#OAuth2

How to use SAML for Single Page Applications and Mobile Apps?

Using SAML for Single Page Applications (SPAs) can be a bit tricky. In this blog post, we explore how to implement SAML for SPAs and provide best practices for securing your application.

Step-Up Authentication with Auth0

If you're using Auth0 for authentication, you can implement step-up authentication by leveraging the ID token and its claims. Learn how to enforce step-up authentication based on the user's context or the requested operation.

OpenID Connect Provider Security Headers

When implementing OpenID Connect (OIDC), ensuring secure communication is critical. HTTP headers is often overlooked but play a significant role in protecting data and mitigating security risks. In this article, we will explore some of the essential security headers that you should know.

Authentication Methods in OpenID Connect and OAuth 2.0

OpenID Connect (OIDC) supports a variety of mechanisms for authenticating clients to its endpoints. Learn about the authentication methods supported by OpenID Connect.

What is the OpenID Connect Userinfo Endpoint?

The Userinfo endpoint is a standard feature of the OpenID Connect (OIDC) protocol, designed to provide additional claims (user-related information) about an authenticated user. Learn more about the OpenID Connect Userinfo Endpoint.

Step-Up Authentication with OpenID Connect

If you're using OpenID Connect for authentication, you can implement step-up authentication by leveraging the ID token and its claims. Learn how to enforce step-up authentication based on the user's context or the requested operation.

Understanding OpenID Connect and OAuth 2.0 Tokens

OpenID Connect and OAuth 2.0 have are several types of tokens, each serving distinct purposes. In this article, we’ll explore the different tokens, their formats, and their appropriate use cases.

How to Configure an application or an API with OpenID Connect?

Developers need to configure their applications or APIs to work with OpenID Connect. In this article, we will explore the different ways to configure an application or an API with OpenID Connect.

OAuth 2.0 Connect Token Exchange

OAuth 2.0 Token Exchange is an extension to the OAuth 2.0 protocol that allows a client to exchange one token for another. This can be useful in scenarios where a client needs to obtain a different type of token to access a resource or service. Learn how OAuth 2.0 Token Exchange works and when to use it.

OpenID Connect and OAuth2 Standard Scopes

OpenID Connect and OAuth2 define a set of standard scopes that can be used to control the level of access that a client application has to a user's resources. In this blog post, we will explore the standard scopes defined by OpenID Connect and OAuth2 and understand their significance in the authorization process.

What is PKCE and why you should use it?

PKCE is an extension to OAuth 2.0 that provides additional security for public clients. Learn more about PKCE and why you should use it.

Users accounts for your SaaS - A Journey with Ory Solutions

Multi-factor authentication (MFA) is a powerful security tool that can protect against cyber threats and enhance UX simplifying the login process.

Keycloak Introduction: Simplifying Identity and Access Management

Discover the power of Keycloak, an open-source IAM solution, in an introduction article. Uncover the key features that make Keycloak a go-to platform.

OpenId Connect Standard Claims

Tokens carry information about the authentication and authorization context and are used to make secure and authorized requests. In this blog post, we will explore the different types of claims found in OIDC tokens and understand their significance in the authentication process.

Understanding OAuth 2 Access Token Claims

In this informative blog post, we delve into the world of OAuth 2 access token claims. This article provides an exploration of the claims found in tokens.

How to Manage Invalid Tokens in Web and Mobile Applications?

While JWTs are essential for secure communication between clients and servers, managing their lifecycle and ensuring their security can be challenging. In this blog post, we'll explore best practices for invalidating access tokens, including token revocation and rotation, and how to implement these mechanisms in OAuth2 and OpenID Connect.

How to Invalidate a JWT Access Token?

While JWTs are essential for secure communication between clients and servers, managing their lifecycle and ensuring their security can be challenging. In this blog post, we'll explore best practices for invalidating access tokens, including token revocation and rotation, and how to implement these mechanisms in OAuth2 and OpenID Connect.

Understanding OpenID Connect and OAuth2 Grant Types

This article provides a comprehensive guide to understanding the different grant types used in OpenID Connect and OAuth2 protocols.

OAuth 2.0 Introduction

OAuth 2 is an open standard protocol that allows applications to access user's data without requiring the user to share their credentials. How does it work?