Resource Center

Stay updated with the latest best practices, product updates, and expert tips on building secure, seamless user experiences with Authgear.
Integrations

Authgear Takes the Passkey Pledge: Our Commitment to a Passwordless Future

Authgear proudly joins the FIDO Alliance's Passkey Pledge, building on our early adoption since 2022. Passkeys eliminate password vulnerabilities while enhancing user experience through biometric verification. We're committed to making passwordless authentication the default, creating a digital ecosystem where security and convenience perfectly coexist.

Fung
April 30, 2025
Industry

SCIM Provisioning: A Comprehensive Guide to Simplifying User Management

Discover how SCIM provisioning can streamline your user account management, improve security, and enhance productivity.

May 28, 2025
Industry

Master API Gateway Authentication: Secure Your APIs Today

Learn how to implement robust API gateway authentication to protect your APIs. This comprehensive guide covers authentication methods and best practices.

May 28, 2025

All posts

All
Highlight
Case studies
Engineering
Integrations
Industry
Engineering

5 Common TOTP Mistakes Developers Make (and How to Fix them)

TOTP codes not working? See 5 common mistakes developers make — clock drift, Base32 secrets, RFC 6238 parameter mismatches — and how to fix them. Includes a free online TOTP Authenticator tool.

August 28, 2025
Engineering

What is TOTP? A short guide for developers (RFC 6238 explained)

What is TOTP (Time-based One-Time Password)? A concise RFC 6238 explanation for developers with code examples (Node, Python, Go), troubleshooting tips, and a free online TOTP tool.

August 28, 2025
Engineering

The Complete Guide to Machine-to-Machine (M2M) Authentication — OAuth Client Credentials Flow

Learn how M2M tokens work, implement OAuth 2.0 Client Credentials, host JWKS, rotate keys, and secure service-to-service authentication with examples in curl, Node, Python, and Go.

August 22, 2025
Engineering

What is JWKS? JSON Web Key Set Explained with Examples

Learn what JWKS is, how JWKS URI works, JWK format examples, and practical tips to generate and manage keys for secure token verification.

August 14, 2025
Engineering

JWE vs JWT: Key Differences, Use Cases, and Security Tips

Learn the differences between JWE and JWT, when to use each, and how to secure your tokens. Includes free debugging and key generation tools.

August 13, 2025
Industry

Why Your Password Complexity Policy Is Making You Less Secure (And What to Do Instead)

If your website still forces users to include "at least one uppercase letter, one number, and one special character" in their passwords, you're implementing outdated security practices that research shows actually make passwords weaker.

July 31, 2025
Integrations

Membership for Webflow with Authgear

Webflow is sunsetting its native User Accounts feature, leaving many site owners searching for a new way to manage member logins and gated content. If you rely on Webflow for authentication, it’s time to explore alternatives—before your users lose access. This article shows how Authgear can seamlessly replace Webflow’s soon-to-be-retired accounts, keeping your community secure and engaged.

June 27, 2025
Industry

Authgear Takes the Passkey Pledge: Our Commitment to a Passwordless Future

Authgear proudly joins the FIDO Alliance's Passkey Pledge, building on our early adoption since 2022. Passkeys eliminate password vulnerabilities while enhancing user experience through biometric verification. We're committed to making passwordless authentication the default, creating a digital ecosystem where security and convenience perfectly coexist.

April 30, 2025
Industry

From “Open Sesame” to No Passwords: The Past, Present, and Future of Authentication

From "Open Sesame" to passkeys, explore how authentication has evolved, where it’s heading, and why passwordless is the future.

April 29, 2025
Industry

Behavioral Biometrics: Transforming Authentication Beyond Fingerprints

Discover how behavioral biometrics enhances authentication security through unique user behavior analysis, ensuring seamless and secure user experiences across industries.

April 22, 2025
Industry

Decentralized Identity Explained: Self-Sovereign Authentication Guide

Learn about Decentralized Identity (DID), how it provides self-sovereign authentication, enhances privacy, and transforms digital identity management across industries.

April 22, 2025
Industry

AI-Powered Adaptive Authentication: Fight Fraud with ML

Learn how AI-driven adaptive authentication detects anomalies, reduces fraud, and secures logins. See how machine learning adapts to evolving threats.

