Token-Mediating Backend: An alternative to the BFF architecture
This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026
Categories
Security
Backend-for-Frontend: The most secure architecture for browser-based apps
On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026
Is FusionAuth GDPR Compliant?
We started making FusionAuth compliant with the General Data Protection Regulation (GDPR) as soon as the regulation was adopted. Although to be honest, there...
October 14, 2024
SOC 2 - Inside The Matrix
FusionAuth has had our SOC2 Type 2 for a few years now. Yes, we took the red pill early and dove head first into what has mostly become a requirement in the...
September 20, 2023
What happens to the tokens after an OAuth Authorization Code grant?
At the end of the OAuth Authorization Code grant, after a user presents their credentials at login, a code is returned which can be exchanged for one or more...
January 19, 2023
FusionAuth Secures SOC 2 Type 2 Certification
FusionAuth, the authentication and authorization platform built for developers, today announced it has received its SOC 2 Type 2 certification. Achieving SOC 2...
April 21, 2022
FusionAuth achieves SOC2 Type II certification
The FusionAuth team is proud to announce that we have completed the rigorous audit process and have now earned SOC2 Type II certification for our entire...
April 14, 2022
Showing 1 to 7 of 18 results