Videos

Make a cup of tea, sit down and learn about identity management and securing digital services.

Videos

Developer How-to's29

Test Different OAuth Flows Using OAuth Tools

Test Different OAuth Flows Using OAuth Tools

OAuth tools is an app for API developers to learn and explore the inner workings of the OAuth and OpenID Connect protocols.

In this recording, we take a look at how to configure it.

The Opt-In Multi-Factor Authentication Action
The Token Handler Pattern: OpenID Connect for Single Page Apps
Developing a Plugin Part 1
Developing a Plugin Part 2
Integrating the Curity Identity Server with PagerDuty
Using Curity, OPA and Kong for end-to-end API authentication and authorization
App2App Logins using the Curity Identity Server
Implementing Claims Best Practices
OAuth Device Flow
Account Linking with Facebook
Integrating the Curity Identity Server with AWS API Gateway
Debug Authentication Action
Introduction to the RESTCONF Admin API
Working with configuration in the Curity CLI
Parameterized configuration
Integrating Curity Identity Server with Apigee Edge
Using Custom Token Issuers in the Curity Identity Server
Duo Login and Registration
Salesforce Claims Provider
Installing the Curity Identity Server
Using Additional Factors in the Curity Identity Server
Custom Claim Data Source
Claims Mapper
Introduction to the Command Line Interface (CLI)
Overview of Authentication
Dynamic Client Registration
2-Factor and Step-up Authentication
REST API Overview with Integration of CLI & UI

Demos25

Curity Token Handler for Single Page Applications

Curity Token Handler for Single Page Applications

The Curity Token Handler is a Backend for Frontend (BFF) authentication solution that addresses browser-based authentication security concerns. With the Token Handler enables you to:

  • Secure authentication without a firewall-protected backend
  • Avoid lengthy and resource-heavy development
  • Secure API calls in the browser
  • Avoid cyber threats like token exfiltration and cross-site scripting (XSS)

Further reading:

Curity Technology Solutions™️
Curity Government Solutions
Configure an OAuth Client in the Curity Identity Server
Curity Healthcare Solutions™️
Curity Identity Server: Community Edition
Modernizing Infrastructure
Secure Frictionless Authentication with the Curity Identity Server
Using the Curity Identity Server as an IdP in Entrust IDaaS
Entrust IDaaS Integration
Token Designer Overview
Token Designer Overview: Working with Claims
The Lodging Intent Pattern
Mobile Login with WebAuthn and Hypermedia Authentication API on iOS
The Curity Identity Server for Open Banking and Financial-Grade Security
Curity Identity Server: Bringing Identity and API Security Together
Curity Identity Server Demo
Create a Common Identity Platform
Dynamic User Routing in a Global IAM System
How to Install the Community Edition using Docker
Browser-less mobile login in iOS using the Authentication API
Browser-less mobile login using the authentication API
Custom Token Mapping
WebAuthn Authenticator with NFC YubiKey on iPhone
Claims Consentor Demo

Live presentations22

How to Build a Fortress with the Security of a Tent

How to Build a Fortress with the Security of a Tent

A talk given by Curity's CTO, Jacob Ideskog, at the Nordic APIs 2024 Platform Summit.

How Single Page Applications Came, Conquered and Ruined the Day. We build APIs, not apps. Why should we care about what the application teams are doing? Please don’t ask us to look at the bigger picture.

Securing platforms is a massive task, where both the details and the big picture matter. We can rely on security standards such as OAuth and OpenID Connect, but if we don’t use the right tool for the right task, security is merely a hope. So it’s time to present the right tools for the right task and hopefully change hope into action.

Further Reading:

Who Needs That FAPI Thing, Anyway?
Panel Discussion: API Authorization
The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game
Show Me Your Wallet to Tell Me Who You Are - Using Verifiable Credentials with OAuth
Ditch the Browser, Native API-Driven App Authentication with Passkeys
Military-Grade Security for APIs
Decentralized Identities Changes Everything, Even Your APIs
Addressing Top API Security Risks
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access

Curity Shorts7

Do Decentralized Identifiers Require a Blockchain?

Do Decentralized Identifiers Require a Blockchain?

What Are the Benefits of Decentralized Identity for Organizations?
How Do Decentralized Identifiers and Verifiable Credentials Work?
What Are Decentralized Identifiers and Verifiable Credentials?
Why Are We Talking about Decentralized Identity Now?
What is Decentralized Identity?
How Will the Shift To Decentralized Identity Affect the Digital Identity Space?