April 22, 2025
Industry

Phishing-Resistant MFA: Harness Hardware Keys & Passkeys

Discover how phishing-resistant MFA uses hardware keys and passkeys to block attacks, boost security, and deliver a seamless login experience.

April 22, 2025
Industry

Eliminate Cors Error Issues with Authgear’s Secure Authentication

Struggling with cors error challenges? Discover how Authgear’s one-time secure authentication solution overcomes cors error issues, ensuring seamless API access and robust user protection for your web app.

March 14, 2025
Industry

Unlock Ultimate Security with OTP Bot – Authgear

Harness the power of the otp bot to elevate your authentication process. Discover how integrating an otp bot via SMS and Whatsapp can secure your app logins and protect your digital assets, all with Authgear’s one-time payment solution.

March 10, 2025
Industry

Revolutionize Your Security with OIDC Authentication – Authgear

Discover how oidc authentication transforms user identity verification for modern businesses. Explore our comprehensive guide on oidc authentication and learn why Authgear is your ideal security partner.

March 10, 2025
Highlight

Master Attribute-Based Access Control with Authgear – Ultimate Security Guide

Discover how attribute-based access control enhances your software's security. Learn implementation steps, benefits, and a comparison with RBAC in our comprehensive Authgear guide.

March 10, 2025
Industry

FIDO2: The Future of Passwordless Security with YubiKey and More

Discover what is FIDO2, its advantages and disadvantages, and how FIDO2 security key devices like YubiKey enhance online protection. Learn about FIDO2 authentication and passkey compatibility for a secure, passwordless future.

March 5, 2025
Industry

Top 10 SSO Providers in 2025: Secure, Convenient, & Scalable

Discover the top 10 SSO providers in 2025 for secure, convenient, and scalable single sign-on solutions. Learn what features set the best SSO providers apart.

March 5, 2025
Engineering

JWT Authentication: A Secure & Scalable Solution for Modern Applications

Learn how JWT authentication works, its pros and cons, and when to use it for secure, scalable applications. Explore alternatives like OAuth, API keys, and SAML for authentication and access management.

January 18, 2025
Industry

Session Hijacking: Types, Real-World Examples, and How to Prevent It

Learn what session hijacking is, how it works, and the best defenses against it. Discover real-world examples, prevention strategies, and essential security tips to protect user sessions.

December 29, 2024
Engineering

What is Role-Based Access Control (RBAC)? Benefits, Comparisons, and Best Practices

Learn everything about role-based access control (RBAC), its benefits, pros and cons, key rules, and comparisons with ABAC and ACL. Discover how Authgear simplifies RBAC for secure and scalable access management.

December 6, 2024
Industry

Authgear Achieves ISO 27001 and SOC 2 Type 2 Compliance | Enhanced Data Security

Discover how Authgear’s ISO 27001 and SOC 2 Type 2 compliance ensures top-tier security and privacy for your data. Learn what this milestone means for you and your business.

November 19, 2024
Engineering

PKCE in OAuth 2.0: How to Protect Your API from Attacks

Learn everything you need to know about PKCE, a security extension for OAuth 2.0 that helps protect your API from authorization code interception and other attacks. Discover how PKCE works, its benefits, and best practices for implementation.

November 13, 2024
Industry

LDAP Explained: A Comprehensive Guide with Authgear Integration

Discover everything you need to know about LDAP, from its fundamentals to its integration with modern authentication solutions like Authgear. Learn about LDAP's benefits, challenges, and how to enhance its security.

November 12, 2024
Industry

SCIM Provisioning: A Comprehensive Guide to Simplifying User Management

Discover how SCIM provisioning can streamline your user account management, improve security, and enhance productivity.

September 20, 2024
Industry

Master API Gateway Authentication: Secure Your APIs Today

Learn how to implement robust API gateway authentication to protect your APIs. This comprehensive guide covers authentication methods and best practices.

September 8, 2024
Industry

SAML vs OAuth: Which Authentication Method is Right for You?

Learn the key differences between SAML and OAuth, two essential identity management protocols. Discover when to use each for optimal security and user experience.

August 21, 2024
Engineering

How to Add Authentication to a React Native app in 10 Minutes

In this we teach how add a full user authentication feature to any React Native application under 10 minutes.

