Blog Posts

If you follow us on Twitter (if you don’t, you can fix that now) you’ll see that we post about data security breaches hitting the internet community. We don’t do it to be malicious or gloat about their failures, but to increase awareness beyond the core community of security professionals. We deal with security every day so we know that keeping data secure is a complex challenge. Few people are well-versed in its many facets and subtleties, and it can be difficult to stay informed of the current trends and risks. We hear all the time “See? You can’t stop cyber breaches.” Fortunately, that’s a load of crap.

So you are building an application and you need login and authentication for your users. No problem! Just build a form so the user can submit a username and password and you are good to go, right? We all wish it was this simple. The fact is, there are many different application types and as many different types of authentication methods. Which is best?

When we built out our social login support in FusionAuth we were forced to navigate the harrowing path to signing our OAuth v1 requests to Twitter.

If you’ve ever done this in Java, you may know there isn’t a great option off the shelf to make this easy, or if there is I was unable to find it. Since we had to do some heavy lifting, we decided to share our work with the Java community.

TL;DR See source code on Gist.

Logging in without a password? In what fantasy land can that be secure?!? The fact is it can be much more secure than traditional passwords, and is now supported in our newest release. FusionAuth 1.5 is now available for direct download, FastPath one-line install, Homebrew or Docker. It includes new features, a few changes, and minor fixes for issues discovered by QA testers and our growing community of users. Get the brief overview below, and visit our release notes for the full details.

If your inbox looks anything like mine, you’ve seen hundreds of messages from companies updating their privacy policies and terms of service. This is mainly due to the European Union’s General Data Protection Regulation or GDPR, which went into effect on May 25, 2018. The GDPR grants a set of “digital rights” to EU citizens, including a “right to erasure.” Basically, this means a user can request that their data be deleted, and there can be substantial fines if a company is not able to honor these requests.

In this post, we’ll show how to set up webhooks in FusionAuth to delete all of a user’s data when they delete their account. In FusionAuth, webhooks are used to subscribe or listen to events in the system, so we’ll create a webhook that listens to the user.delete event.