Choosing The Right UUID Version: v1, v4, v6, Or v7
Learn the differences between UUIDv1, UUIDv4, UUIDv6, and UUIDv7, and how to choose the right UUID version for performance, ordering, and privacy.
Time-Sortable Identifiers Explained: UUIDv7, ULID, and Snowflake Compared
Learn how UUIDv7, ULID, and Snowflake IDs work, how they differ, and when to use each for scalable, time-ordered, distributed systems.
SAML Token Example: What’s Inside a SAML Assertion
Explore a SAML token example and learn what’s inside a SAML assertion, including attributes, authentication statements, signatures, and security elements.
OIDC Specification Explained: Key Concepts Developers Need
Understand the OIDC specification with a practical breakdown of flows, tokens, claims, scopes, and endpoints. Learn the key concepts developers actually need to implement secure authentication.
Common OAuth 2.0 Grant Types and When You Should Use Each One
Learn about the most common OAuth 2.0 grant types, how they work, and when to use each one. A practical guide for developers and security teams.
Demonstrating Proof-of-Possession (DPoP): A Complete Guide for Modern OAuth Security
Learn what Demonstrating Proof-of-Possession (DPoP) is, why it’s important for secure APIs, and how to implement it. Includes practical examples for developers.
Base64 Made Easy: How to Encode and Decode Data
Learn how Base64 encoding works, why it’s used, and how to encode or decode data safely. Includes practical examples and a free online Base64 tool.
What is SCIM Provisioning and How Does it Work?
Learn what SCIM provisioning is, how it works, its benefits and drawbacks, and how SaaS teams can implement it securely and at scale.
How Do Authenticator Apps Work?
Learn how authenticator apps work: TOTP secrets, QR provisioning, clock drift, recovery codes, and why passkeys (WebAuthn) stop phishing.
Why HMAC Is Still a Must-Have for API Security in 2025
Discover why HMAC remains the foundation of secure API authentication in 2025. Learn how it protects APIs, prevents tampering, and ensures message integrity.
Generate & Verify HMAC Signatures in Python, Node.js, Go
Learn how to generate and verify HMAC signatures in Python, Node.js, and Go. Secure your API with practical examples, code snippets, and a free online HMAC generator.
OTP Bypass: How OTP Bots Beat SMS 2FA (+ Fixes)
See how OTP bot apps bypass SMS 2FA and ship fixes fast: adaptive CAPTCHA, entity rate limits, risk scoring, and Authgear fraud protection.
5 Common TOTP Mistakes Developers Make (and How to Fix Them in 2026)
TOTP codes not working in 2026? See the 5 most common mistakes developers make — clock drift, Base32 secrets, RFC 6238 mismatches, and weak verification logic — and how to fix each one with Python and JavaScript code examples.
What is TOTP? A short guide for developers (RFC 6238 explained)
What is TOTP (Time-based One-Time Password)? A concise RFC 6238 explanation for developers with code examples (Node, Python, Go), troubleshooting tips, and a free online TOTP tool.
The Complete Guide to Machine-to-Machine (M2M) Authentication — OAuth Client Credentials Flow
Learn how M2M tokens work, implement OAuth 2.0 Client Credentials, host JWKS, rotate keys, and secure service-to-service authentication with examples in curl, Node, Python, and Go.
What Is JWKS? JSON Web Key Set and JWKS URI Explained
Learn what JWKS is, how JWKS URI works, JWK format examples, and practical tips to generate and manage keys for secure token verification.
JWE vs JWT: Key Differences, Use Cases, and Security Tips
Learn the differences between JWE and JWT, when to use each, and how to secure your tokens. Includes free debugging and key generation tools.
JWT Authentication: A Secure & Scalable Solution for Modern Applications
Learn how JWT authentication works, its pros and cons, and when to use it for secure, scalable applications. Explore alternatives like OAuth, API keys, and SAML for authentication and access management.
What is Role-Based Access Control (RBAC)? Benefits, Comparisons, and Best Practices
Learn everything about role-based access control (RBAC), its benefits, pros and cons, key rules, and comparisons with ABAC and ACL. Discover how Authgear simplifies RBAC for secure and scalable access management.
PKCE in OAuth 2.0: How to Protect Your API from Attacks
Learn everything you need to know about PKCE, a security extension for OAuth 2.0 that helps protect your API from authorization code interception and other attacks. Discover how PKCE works, its benefits, and best practices for implementation.
How to Add Authentication to a React Native app in 10 Minutes
In this we teach how add a full user authentication feature to any React Native application under 10 minutes.
How Does Biometric Authentication Work? A Comprehensive Guide to the Future of Security
Discover how biometric authentication works, from fingerprints to facial recognition. Explore the technology, benefits, challenges, and its role in shaping the future of secure identity verification.
Password Hashing: How to Pick the Right Hashing Function
Almost all popular online services use some form of hash technique to store passwords securely. In this post we cover the different hashing functions, best practices and how to pick the best one for your application and organisation.
Add Social Login to Your Laravel Project Using any Provider
Social login allows users to log in to your website using their existing account on social sites like Facebook, Twitter (X), and Google. In this post, we show how to implement social login in a Laravel project using any social login provider.