August 1, 2024
Industry

Passkey vs Password: Why Passkeys Are the Future of Security

Tired of weak passwords and constant security threats? Discover the advantages of passkeys over traditional passwords. Learn how passkeys offer stronger security, improved convenience, and a smoother user experience. Upgrade your online protection today!

July 30, 2024
Engineering

How Does Biometric Authentication Work? A Comprehensive Guide to the Future of Security

Discover how biometric authentication works, from fingerprints to facial recognition. Explore the technology, benefits, challenges, and its role in shaping the future of secure identity verification.

July 30, 2024
Engineering

Password Hashing: How to Pick the Right Hashing Function

Almost all popular online services use some form of hash technique to store passwords securely. In this post we cover the different hashing functions, best practices and how to pick the best one for your application and organisation.

July 23, 2024
Industry

Top Three Types of User Authentication Methods

User Authentication is basically a security check that confirms who a user is before allowing them to access a system. There are many methods and options for adding user authentication to an application. This post discusses the top 3 types of user authentication and how to pick the right one for your use case.

June 26, 2024
Industry

Ditch the Password, Secure Your Accounts with YubiKey: The Future of Authentication is Here

In today's digital world, our online identities are more important than ever. Protecting them with strong passwords feels like a constant, uphill battle. But what if there was a better way? Enter the YubiKey, a powerful hardware authentication device that offers unmatched security and convenience.

February 9, 2024
Industry

OIDC vs. SAML: Decoding the SSO Showdown (And Why It Matters for Your Business)

Choosing the right Single Sign-On (SSO) solution for your business can feel like traversing a labyrinth of acronyms. Enter the two reigning champions: OIDC and SAML. Fear not, weary traveler, for this blog post will be your Rosetta Stone, demystifying the OIDC vs. SAML duel and equipping you to choose the victor for your digital kingdom.

January 15, 2024
Industry

Securing Your Enterprise: Why SOC 2 Compliance is the Key (and How Authentication Holds the Lock)

In today's data-driven world, where information is the lifeblood of business, trust is paramount. Enterprises entrust service providers with sensitive data, from customer records to financial transactions. But how can companies ensure their data is handled with the utmost security and privacy? Enter SOC 2 compliance, a powerful framework that sets the gold standard for data security practices.

January 8, 2024
Industry

Securing the Perimeterless: Dive Deep into Zero Trust Architecture with Continuous Authentication

The cost of digital vulnerabilities is staggering. In 2023 alone, cybercrime is estimated to cause $6 trillion in global damages, a figure expected to balloon to $10.5 trillion by 2025. Every minute, 117 new records are exposed in data breaches, with the average cost of a breach topping $4 million. Closer to home, 46% of all cyberattacks target businesses with fewer than 1,000 employees, illustrating the widespread reach of the threat.

December 22, 2023
Industry

Taming the Workforce Wild West: WIAM for Extended Workforces and Access Management for Frontline & Contractors

The modern workplace is no longer a nine-to-five saloon. It's a bustling frontier of diverse talent, from frontline staff to seasoned contractors. But managing their access? That's where things get dusty. Traditional WIAM solutions are like rickety stagecoaches – slow, clunky, and full of security holes.

December 14, 2023
Engineering

Add Social Login to Your Laravel Project Using any Provider

Social login allows users to log in to your website using their existing account on social sites like Facebook, Twitter (X), and Google. In this post, we show how to implement social login in a Laravel project using any social login provider.

October 24, 2023
Industry

Build vs Buy in 2023: Top Considerations for Choosing Identity Management Solution

Choosing between building or buying an identity management solution is not a straightforward decision. In this article, we'll dive into the key considerations that can guide this decision.

September 14, 2023
Engineering

Defend Against Broken Access Control: Protect Your Application Today

Discover how to prevent broken access control vulnerabilities and safeguard your application from unauthorized access. Learn about common attack types, prevention strategies, and expert guidance. Protect your business with our expert security solutions.

August 31, 2023
Engineering

What is OAuth 2.0 and How it Works

The evolution, mechanics, real-life applications and advantages of the secure OAuth 2.0 framework.

