Posts tagged 'oidc'

  • Adding single sign-on to your Django web application using OIDC

    Single sign-on (SSO) is a session and user authentication technique that permits a user to use one set of login credentials to authenticate with multiple apps. SSO works by establishing trust between a service provider, usually your application, and an identity provider, like FusionAuth.

    READ MORE
  • OIDC vs SAML: What's the Difference?

    It’s essential for digital platforms to keep their data and resources secure, which is why authentication protocols are so necessary. Authentication protocols are sets of rules used to determine the identity of an entity (such as an end user, application, or device) before granting access. This differs from authorization in that authentication is concerned with identity, while authorization is concerned with permissions. Although authentication is followed by authorization, the reverse is not typically true.

    READ MORE
  • Adding sign in to your Spring web application using OIDC

    In this tutorial, we’ll build a basic Java and Spring web application that does user registration and authentication. You’ll use FusionAuth to provide this functionality.

    READ MORE
  • Why is there no authentication in OAuth?

    OAuth, a standard for securely delegating authorization information, and OIDC, a profile written on top of it to securely transmit user profile data, both rely heavily on authentication of the user (also known as the ‘resource owner’) at the authorization server. The authorization server issues tokens only after the user has been authenticated to its satisfaction.

    However, there is next to no guidance about how to actually authenticate the user. Should I use a username and password? A magic link? Delegate to a third party? Require a TOTP code?

    This question came up in a discussion amongst the FusionAuth team and I thought it was worth digging into a bit more.

    Why exactly is ‘authentication’ undefined in OAuth/OIDC?

    READ MORE
  • Recon InfoSec switched to FusionAuth from AWS Cognito

    Whitney Champion is a FusionAuth community member and lead architect at Recon InfoSec, a managed security services provider. She chatted with us over email about how she and her team are using FusionAuth to meet their auth needs.

    READ MORE