FusionAuth Blog

Get the latest updates on FusionAuth, identity and access management, security, general coding and major geekery here.

  • Critical infrastructure and latency in gaming

    While esports competitions are high skill cap events, both hobby gamers and elite professionals alike expect optimal network conditions when they play games. A suboptimal network can turn an enjoyable event into an infuriating one that drives players away.

    READ MORE
  • FusionAuth Remix demo

    Remix is the new hotness in web development! It is an attempt to solve some of the performance issues of React by cleverly splitting up server-side code (called Loaders and Actions) from the functionality that absolutely must be shipped to the client, such as JavaScript and CSS for transitions. It also offers benefits in accessibility through a commitment to using web standards and progressive enhancement. Remix allows for almost all parts of the stack to be easily swapped out, e.g. you can choose from several different datastores that are pre-packaged with Remix for your convenience.

    However, new users should be aware that the authentication functionality currently shipped with the basic Remix package does not conform to current best practices.

    READ MORE
  • ClearSpend chose FusionAuth because of self-hosting and clear APIs

    Stephen Saucier is a FusionAuth community member and Head of UX Development at ClearSpend. He chatted with us over email about how he and his team are using FusionAuth to meet their auth needs.

    READ MORE
  • What is SCIM?

    SCIM is a specification to add and remove users and groups using a standard protocol.

    READ MORE
  • Why is there no authentication in OAuth?

    OAuth, a standard for securely delegating authorization information, and OIDC, a profile written on top of it to securely transmit user profile data, both rely heavily on authentication of the user (also known as the ‘resource owner’) at the authorization server. The authorization server issues tokens only after the user has been authenticated to its satisfaction.

    However, there is next to no guidance about how to actually authenticate the user. Should I use a username and password? A magic link? Delegate to a third party? Require a TOTP code?

    This question came up in a discussion amongst the FusionAuth team and I thought it was worth digging into a bit more.

    Why exactly is ‘authentication’ undefined in OAuth/OIDC?

    READ MORE