A number of security issues have been discovered recently caused by the reliance on the email claim when using OpenID Connect (OIDC) for SSO.

In this blog post we'll review some of the major OIDC providers to discuss how to retrieve the claim safely

Social logins and OpenID Connect (OIDC) are an extremely effective way to register new users with low friction.

There are many libraries out there that implement OIDC with several providers, however the implementation is very error-prone and can expose an application to account takeover attacks.

In this article, we’ll discuss the common security issues found in OAuth 2.0/OIDC login flows and best practices on how to avoid them.

We’re excited to announce first-party Remix support in SlashID with @slashid/remix. We've borrowed the power of our React SDK and aligned it with Remix's unique design patterns.

The Remix SDK makes authentication for Remix easy and seamless.

Firebase Authentication and Google Identity Platform are the two Google products that offer identity management.

Both products suffer from a vulnerability that allows an attacker to enumerate users on an application powered by Firebase Authentication or Google Identity Platform.

In this article, we’ll show how this vulnerability can be used and what the impact is.

Effortless GDPR compliance out of the box. Notify users about your intent to use cookies and request their consent.

Protect your API against unauthorized access without changing your application.

Our newest Gate plugin automatically enforces OpenAPI security checks, so you can implement fine-grained access control for your APIs and workloads without writing any extra code.

Rate limiting is a key defense against bots and threats for APIs and backends. Traditional IP-based rate limiting techniques are insufficient today because they can be easily bypassed.

In this article, we discuss the state of the art when it comes to rate limiting and how we have implemented a modern, distributed, identity-based rate limiting plugin for Gate.

Knowing your users is becoming increasingly important. Whether you're a B2B PLG business trying to convert leads or a fintech business fending off attacks, it's essential to have more context about who is accessing your platform and to customize your behavior accordingly.

In this article, we show how you can leverage SlashID's webhooks to enrich the authentication context, customize the user journey, block malicious users.

Identity in distributed applications is hard. In large and complex environments with multiple services, a number of patterns have emerged to authenticate and authorize traffic.

In this article, we’ll discuss the most common ones, how to implement them, and their pros and cons.