FusionAuth Blog

Get the latest updates on FusionAuth, identity and access management, security, general coding and major geekery here.

  • Why is there no authentication in OAuth?

    OAuth, a standard for securely delegating authorization information, and OIDC, a profile written on top of it to securely transmit user profile data, both rely heavily on authentication of the user (also known as the ‘resource owner’) at the authorization server. The authorization server issues tokens only after the user has been authenticated to its satisfaction.

    However, there is next to no guidance about how to actually authenticate the user. Should I use a username and password? A magic link? Delegate to a third party? Require a TOTP code?

    This question came up in a discussion amongst the FusionAuth team and I thought it was worth digging into a bit more.

    Why exactly is ‘authentication’ undefined in OAuth/OIDC?

    READ MORE
  • ZanoCloud helps companies make the most of the cloud with FusionAuth

    Dmitry Zanozin is a FusionAuth community member and Founder and CEO at ZanoCloud. He chatted with us over email about how he and his team are using FusionAuth to meet their auth needs.

    READ MORE
  • Why secure gamer's user accounts?

    As the industry continues to grow, gaming is becoming a way for users to make money in addition to being a form of entertainment.

    Gamers need to be able to track and save their progress to qualify for prize money, esports league salaries, or sponsorships, as well as add to their streaming content or videos on demand. Their unique user accounts are vital to their success.

    READ MORE
  • How to migrate your user data from Google Firebase

    Firebase is a serverless offering from Google which includes customer identity and access management (CIAM) as well as other typical functionality needed for an application. As such, it offers authentication and authorization, a database, metrics and more.

    At FusionAuth, we talk to potential customers who are interested in migrating away from Firebase because of limitations, typically of standards or data control.

    READ MORE
  • We'll see you at Gluecon

    Gluecon is a developer focused conference in the Denver metro area. I’ve been to this conference many times; I always learn something, meet interesting new people, and have great conversations. It’s happening this week in Broomfield Colorado.

    This year, FusionAuth is sponsoring it.

    READ MORE