Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
What is PSD2, and How Does it Work?
A brief summary of PSD2 and the security requirements and goals to comply with its regulations.
What Is OpenID Connect, and How Does It Work?
OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and SAML?
What is Partner Identity and Access Management (PIAM), and How Does it Relate to B2B?
Understand the main principles and benefits of Partner Identity and Access Management, and find out how it can solve various business-to-business use cases.
Design MCP Authorization for APIs
Learn how organizations can extend the reach of APIs and restrict access to sensitive data.
Best Practices - OAuth and XSS Prevention
Mitigate XSS threats in OAuth-secured Browser Based Apps
Mutual TLS Sender Constrained Access Tokens
Use mutual TLS to harden the use of access tokens, so that an attacker cannot use stolen tokens to gain API access.
Mutual TLS Client Authentication
What is Mutual TLS, and how does Client Authentication with Mutual TLS work?
The Split Token Approach
The Split Token Approach, applicable for any OAuth 2.0 ecosystem, aims to improve your tokens' security.
The API Security Maturity Model
There is a spectrum of API security implementations, and not all of them are equal. The model describes API security in ever-increasing levels of trust, complexity, and efficiency.
Harden API Access with Workload Identities
An introduction to workload identities and their role in API security.
CIAM and API Security
Understand how Customer Identity and Access Management serves APIs to enable the correct access to business data.
OpenID Connect Hybrid Flow
Learn about the OpenID Connect hybrid flow, its components, and how it combines the implicit and authorization code flows for secure authentication.
Best Practices - OAuth for Mobile Apps
Best practices to harden security when integrating OAuth into mobile applications.
Elevating API Security and Resilience with Token Patterns
Elevate API security with token patterns like phantom and token exchange. Improve resilience and privacy, and enable zero-trust architecture.
Supported OAuth 2.0 RFCs
An overview of the OAuth 2.0 related standards and their support in the Curity Identity Server.
OpenID Authorization Exchange (AuthZEN)
This article gives an overview of the AuthZEN Authorization API and how it relates to authentication and authorization.
OAuth Device Flow
Learn how OAuth 2.0 Device Flow enables secure authentication on input-constrained devices like smart TVs and consoles: easy setup and seamless user experience.
OAuth Resource Owner Password Credentials Flow
The OAuth Resource Owner Password Credentials Flow Explained.
OAuth Revoke Flow
Learn how OAuth 2.0 token revocation works to securely revoke access and refresh tokens, enhance security, and prevent unauthorized access.
OpenID Connect Standards
Overview of OpenID Connect standards and how they used by the Curity Identity Server.
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
