Browser-Based OAuth Client: The architecture you shouldn't be using
Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...
June 3, 2026
Categories
Security
Token-Mediating Backend: An alternative to the BFF architecture
This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026
Backend-for-Frontend: The most secure architecture for browser-based apps
On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026
Is FusionAuth GDPR Compliant?
We started making FusionAuth compliant with the General Data Protection Regulation (GDPR) as soon as the regulation was adopted. Although to be honest, there...
October 14, 2024
SOC 2 - Inside The Matrix
FusionAuth has had our SOC2 Type 2 for a few years now. Yes, we took the red pill early and dove head first into what has mostly become a requirement in the...
September 20, 2023
What happens to the tokens after an OAuth Authorization Code grant?
At the end of the OAuth Authorization Code grant, after a user presents their credentials at login, a code is returned which can be exchanged for one or more...
January 19, 2023
FusionAuth Secures SOC 2 Type 2 Certification
FusionAuth, the authentication and authorization platform built for developers, today announced it has received its SOC 2 Type 2 certification. Achieving SOC 2...
April 21, 2022
Showing 1 to 7 of 19 results