What is OpenIddict: the .NET framework developers choose for OAuth 2.0 and OpenID Connect
I've been writing a short series on OpenIddict basics while preparing IdentitySuite's v3.0 release — here's part 1. The .NET framework developers choo…
Tech news from the best sources
I've been writing a short series on OpenIddict basics while preparing IdentitySuite's v3.0 release — here's part 1. The .NET framework developers choo…
If you work in a company using AI and MCPs, you put an MCP server on the network. You realize you need auth. The easy path is an API key, you go and g…
OAuth recovery emails look harmless until you test them the lazy way. A team sends password reset links or recovery codes into one shared mailbox, con…
Table of contents What is OAUTH A trip to OAUTH1.0Ville What is OAUTH2.0 Examples of OAUTH Technology OIDC Hands-on Implementation with Microsoft Entr…
Intro It is possible to skip the burden of password management, security, encryption and password rotations. When using OAuth 2.0 with OIDC (OpenID Co…
Summary: I had a rough time adding Google login to my app, Kenning. It took me a while to figure out four issues that were causing problems. These iss…
You forwarded the phishing email to the security channel about ninety seconds too late. The laptop is already cooperating with someone else. Your pers…
Here is a setup that is going to be normal soon, if it isn't already. Alice logs into her company's tools through their identity provider. She points …
Security is the cornerstone of any modern web application, but historically, implementing robust authentication and authorization mechanisms has been …
A practical guide to auditing authentication in a Next.js SaaS starter before it breaks across preview URLs, production domains, and protected routes.…
Most Android authentication tutorials stop at “getting the token”. But in real production systems (especially fintech apps), that’s just the beginning…
Every email project starts with a lie: "I'll just test it with SMTP real quick." That was my plan while working on EpicMail . I wanted a boring, repea…
Passwords are a Technical Liability When building a B2B SaaS platform at Smart Tech Devs, the default instinct is to scaffold standard email and passw…
How to set up refresh-token-only OAuth for a multi-tenant Apify Actor (Gmail, 10 minutes) If you're shipping an Apify Actor that calls a per-user Goog…
On May 26, 2026, the OAuth token exchange endpoint for Supabase's Management API — https://api.supabase.com/v1/oauth/token — will stop returning 201 C…
LinkedIn finally moved Sign In to OpenID Connect a while back. Most of the tutorials still floating around the internet show the legacy v1 OAuth dance…
If you received Salesforce’s mandatory security email in late April 2026 and immediately started questioning which of the four OAuth controls actually…
The rapid adoption of AI productivity tools is exposing a dangerous blind spot in enterprise security architecture. Organizations invest heavily in fi…
The problem: too many clients, too few discovery hooks We expose Supabase Edge Functions as MCP (Model Context Protocol) servers. The clients that hit…