Client Security
Discover different aspects of client security and learn best practice approaches.
Client security primarily covers web and mobile, to ensure the best security in the browser and on devices
Articles
OAuth With Unsolicited SAML Responses
Struggling with IdP-initiated SAML in OAuth? Learn solutions to handle unsolicited SAML responses, fix PKCE challenges, and secure OAuth 2.0 apps.
Best Practices - OAuth and XSS Prevention
Mitigate XSS threats in OAuth-secured Browser Based Apps
Best Practices - OAuth for Mobile Apps
Best practices to harden security when integrating OAuth into mobile applications.
Token Handler Design Overview
A design overview of the key behavior when using the token handler pattern
Token Handler Deployment Patterns
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Best Practices - OAuth for Single Page Applications
Single Page Applications (SPAs) are different from regular web applications, requiring further security measures. Learn how to use OAuth to secure SPAs.
Best Practices - OAuth and Same Site Cookies
Best practices for using web cookies and authorization server cookies securely and reliably
The Nonce Authenticator Pattern
An additional option to ensure your desired Single Sign-On behavior
Customer Stories
Learn how organizations run identity and API security at scale.
Read customer stories