October 07, 2024
Celebrate Hacktoberfest with SuperTokens, learn how you can contribute to open source auth and get some goodies too!
October 07, 2024
Learn how to integrate supertokens-web-js SDK into your VueJS application.
September 15, 2024
Learn about different attack vectors and how to safeguard your web app against them with SuperTokens attack prevention suite
September 01, 2024
A step by step guide on how to integrate SuperTokens' pre built UI in a VueJS app
August 20, 2024
SAML is an authentication standard created to address the growing need of federated identity. In this blog we go over what SAML is and what makes it special.
August 19, 2024
This blog explains how to setup email password and social login with SuperTokens in Next.js.
August 16, 2024
Learn about the best approach and common misconceptions of storing sessions in cookies or browser storage
August 15, 2024
Learn how to maintain a JWT token blacklist / deny list using an in-memory data cache
August 05, 2024
Traditional login mechanisms are plagued by security vulnerabilities and are susceptible to attacks. Multi-factor authentication bolsters security and mitigates a number of these vulnerabilities and has now become an industry standard.
August 02, 2024
Explore JWT tokens: secure, compact credentials for modern web authentication. Learn how they work, their benefits, and best practices for implementing them in your applications.
July 20, 2024
Explore the key differences between OAuth and JWT in this comprehensive guide. Learn when to use each, their pros and cons, and how they can work together for robust authentication.
July 17, 2024
By self-hosting auth users gain finer control over their data.To shed some light on the matter, let’s compare several authentication providers which offer self-hosting functionality
July 15, 2024
Build an elegant login screen super fast using React and Bootstrap
July 13, 2024
What should happen on the backend when a user forgets their password? Read to find a pseudo code implementation of the simplest way to reset passwords securely.
July 11, 2024
An in depth review of Auth0 alternatives for 2023: Auth0 vs Okta vs Cognito vs SuperTokens
July 10, 2024
This tutorial wil guide you on how you can setup a bootstrap login template in Django
July 10, 2024
SAML and OAuth are protocols often used in the authentication but what are the differences between them and which one do you choose?
July 07, 2024
Learn about RBAC and advantages + disadvantages compared to ABAC.
July 06, 2024
Cross-Origin Resource Sharing (CORS) is a mechanism that supports secure requests and data transfers from outside origins (domain, scheme, or port).
July 05, 2024
Time based one-time passwords solve a number of issues that plague traditional authentication methods. In this blog we break down TOTP and why it's so useful.
July 02, 2024
An in depth guide covering Okta's pricing model
July 01, 2024
Poor app performance can reduce user engagement and will negatively affect SEO, here are tips to optimize your react app
June 28, 2024
An in depth guide covering Auth0's pricing model
June 27, 2024
Explore five top Frontegg alternatives for user access management, comparing features, pricing, and setup complexity to find the best fit for your needs. Discover the ideal UAM solution for your project.
June 26, 2024
An in depth guide covering Auth0's pricing model
June 25, 2024
A guide on password hashing and salting in different languages and why it's important to do so
June 22, 2024
In workforce identity and B2B flows, LDAP is main protocol used to interact with directory services that store user identity and device information. In this blog post we take a look at LDAP and how it works.
June 20, 2024
We explore the differences between SuperTokens and Auth0 including their key features, pros and cons, and practical workflows. Whether you need full control with SuperTokens' self-hosted, open-source approach or the convenience of Auth0's managed service, this guide will help you choose the right authentication solution for your project.
June 16, 2024
Explore the core differences between SuperTokens and Auth0 including their key features, pros and cons, and practical workflows. Whether you need full control with SuperTokens' self-hosted, open-source approach or the convenience of Auth0's managed service, this guide will help you choose the right authentication solution for your project.
June 12, 2024
Explore a high level comparison between two popular open-source authentication solutions, SuperTokens and Keycloak. This blog covers their key differences in architecture, configuration, UI, customizability, enterprise readiness, and more. Learn the advantages and disadvantages of each to determine which solution best fits your application's needs.
June 10, 2024
This blog explores alternatives to Auth0, a leading IAM platform, highlighting options like SuperTokens, Okta, Firebase Authentication, AWS Cognito, FusionAuth, and Keycloak. It discusses key considerations such as pricing, customization, scalability, and integration, helping you choose the best authentication solution for your needs.
June 06, 2024
This blog explores top Stytch alternatives for user access management, including SuperTokens, Auth0, and Firebase Authentication. We compare their features, flexibility, and pricing to help you choose the right solution. We also discuss open-source vs. proprietary systems and the benefits of building a custom security flow vs. using ready-made software.
June 04, 2024
In this blog, we evaluate Amazon Cognito and compare it with five leading alternatives: SuperTokens, Clerk, Auth0, Stytch, and Frontegg. We'll cover pricing, setup complexity, data migration, and security features. Additionally, we discuss the benefits of open-source authentication and the choice between customized and out-of-the-box solutions. This guide helps you find the best user management solution for your needs.
June 03, 2024
An in depth guide covering AWS Cognito's pricing model
June 01, 2024
Explore the differences between SuperTokens and Clerk to determine the best user access management solution for your project. Understand their core functionalities, key differences, and pricing to make an informed decision.
May 26, 2024
Discover how to leverage OpenID Connect (OIDC) tokens to enhance your application's security without compromising user experience.Learn how to balance robust security measures with seamless user interactions, and get practical tips for integrating OIDC tokens into your authentication flow.
May 24, 2024
In this blog we do a detailed technical overview of OAuth, explaining its evolution, various flows, and practical applications. It includes diagrams and real-world examples to enhance understanding.
May 17, 2024
Discover the ins and outs of OAuth grant types and learn how to implement secure, user-friendly authentication flows. This comprehensive guide covers the different OAuth grant types, their best use cases, and practical tips for customizing your authorization flow.
May 16, 2024
Explore OAuth tokens in web security, their types, benefits, and best practices. Learn to implement and customize OAuth flows for optimal security and user experience.
May 14, 2024
Through this blog we hope to show you what OAuth is, explain how it works, and give you a sense of how OAuth can help your application.
May 12, 2024
Social login is an authentication method that allows users to log in using their existing login information from social network providers saving the user the effort of creating a new account for the app or website and remembering an extra password.
May 09, 2024
Passwords are not enough. Modern methods of attack have made passwords vulnerable to be stolen, this is where methods of enhancing security like 2FA and MFA come in
May 07, 2024
A quick overview on how passwordless authentication can help streamline the login experience and increase user conversions
May 06, 2024
By minimizing the risk of credential theft, token based authentication grants users access to resources without the need to re-authenticate. In this blog we explore the balance between security and UX with Token Based Authentication
May 05, 2024
Discover the benefits and key features of Single Sign-On (SSO). Learn how SSO simplifies user experiences, enhances security, and meets enterprise needs. Explore popular SSO protocols like OAuth, SAML, and OpenID Connect, and compare top SSO providers
May 04, 2024
Learn how Single Sign-On (SSO) authentication simplifies user access to multiple applications with a single login, enhancing both security and user experience. Explore the benefits, protocols, and key differences between SSO and 2FA to optimize your authentication strategy.
May 01, 2024
In this article we explore TLS, it's vulnerabilities, and how to secure web communications against cyber threats
April 27, 2024
In this article we deep dive into the world of CSRF attacks, what they are and how to protect your application against them
April 18, 2024
Traditional authentication methods like email-password auth are the most at risk of being compromised during cyber attacks. However, overly complex authentication methods can frustrate users and hinder product adoption. In this blog we breakdown the pros and cons of adopting 2fa and mfa auth strategies
April 12, 2024
Although Password-based authentication is one of the most common authentication methods, they are the most at risk of being compromised during cyber attacks. In this blog we break down the types of authentication and how to choose the right type of authentication
April 10, 2024
Discover the power of passkey authentication: a secure, user-friendly alternative to traditional passwords. Learn how passkeys work, their benefits over passwordless methods, and best practices for implementation to enhance your application's security and user experience.
April 05, 2024
Discover the ins and outs of 502 Bad Gateway Errors. From understanding the causes to troubleshooting steps and preventive measures, navigate through server communication breakdowns seamlessly.
April 03, 2024
Authentication and Authorization are the cornerstone of most modern software, but, these concepts are often misunderstood. In this blog we try to demystify those concepts and the accepted standards embodying them, that is OpenID Connect and OAuth 2
March 20, 2024
Third Party Cookies have been synonymous with user tracking and privacy issues. In 2021 Google put forth a plan to retire third party cookies from chromium based browsers and put for the FedCM APIs. In this blog we will be discussing this change and what it means for traditional OAuth flows.
March 13, 2024
Over the years phishing attacks have become more sophisticated than ever. In this blog we break down how phishing attacks have evolved and how you can safeguard against them
March 07, 2024
One time passwords are a more secure method of authentication. They remedy a number of issues which plague traditional username-password based authentication. But with methods like TOTP and HOTP it can be confusing. In this blog we break down these methods with their benefits and downsides
February 23, 2024
Federated identity with OAuth is one of the most popular methods of implementing authentication. It lowers sign-up friction and is more secure than other auth methods like email-password based authentication.
February 20, 2024
Zero Trust is an IT security model that emphasizes identity verification for every person or device trying to access resources on a private network. In this blog we go over it's core principles and practical benefits.
February 16, 2024
Managing identities can be a pain, in the past administrators would have to manually add identifying information needed by applications about users. This process takes longer and has a high margin of error. SCIM streamlines the management of user groups and devices. In this blog we will explore how it works.
February 13, 2024
Most people are familiar with brute force attacks, where attackers attempt to guess passwords using characters at random paired with common password suggestions, but what is Credential Stuffing? In this we will go over this type of attack and how you can safeguard against it.
January 30, 2024
What is Captcha? Why is it needed? In this blog we will answer these questions and more
January 17, 2024
In this blog we delve into the workings of Local and Session storage breaking down the nuances that set them apart
December 11, 2023
Access control plays a key role in protecting our data as we progressively move into an online society. In this blog we will explore the different types of access control and how they safeguard against attackers.
December 01, 2023
Multi-tenant systems allow a single instance of a software application to serve multiple different tenants. This allows for a number of benefits that will be explored in this blog
October 01, 2023
Part 2 in a series of howe we were able to cut down our AWS infrastructure costs by more than 50%
September 28, 2023
Invite only flows can drive exclusivity and enhance user engagement. In this blog we will go over how you can customize SuperTokens authentication to create an invite only flow
September 19, 2023
Part 1 in a series of how we were able to cut down our AWS infrastructure costs by more than 50%
September 01, 2023
In this blog we will go over the http protocol error codes 401 and 403 and describe when is it appropriate to use each of them.
August 16, 2023
In this blog we break down the differences between URL, URI, and URN
August 12, 2023
What is the Business Source License and why did HashiCorp adopt it?
August 08, 2023
JWKS are an important part of the authentication process. In this article we go over what they are and how they are used
August 02, 2023
Authentication and Authorization represent two fundamentally different aspects of security that work together in order to protect sensitive information. In this blog, we will go over some of the key differences between the two.
July 12, 2023
User Migration can be a challenging process, in this article we go over some user migration scenarios and break down the lazy migration strategy
June 23, 2023
Learn how we built a Q&A bot that is an expert at SuperTokens powered by ChatGPT
June 08, 2023
Comparing the three leading open-source authentication providers - Ory, Keycloak and SuperTokens
April 17, 2023
We break down the OIDC and OAuth standards and explain the key differences between the two
April 17, 2023
A guide into single sign-on implementation and how to perform sso testing for authentication and login
March 16, 2023
A #buildinpublic piece on why we designed the SuperTokens homepage
February 24, 2023
Email verification can increase friction and adds another stop to onboarding, but when done correctly can lead to better security and establish better communication with users.
February 23, 2023
Passwordless is one of the most popular authentication methods
January 16, 2023
A guide on creating great authentication experiences with custom UI
January 11, 2023
A comparison of the pre-built UIs from current authentication providers and how to customize them
January 09, 2023
2022 had been an amazing year for SuperTokens, here are some of the top highlights
October 27, 2022
With user roles, you can now use SuperTokens to easily attach a different set of permissions to each user.
September 12, 2022
When building an app with Supabase you will have to choose an authentication solution. Here are some reasons why you should choose SuperTokens as you auth provider and why it pairs so well with Supabase
April 24, 2022
Learn how to connect a self-hosted SuperTokens core to a database with or without Docker
April 14, 2022
This tutorial wil guide you on how to add SuperTokens to a React and Express app deployed on Vercel
February 09, 2022
In this blog, we'll walk you through setting up an email-password authentication with popular social providers like Google, GitHub, and Apple using SuperTokens on a ReactJS application with ExpressJS as the backend.
January 26, 2022
This blog walks you through integrating your frontend with social login APIs provided by SuperTokens.
December 13, 2021
Any auth solution must provide the ability to customise their APIs. In this blog we discuss how to customise the auth APIs provided by SuperTokens using its “Override” feature
November 11, 2021
This blog covers an analysis of why redux state is immutable and how you should go about modifying state in your Redux applications
November 10, 2021
What is vendor lock-in? How does it affect your customers? What are the different ways you can minimize it? Read the blog to learn more.
March 05, 2021
Why did Okta spend $6.5B on Auth0? What does this mean for app developers? See reactions from customers and employees
December 10, 2020
Writing JSX to build pixel perfect UI elements can be very time consuming and frustrating. Learn how react engineers can inject complex elements / React components into a Webflow generated HTML page.
July 30, 2020
Session hijacking is one of the oldest, yet unsolved, attack vectors to gain unauthorised access to a user’s account. This discussion is regarding a method called "rotating refresh tokens" to better detect token theft.
June 11, 2020
This article will be comparing SuperTokens to Node’s most popular session management library– express-session. Learn more about the comparison based on different security and performance metrics.
May 06, 2020
Being Node’s most popular session management library, express-session has its set of flaws– especially when it comes to security. This article will help you analyse the good and bad parts of it.
April 24, 2020
A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol. This article will clarify when to use what solution.
March 18, 2020
JWTs were originally designed for use in OAuth. This article covers the pros and cons of using JWT and talks about a solution which has the advantages of JWTs without any of its disadvantages.
June 08, 2019
This blog covers an analysis of a new open source session flow that is secure and easy to integrate. Learn more about the customizable library and its implementation details.
June 07, 2019
This article covers extensive conversations with over 70+ developers exploring different session management practices, identifying issues and converging on a solution to these issues.