Logto blog

Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.

Cover

Changelogs

  • release

Logto product updates

It’s time for a new Logto release! This month, we’re introducing new connectors for GatewayAPI, plus a variety of improvements and fixes.

Sijie
Sijie
Developer
Read more

Tech

  • authentication
  • authorization
  • oauth
  • openid-connect
  • oidc
  • application
  • api

Secure cloud-based applications with OAuth 2.0 and OpenID Connect

Read more

Tutorial

  • custom-ui
  • bring-your-own-ui
  • custom-sign-in
  • custom-auth-flow

Bring your own sign-in UI to Logto Cloud

Read more

All posts

  • Cover

    Tech

    • passwordless
    • one-time password
    • otp
    • time-based otp
    • hash-based otp

    How does one-time-password (OTP) work?

    In this article, we will introduced two different one-time password methods: email/phone + verification code and dynamic code.

    Read more
  • Cover

    Product

    • webhook
    • welcome email
    • Sync authorization

    Real use cases: Expanding your auth system with webhooks

    Discover real-world cases of using Logto webhooks for authentication and authorization, including sending welcome emails, syncing data to your database, updating user roles/permissions in real-time, and integrating with third-party analytics.

    Read more
  • Cover

    Product

    • 404-not-found
    • logto-unknown-session
    • authorization-code-flow

    Why you might see a 404 when signing in to your Logto-integrated app

    Have you ever encountered a "404 Not Found" error when you tried to sign in to a Logto-integrated app? This blog post explains why this happens and what you can do to avoid it.

    Read more
  • Cover

    Changelogs

    • release

    Logto product updates

    It’s time for a new Logto release! This month, we’re introducing new connectors for GatewayAPI, plus a variety of improvements and fixes.

    Read more
  • Cover

    Tech

    • authentication
    • authorization
    • oauth
    • openid-connect
    • oidc
    • application
    • api

    Secure cloud-based applications with OAuth 2.0 and OpenID Connect

    A complete guide for securing your cloud applications with OAuth 2.0 and OpenID Connect and how to offer a great user experience with authentication and authorization.

    Read more
  • Cover

    Tech

    • SSO SAML

    IdP-initiated SSO vs SP-initiated SSO

    Learn more about the differences between IdP-initiated SSO and SP-initiated SSO and why SP-initiated SSO is more secure.

    Read more
  • Cover

    Tech

    • csrf attack
    • web security
    • cross-site request forgery
    • cookie security
    • same-origin policy
    • csrf prevention
    • SameSite

    Understanding CSRF in depth

    Provides an in-depth exploration of Cross-Site Request Forgery (CSRF) attacks, explaining their mechanics, demonstrating examples, and detailing various prevention methods to enhance web application security.

    Read more
  • Cover

    Tech

    • XML
    • HTML
    • SAML
    • data transfer

    What is XML?

    XML is a versatile markup language for structuring and transferring data. It features customizable tags, hierarchical structure, and schema definitions. Unlike HTML, XML focuses on data representation rather than display. It's widely used in various applications, including SSO configurations like Logto's SAML implementation.

    Read more
  • Cover

    Product

    • enterprise sso
    • customer iam
    • workforce iam
    • single sign-in

    Enterprise SSO: What it is, how it works, and why it matters

    Explore the world of Enterprise Single Sign-On (SSO) and discover how it can benefit your business. This guide includes straightforward explanations, real-world examples, and practical tips.

    Read more
  • Cover

    Tutorial

    • embedded login
    • direct sign-in
    • first screen
    • sign-in experience
    • authentication parameters

    Embed login or registration forms securely on your site

    Use Logto authentication parameters to embed sign-up or sign-in forms or buttons directly anywhere on your website. Appropriately integrate authentication into your product context while maintaining robust security standards, leading to increased registration conversion rate.

    Read more
  • Cover

    Tutorial

    • rtl-language
    • rtl-friendly
    • arabic
    • arabic-language
    • right-to-left

    Supporting RTL language layout in your web application

    This blog post will guide you through the fundamental steps to implement RTL (Right-to-left) language support in your web application effectively.

    Read more
  • Cover

    Tutorial

    • https
    • tls
    • nginx
    • express
    • proxy

    Dealing with local HTTPS development

    Explore how to implement local HTTPS in your development workflow with tools like Mkcert and step-by-step guides for Express.js and Next.js.

    Read more
  • Cover

    Tech

    • oidc
    • oauth
    • authentication
    • authorization
    • jwt

    The complete guide to integrating an OIDC server into your project

    Learn the best practices of integrating an OIDC (OpenID Connect) server into your project and understand how components interact with each other on the stage.

    Read more
  • Cover

    Tutorial

    • sign-in experience
    • organization
    • app
    • customization

    How can I customize the sign-in experience for each app or organization?

    How to set up customized sign-in experiences for multi-app and multi-tenant businesses.

    Read more
  • Cover

    Tech

    • SAML
    • SSO
    • authentication

    SAML security cheat sheet

    A quick reference guide to the Security Assertion Markup Language (SAML) and its security features. Understand key terms, implementation tips, and best practices for securing SAML-based authentication and authorization in enterprise environments.

    Read more
  • Cover

    Tech

    • chatgpt
    • ai
    • prompt
    • i18n

    Long-context JSON translation with ChatGPT

    Learn how to use the latest ChatGPT model and JSON mode to translate a JSON object with long context and stream the output back to JSON.

    Read more
  • Cover

    Tech

    • oauth 2.0
    • token introspection
    • access token
    • refresh token
    • opaque token

    OAuth 2.0 token introspection

    This article explores OAuth 2.0 token introspection, a method that allows a protected resource to query the authorization server for token metadata, determining whether an access or refresh token is valid.

    Read more
  • Cover

    Tech

    • remove if-else
    • code optimization
    • clean code
    • interface-oriented programming
    • conditional logic

    3 powerful coding techniques to remove messy conditionals

    Introduces three powerful coding techniques to optimize and simplify complex conditional structures, improving code quality and maintainability.

    Read more
  • Cover

    Changelogs

    • release

    Logto product updates

    Time for a new Logto release! This month, we are bringing new features such as Arabic Language translation and full RTL support, personal access token (PAT), configurable first-screen, as well as various improvements and bug fixes.

    Read more
  • Cover

    Tutorial

    • github actions workflow
    • CI/CD
    • automated deployment
    • streamline-deployment
    • bring your own UI
    • custom sign-in UI
    • @logto/tunnel

    Automate your custom sign-in UI deployment with GitHub Actions workflow

    Let's show you how to automate the deployment of your custom sign-in UI to Logto Cloud in your devops pipeline with a GitHub Actions workflow.

    Read more