Posts By

Kim Maida

Browser-Based OAuth Client: The architecture you shouldn't be using

Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...

June 3, 2026

Token-Mediating Backend: An alternative to the BFF architecture

This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...

May 7, 2026

Backend-for-Frontend: The most secure architecture for browser-based apps

On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...

Kim Maida

April 22, 2026

Showing 1 to 3 of 3 results

Subscribe to The FusionAuth Newsletter

Get updates on techniques, technical guides, and the latest product innovations coming from FusionAuth.