WebinarCloud Native Data Security with OAuth: A Fireside Chat with the Authors - Register now!
Curity logo
  • Contact us
  • Search
  • Schedule a Demo
  • Start Free Trial
ArticlesGetting StartedHow-tosGuidesCode ExamplesDocumentationVideosWebinarsCoursesTrainingDocuments
What's newRSS

Learn MoreLearn by topics

  • Security Architecture
    • An Introduction to Identity and Access Management
    • Introducing the Neo-Security Architecture
    • Curity and the Neo-Security Architecture
    • What is an Identity Management System?
    • What is an API Management System?
    • What is an Entitlement Management System?
    • OpenID Authorization Exchange (AuthZEN)
    • Authentication vs. Authorization, What’s the Difference?
    • Glossary of Identity Management Terms
  • Security Architecture Best Practices
    • Identity and Access Management Primer
    • Zero Trust Architecture is a Token-Based Architecture
    • The Token Handler Pattern for SPAs
    • Elevating API Security with Token Patterns
    • Integrate Identity with Business Data
    • Open Policy Agent: Integration Overview
    • Privacy and GDPR Using OAuth
    • Federation Requirements Introduced in FIPS 201-3
  • Customer Identity and Access Management
    • What's CIAM and Why it Matters
    • CIAM vs IAM: What's the Difference?
    • How CIAM Protects Data
    • CIAM and API Security
  • Single Sign-On
    • Single Sign-On Introduction
    • What is a Single Sign-On Session?
    • Implementing SSO for Web Apps
    • Implementing SSO for Mobile Apps
    • SSO and Authentication Methods
    • Administrative Management of SSO
    • Prompting for Login during SSO
    • SSO for Web with OpenID Connect
  • Multi-Factor Authentication
    • Introduction to Multi-Factor Authentication
    • MFA and the Curity Identity Server
    • Approaches to Multi-Factor Authentication
    • New Country vs. Changed Country, What's the Difference?
    • The Impossible Journey Authentication Action
    • Using Geo-Location Data in the Authentication Process
    • An Overview of WebAuthn
    • What are Passkeys?
    • Passkeys - Design your Solution
    • Account Linking Recipes
  • Claims & Scopes
    • Scopes vs Claims
    • Claims Explained
    • Scopes Explained
    • Designing Claims
    • Using Claims in APIs
    • Scopes, Claims and the Client
    • Centralizing Identity Data
    • What is a Claims Authority?
    • Consent and Claims
    • Selective Disclosure for JWTs (SD-JWT)
    • Default Scopes
    • Using Vectors of Trust
    • Scope Best Practices
    • Claims Best Practices
  • OpenID Connect
    • OpenID Connect Overview
    • OpenID Connect Authorization Code Flow
    • Validating an OpenID Connect ID Token
    • Dynamic Client Registration Overview
    • Using Dynamic Client Registration
    • Dynamic Client Registration Authentication Methods
    • Dynamic Client Registration Management
    • OAuth and OIDC Request Objects
    • JWT Secured Authorization Response Mode (JARM)
    • Pairwise Pseudonymous Identifiers
    • OpenID Connect Hybrid Flow
    • OpenID Connect Standards
    • OpenID Connect Single Logout
    • Client Initiated Backchannel Authentication (CIBA)
    • Client Initiated Backchannel Authentication (CIBA) Flow
    • Device Flow vs CIBA?
    • Encrypted ID Tokens
  • OAuth 2.0
    • OAuth 2.0 Overview
    • Which OAuth Flow Should I Use?
    • OAuth Code Flow
    • Proof Key for Code Exchange Overview
    • Demonstrating Proof of Possession Overview
    • OAuth Implicit Flow
    • OAuth Token Exchange Flow
    • OAuth Client Credentials Flow
    • OAuth Resource Owner Password Credentials Flow
    • OAuth Device Flow
    • OAuth Refresh
    • OAuth Revoke Flow
    • Mutual TLS Client Authentication
    • Mutual TLS Sender Constrained Access Tokens
    • Client Assertions and the JWKS URI
    • Pushed Authorization Requests (PAR)
    • Supported OAuth 2.0 RFCs
  • API Security
    • The API Security Maturity Model
    • API Security Best Practices
    • Identities in a Kubernetes Environment
    • JWT Security Best Practices
    • Top 10 API Security Vulnerabilities According to OWASP
    • Implementing Zero Trust APIs
    • The Phantom Token Approach
    • The Split Token Approach
    • Self-contained JWTs
    • Token Sharing Approaches
    • Impersonation Approaches
    • Harden API Access with Workload Identities
    • JWT Signatures and EdDSA
    • Zero Trust API Events
  • Client Security
    • Best Practices - OAuth for Single Page Apps
    • Best Practices - OAuth and XSS Prevention
    • Best Practices - OAuth and Same Site Cookies
    • Best Practices - OAuth for Mobile Apps
    • Token Handler Design Overview
    • Token Handler Deployment Patterns
    • The Nonce Authenticator Pattern
  • Hypermedia Authentication API
    • What is Hypermedia Authentication API
    • Mobile Attestation Fallback
  • Financial Grade
    • What is Financial-Grade Security?
    • What is PSD2?
    • What is Open Banking?
    • Implement Financial-Grade Security
    • App2App Mobile Architecture
    • Consentors in Financial-Grade
    • Open Banking Brazil DCR Request Validation
  • Decentralized Identities
    • Overview of Decentralized Identities
    • Decentralized Identifiers (DIDs) Explained
    • Verifiable Credentials Explained
    • Issue Verifiable Credentials using OpenID4VC
  • User Management
    • User Provisioning With SCIM
    • Managing Users With SCIM
  • Operation and Configuration
    • Using External IDPs
    • Multi-Region Deployment
    • Dynamic User Routing
    • OAuth Troubleshooting for Developers
    • OAuth Troubleshooting for DevOps
    • IAM Configuration Best Practices