August 30, 2023
Engineering

Authentication for ASP.NET apps with Authgear and OpenID Connect

This blog post demonstrates how to add authentication features to ASP.NET apps with Authgear by implementing an OpenID Connect flow.

August 15, 2023
Engineering

Get Notified in Slack for Every New User Sign Up With Authgear

This article will guide you through the process of integrating Authgear's Hooks and Events with Slack to send immediate notifications in Slack when a new user signs up.

August 10, 2023
Engineering

Add Authentication to Any Web Page in 10 Minutes

This post demonstrates how to easily add authentication to any Javascript Single Page Application (SPA) using Authgear.

August 4, 2023
Engineering

How Profile Enrichment can boost your product

Explore how enriching user profiles work, their benefits, and how you can enable it using Authgear to boost your product usage by understanding who your customers are.

July 28, 2023

Easy Passwordless Login Experience with Magic Links and Authgear

This post explores what magic links are and what you need to know to implement an email-powered login flow for your users with Authgear.

July 21, 2023
Engineering

Authentication for Spring Boot App with Authgear and OAuth2

Learn how to add authentication to your Java Spring Boot application using OAuth2 with Authgear as the Identity Provider.

July 12, 2023
Engineering

Simplifying Authentication Integration For Developers With Authgear SDKs

Authgear SDK libraries make it easy for developers to integrate and interact with Authgear.

July 7, 2023
Industry

What Is Identity as a Service (IdaaS) And Why Does Your Business Need It?

Learn more about identity as a service and how cloud-based IAM can provider better scalability, streamline access management, and deliver smoother user experience.

June 13, 2023
Industry

How to Elevate Digital Customer Experience with CIAM?

Discover how CIAM solutions serve as the essential foundation to elevate digital customer experience, unlock seamless interactions and build customer loyalty.

May 29, 2023
Industry

Frictionless Authentication: What Is It & How To Implement It?

Learn more about frictionless authentication and how to achieve it with passwordless innovations, practical strategies, and forward-thinking approaches to enhance user experience and security.

May 15, 2023
Industry

What is Customer SSO and Why Should You Implement it?

Learn more about the advantages of Single Sign-On for your customers and how your business can benefit from a unified login experience.

March 2, 2023
Industry

Social Login - Why You Should Implement It

Learn how to easily enable social login in your website or app to increase conversion rate and deliver smoother user experience.

February 13, 2023
Engineering

Password Spraying: What It Is and How to Prevent It?

Learn more about password spraying and the different methods to protect your users from it with Authgear.

February 2, 2023
Engineering

What Is Session Management: Threats and Best Practices

Session management is the process of handling interactions between a user and a web application. To understand its importance, consider that HTTP, the protocol underlying the web, is stateless. This means each request from a user is treated independently, and the server has no inherent way to remember or track a user's actions across multiple requests. Session management addresses this by creating a session—a series of related user interactions within a specific timeframe. By managing sessions effectively, web applications can maintain user state, personalize experiences, and enhance security. In this article, we'll delve into the complexities of session management, explore potential threats, and provide best practices to safeguard your web application.

January 15, 2023
Industry

Authentication vs. Authorization: The Differences in One Table

Learn more about the differences between authentication and authorization, two important security processes, with one simple table.

January 13, 2023
Industry

Insurance IAM: How It Helps Acquire More Clients and Facilitate Collaboration?

IAM does more than just enhancing data security for insurance companies. IAM also helps acquire and retain more users and facilitate collaboration with external team members for insurance. See how IAM achieves these with our guide.

December 14, 2022
Engineering

Credential Stuffing: What It Is and How to Prevent It?

Credential stuffing is a type of cyberattack involving use of stolen credentials and bots to gain access to user accounts. Learn more about it and how to prevent it with Authgear.

December 6, 2022
Highlight

Broken Authentication: What Is It and How to Prevent It

Broken authentication is one of the OWASP Top 10 vulnerabilities that involves hackers impersonating users to compromise data security. See what the causes are and how to avoid broken authentication.

November 3, 2022
Industry

Extended Enterprise and Identity & Access Management: The Challenges & Solutions

Extended enterprise, including customers, partners, contractors, etc., poses some new identity & access challenges for businesses. Learn more about the challenges and solutions.

