Articles
Our articles offer insights on a range of topics such as identity and access management, Financial-grade and API security.
Claims Best Practices
Best practices for implementing claims. Learn how to issue custom claims step by step.
Scope Best Practices
Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes.
Selective Disclosure for JWTs (SD-JWT)
Selective disclosure is the ability to select which data within a signed document to disclose to a counterpart compared to sharing all data at once. This article describes SD-JWT, a format that allows for selectively disclosing parts of a signed JWT.
OpenID Connect Overview
OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and SAML?
Device Flow vs CIBA | Which Flow Should You Choose?
Which Flow Should You Choose, the OAuth Device Authorization Grant or OpenID Client Initiated Back-Channel Authentication?
Token Handler Design Overview
A design overview of the key behavior when using the token handler pattern
Demonstrating Proof of Possession Overview
What is Demonstrating Proof of Possession (DPoP), and how can it be used to improve the security of public clients.
JWT Security Best Practices
Best practices for using JTWs in applications. Learn about JWTs as access tokens, which algorithms to use, when to validate the token and other useful tips.
Token Handler Deployment Patterns
Design patterns for deploying an API-driven backend for front-end Single Page Applications
Token Handler Development Setup
How to manage an API driven application cookie layer for SPAs on a development computer
What is an API Management System?
What is an API Management System, what does it do, and what services does it contain?
What is an Identity Management System?
An overview of the Identity Management System, and its main components: authentication service, token service, federation and user management service.
Best Practices - OAuth for Single Page Applications
Single Page Applications (SPAs) are different from regular web applications, requiring further security measures. Learn how to use OAuth to secure SPAs.
Scopes vs Claims
In OAuth and OpenID Connect, scopes and claims are common concepts. This article looks at the main differences between the two.
Identity and Access Management Primer
Basic IAM concepts and practical advice on how best to implement Identity and Access Management for any business.
OAuth Token Exchange Flow
OAuth 2.0 Token Exchange Explained.
Approaches to Multi-Factor Authentication
We provide examples of the most common multi-factor authentication approaches to help you find the right balance between security and usability.
The Token Handler Pattern for Single Page Applications
Learn how to secure an SPA using an API-driven Backend for Frontend, for the best all-round architecture
Passkeys - Design your Solution
Passkeys technology support and design recommendations
What are Passkeys?
Passkeys offer a passwordless and convenient way to sign in to online accounts and services. They improve both security and user-experience of logins.
Topics
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.
Start Free Trial
