Browser-Based OAuth Client: The architecture you shouldn't be using
Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...
June 3, 2026
Tags
architecture
Token-Mediating Backend: An alternative to the BFF architecture
This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026
Backend-for-Frontend: The most secure architecture for browser-based apps
On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026
Building A Self-hostable Product
In this article, you'll learn about the architecture, business model, and software design choices necessary to create a self-hostable developer tool.
August 21, 2025
FusionAuth Supports ARM Architecture; Makes Authorization Simple for Developers Building on ARM Architecture
FusionAuth, the authentication and authorization platform built for developers, today announced its support for ARM-based architecture. Since its inception,...
March 16, 2022
The Auth Bottleneck Pattern
One common pattern for modern organizations is to centralize user management with a bottleneck architecture. A solid user management system is provisioned and...
July 8, 2020
Multi-tenancy in a Single-tenant Architecture
While FusionAuth is fundamentally a single-tenant solution, we do support multiple tenants within a single-tenant instance. In this post I'll outline a few of...
September 24, 2018
Showing 1 to 7 of 7 results