October 21, 2022
Industry

Authentication-as-a-Service: What Is It and Why You Need It

By integrating their apps or software with authentication-as-a-service solution, businesses can provide frictinoless signup/login experiences and more

September 25, 2022
Engineering

4 Things We Learned Supporting Passkeys

Passkeys have the potential to completely replace passwords, but it isn't perfect yet. Learn more about what you might encounter when supporting them.

August 29, 2022
Highlight

Passkeys Compatibility: Which Platforms Support Passkeys?

Passkeys are now supported by iOS, macOS, Chrome and Android. Learn more about passkeys and their compatibility with major browsers and platforms.

August 25, 2022
Industry

Tech Giants Take One Step Closer to a Future without Passwords

Apple, Google, and Microsoft have committed to make passwords a thing of the past, taking another step towards a future without passwords.

August 23, 2022
Industry

What Is SMS Authentication and Should You Implement It?

SMS authentication is one of the most common methods of authentication that verifies user identity via text messages.

July 20, 2022
Industry

Is SMS OTP Reliable? Its Vulnerabilities and Alternatives

Learn more about what makes SMS OTP so popular, how SMS OTP works, its risks, and alternatives to better protect your users.

July 7, 2022
Engineering

From Login to Lockdown: Building Secure Authenticated Applications

Master the art of building secure authenticated applications. Learn about authentication methods, access tokens, and implement robust security with Authgear. Your comprehensive guide to safeguarding user data.

June 24, 2022
Industry

How to Increase Marketing ROI with WhatsApp Marketing

Marketing on WhatsApp is a more cost-effective and efficient way to promote your brands, increase marketing ROI, and engage with your customers.

June 2, 2022
Industry

Why You Need Customer Identity and Access Management (CIAM)?

Customer Identity and Access Management (CIAM) does more than managing and verifying users’ identities. See why you need a CIAM solution.

April 25, 2022
Industry

Sign Up Form Best Practices: Skyrocket Your App Conversion Rate

Explore the top 5 sign up page optimization techniques to maximize the sign up rate for your apps and grow your user base.

March 29, 2022
Industry

The Right to Erasure and How You Can Follow It for Your Apps

Under GDPR, users of mobile apps or software are entitled to have their data removed. This is known as the right to erasure or right to be forgotten.

March 1, 2022
Engineering

Password Hashing & Salting - Function and Algorithm Explained

Learn more about password hashing & salting functions and algorithm to better protect your users' passwords from malicious attacks.

February 24, 2022
Highlight

6 Tips to Strengthen Your Security: Authentication Best Practices Guide

Protect your web application and authentication server with expert guidance. Learn essential authentication best practices, including securing login processes, password management, and server protection. Discover how Authgear can simplify your authentication and enhance security.

February 21, 2022
Industry

Passwordless Authentication: All You Need to Know For Better Security

Learn more about why passwordless authentication has been adopted by all industries and how you can implement it with ease.

February 9, 2022
Industry

Biometric Authentication: Why Do Your Applications Need It in 2024?

Biometric authentication provides better data security and user experience for users. Learn more about the different biometric authentication methods.

February 7, 2022
Industry

In-App Account Deletion Required by App Store Starting June 30, 2022

Apple will soon require apps to allow users to initiate account deletion. Learn more about the upcoming policy and how you can prepare for it.

January 11, 2022
Industry

How to protect your users from automated attacks

Let’s explore the best ways to protect your users from the rapidly evolving menace of automated attacks.

December 13, 2021
Highlight

Session vs Token Authentication

Sessions and Tokens, which of these authentication methods best suits your website or application? Let’s find out.

November 25, 2021
Engineering

Password Reset Best Practices: Avoid Common Pitfalls and Secure Your Users

Discover essential password reset best practices to safeguard your authentication system. Learn how to prevent common security breaches, protect user data, and enhance user experience. Bolster your application's security with expert insights and actionable tips.

November 17, 2021
Industry

What Is Multi-Factor Authentication (MFA) And How Does It Work?

The fact is, if you aren’t using multi-factor authentication (MFA), then your accounts are not as secure as you think.

November 16, 2021
Integrations

Send OTP on WhatsApp 2022

OTPs are essential to verify transactions and logins. In Authgear, you can send OTPs with the messenger services they are familiar with.

November 11, 2021
Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.