Token-Mediating Backend: An alternative to the BFF architecture
This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026
Tags
security
Backend-for-Frontend: The most secure architecture for browser-based apps
On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026
Stop Registration Spam With Identity Pre-Verification
In our previous post, Announcing FusionAuth 1.59.0 - The Identity Ibex, we explored the shift towards separate Email and Phone Identities. This was a...
March 6, 2026
Backend For Frontend Authentication in FusionAuth
This article discusses the dangers of storing OAuth tokens in the browser or on a client-side device – a common pattern in serverless architectures like...
June 30, 2025
To Mock Or Not To Mock Your Auth: The Checklist
If you're outsourcing your authentication, you'll find that most vendors only allow you to test with mocks. Is that really good enough? Shouldn't you be able...
June 3, 2025
Is FusionAuth GDPR Compliant?
We started making FusionAuth compliant with the General Data Protection Regulation (GDPR) as soon as the regulation was adopted. Although to be honest, there...
October 14, 2024
A Quick Explanation of Multi-Factor Authentication (MFA)
Picture a timeline where the starting point is the very first person entering a username and password combination. As the line moves on, you see how the world...
March 1, 2024
Showing 1 to 7 of 22 results