Developer Blog & Articles
Impersonating users by abusing broken “Sign in with” implementations
Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.
Approaching Access Control on the Web: HTTP Authentication
This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.
Zero Trust API Access Control on Kubernetes
Control access to your APIs with cloud native ORY Oathkeeper and the Ambassador Reverse Proxy on Kubernetes.
Mobile and native app authorization with OAuth 2.0
Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.
Run your own OAuth 2.0 Server
In this guide, you will set up a hardened, fully functional OAuth 2.0 (OAuth2) server. It will take you about ~15 minutes. We will use ORY Hydra (open source), a security-first OAuth2 and OpenID Connect server written in Golang.
Accurate code coverage in Go
This article introduces you to the problem of reporting accurate code coverage using the Go programming language, and offers a solution that runs on any Operating System.