A summary of the key behavior when using the token handler pattern
Token Handler Deployment Patterns
February 23, 2022
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Dynamic Client Registration Authentication Methods
February 15, 2022
Methods of authentication in order to get a DCR access token.
Using External IDPs
January 17, 2022
Why and when external IDPs may be useful
Integrate Identity with Business Data
December 9, 2021
Design choices when integrating your business data with an IAM system
Federation Requirements Introduced in FIPS 201-3
November 30, 2021
This article provides an overview of FIPS 201-3 and SP 800-C3. It lists the requirements and explains how OpenID fits into the picture.
Vectors of Trust
November 19, 2021
Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.
Logging Best Practices
November 9, 2021
Recommendations for managing logs and troubleshooting the Curity Identity Server.
Encrypted ID Tokens
September 29, 2021
Using JSON Web Encryption to protect the confidentiality of ID tokens
The Token Handler Pattern for Single Page Applications
August 10, 2021
Learn how the Token Handler design pattern strengthens the security of your Single Page Applications and improves user experience.
Open Banking Brazil DCR Request Validation
July 2, 2021
This article describes how to perform advanced validation of a Dynamic Client Registration request to comply with the requirements of Open Banking Brazil specifications.
Pushed Authorization Requests (PAR)
June 23, 2021
What is PAR, and how does it help improve security for financial-grade APIs?
How to Implement Financial-Grade Security
June 11, 2021
Overview of the different OAuth 2.0 and OpenID standards and best practices for implementing financial-grade security.
Dynamic User Routing
June 7, 2021
A design pattern for dynamically routing users to their home region in a global IAM system.

Topics

API Security Claims & Scopes Client Security Deployment and Operation Financial Grade Hypermedia Authentication API Multi-Factor Authentication OAuth 2.0 OpenID Connect Security Architecture Single Sign-On User Management