Learn MoreLearn more

  • Webinars
  • Documents
  • Videos
Financial Grade

Financial Grade

Guides on going beyond standard OAuth security and using financial grade options for the strongest security

Guides on going beyond standard OAuth security and using financial grade options for the strongest security

Open Banking Brazil DCR Request Validation

Open Banking Brazil DCR Request Validation

This article describes how to perform advanced validation of a Dynamic Client Registration request to comply with the requirements of Open Banking Brazil specifications.

Consentors in Financial-Grade

Consentors in Financial-Grade

A guide for using consentors to meet financial-grade requirements.

App2App Mobile Architecture

App2App Mobile Architecture

An architectural summary of the App2App authentication flow and how it can be used in an Open Banking setting.

How to Implement Financial-Grade Security

How to Implement Financial-Grade Security

Overview of the different OAuth 2.0 and OpenID Connect standards and best practices for implementing financial-grade security.

What is Open Banking?

What is Open Banking?

What is Open Banking, and what are the security requirements to implement Open Banking solutions?

What is PSD2?

What is PSD2?

A brief summary of PSD2 and the security requirements and goals to comply with its regulations.

What is Financial-Grade Security?

What is Financial-Grade Security?

This article explains what financial-grade is, and offers the best practices to deal with the main financial-grade security concerns.

Videos

Who Needs That FAPI Thing, Anyway?
Financial Grade APIs Using OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Free trial icon representing Start a free trial

Start a Free Trial

Calendar icon representing Schedule a demo

Schedule a demo

User with a computer icon representing Speak to an Identity Specialist

Speak to an Identity Specialist

Book icon representing Explore learning resources

Explore learning resources

footer lines
Curity logo

info@curity.io

Get in touch

  • X icon
  • LinkedIn icon
  • YouTube icon
  • Bluesky icon
  • GitHub icon
  • Subscribe to Curity's RSS Feeds icon
  • Medium icon
  • Nordic APIs icon
Sign up for API Security Insights.

© Curity AB Terms of Service

Product

  • Product Overview
  • Authentication Service
  • Token Service
  • User Management Service
  • Curity Token Handler
  • Authentication
  • Secure Access
  • User Journey Orchestration
  • Decentralized Identity
  • Extensibility and SDK:s
  • Identity Standards
  • Community Edition
  • Product Plans
  • FAQ
  • Support
  • Deployment
  • DevOps and Secops

Solutions

  • Overview
  • Common Identity Platform
  • Modernizing Infrastructure
  • Open Banking & Financial-Grade APIs
  • Secure Frictionless Authentication
  • Zero Trust and Security Architecture
  • Government
  • Healthcare
  • Telecom
  • Financial Services
  • Technology / SaaS

Resources

  • Resource Library
  • What's New
  • Articles
  • Getting Started
  • How-tos
  • Code Examples
  • Webinars
  • Whitepapers
  • Documents
  • Videos
  • Courses
  • OAuth Tools

Company

  • About
  • Customers
  • Partners
  • Blog
  • Careers
  • Events Calendar
  • ESG
  • News
  • Investor Relations
Security ScoreCard
SOC2 Type 2 ComplianceISO/IEC 27001 Compliant
observatory: A+ (100/100)observatoryobservatoryA+ (100/100)A+ (100/100)
SSL: A+ SSL SSL A+ A+