Videos

Make a cup of tea, sit down and learn about identity management and securing digital services.

Developer How-to's29

Test using OAuth Tools

In this recording, we take a look at testing with OAuth Tools.

The Token Handler Pattern: OpenID Connect for Single Page Apps

Integrating the Curity Identity Server with PagerDuty

Using Curity, OPA and Kong for end-to-end API authentication and authorization

App2App Logins using the Curity Identity Server

Integrating the Curity Identity Server with AWS API Gateway

Working with configuration in the Curity CLI

Integrating Curity Identity Server with Apigee Edge

Using Custom Token Issuers in the Curity Identity Server

Using Additional Factors in the Curity Identity Server

Introduction to the Command Line Interface (CLI)

REST API Overview with Integration of CLI & UI

Demos25

Curity Token Handler for Single Page Applications

The Curity Token Handler is a Backend for Frontend (BFF) authentication solution that addresses browser-based authentication security concerns. With the Token Handler enables you to:

Secure authentication without a firewall-protected backend
Avoid lengthy and resource-heavy development
Secure API calls in the browser
Avoid cyber threats like token exfiltration and cross-site scripting (XSS)

Further reading:

Configure an OAuth Client in the Curity Identity Server

Curity Identity Server: Community Edition

Secure Frictionless Authentication with the Curity Identity Server

Using the Curity Identity Server as an IdP in Entrust IDaaS

Token Designer Overview: Working with Claims

Mobile Login with WebAuthn and Hypermedia Authentication API on iOS

The Curity Identity Server for Open Banking and Financial-Grade Security

Curity Identity Server: Bringing Identity and API Security Together

Dynamic User Routing in a Global IAM System

How to Install the Community Edition using Docker

Browser-less mobile login in iOS using the Authentication API

Browser-less mobile login using the authentication API

WebAuthn Authenticator with NFC YubiKey on iPhone

Live presentations22

How to Build a Fortress with the Security of a Tent

A talk given by Curity's CTO, Jacob Ideskog, at the Nordic APIs 2024 Platform Summit.

How Single Page Applications Came, Conquered and Ruined the Day. We build APIs, not apps. Why should we care about what the application teams are doing? Please don’t ask us to look at the bigger picture.

Securing platforms is a massive task, where both the details and the big picture matter. We can rely on security standards such as OAuth and OpenID Connect, but if we don’t use the right tool for the right task, security is merely a hope. So it’s time to present the right tools for the right task and hopefully change hope into action.

Further Reading:

The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included

OAuth Well Played – Mods and Combos for the Cloud Native API Security Game

Show Me Your Wallet to Tell Me Who You Are - Using Verifiable Credentials with OAuth

Ditch the Browser, Native API-Driven App Authentication with Passkeys

Decentralized Identities Changes Everything, Even Your APIs

Browserless OAuth Flows in Mobile Apps Using a Hypermedia API

Curity on ProgrammableWeb's Developers Rock Podcast

OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes

Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture

Financial Grade APIs Using OAuth and OpenID Connect

Security Is a Concern, Let’s Make It an Enabler

Securing APIs in a Cloud Native Environment Using OAuth

Securing APIs and Microservices with OAuth and OpenID Connect

OAuth and OpenID Connect for PSD2 and Third-Party Access

Curity Shorts7

How Do Decentralized Identifiers and Verifiable Credentials Work?

How do decentralized identifiers (DIDs) and verifiable credentials (VC) work and how a decentralized identity system is different from a federated model?

Further Reading: