FusionAuth Blog

Get the latest updates on FusionAuth, identity and access management, security, general coding and major geekery here.

  • Setting Up Single Sign-on For NodeBB

    NodeBB is a modern well supported forum software package. It has many plugins and provides a great user experience. Unlike hosted forums, you can run this on your own domain, which has UX and SEO benefits.

    In this post, we’ll show you how to set up single sign-on (SSO) for your NodeBB forum.

    READ MORE
  • Securing an ASP.NET Core Razor Pages app with OAuth

    Previously, we used .NET Core to build a command line tool to add users to a FusionAuth user identity management system. In this tutorial, we’ll build out a web application with a protected page. We’ll use Razor Pages and have both login and logout happen against FusionAuth, using the Authorization Code grant.

    READ MORE
  • Creating a user in FusionAuth with a .NET Core CLI client

    In this post, we’ll build a command line client for FusionAuth with C# and the .NET Core libraries. We’ll set up FusionAuth and then add a user to an application from the command line interface (CLI) tool we’ve built.

    READ MORE
  • What's new in OAuth 2.1?

    Hey look! OAuth is getting spiffed up a bit. The original OAuth 2.0 specification was released in October 2012 as RFC 6749. It replaced OAuth 1.0, released in April 2010. There have been some extensions over the years. A new OAuth specification has been proposed and is currently under discussion. As of this blog post’s writing, the specification was most recently updated on March 8, 2020. If approved, OAuth 2.1 will obsolete certain parts of Oauth 2.0 and mandate additional security best practices. The rest of the OAuth 2.0 specification will be retained.

    READ MORE
  • How to securely implement OAuth in Angular

    In this post, we’ll walk through setting up an Angular app to securely authenticate with an OAuth2 server. We’ll use a proxy server between the Angular application and the OAuth server, in order to use the authorization code grant (rather than the insecure implicit grant).

    READ MORE