Logto blog
Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.
Changelogs
- release
Logto product updates
It’s time for a new Logto release! This month, we’re introducing new connectors for GatewayAPI, plus a variety of improvements and fixes.
All posts
- Read more
Tech
- cookie
- nextjs
- serverless
How to fix cookie size exceeded error by splitting cookies
A solution for cookie size exceeded error: split the cookie into multiple smaller cookies and reconstruct them on the server side. This solution works especially well for serverless platforms without requiring additional infrastructure.
- Read more
Tutorial
- authentication
- tutorial
- sign up
- webhook
How to set up invitation-only sign-up in Logto
Invitation-only sign-up is a common use case. It enhances exclusivity and security while potentially boosting engagement and retention for early-stage products.
- Read more
Tech
- OIDC
- SSO
- authentication
OIDC session management
This article explains how OIDC sessions and user authentication status are managed in the context of interactions between the IdP and SP.
- Read more
Tech
- passwordless
- one-time password
- otp
- time-based otp
- hash-based otp
How does one-time-password (OTP) work?
In this article, we will introduced two different one-time password methods: email/phone + verification code and dynamic code.
- Read more
Product
- webhook
- welcome email
- Sync authorization
Real use cases: Expanding your auth system with webhooks
Discover real-world cases of using Logto webhooks for authentication and authorization, including sending welcome emails, syncing data to your database, updating user roles/permissions in real-time, and integrating with third-party analytics.
- Read more
Product
- 404-not-found
- logto-unknown-session
- authorization-code-flow
Why you might see a 404 when signing in to your Logto-integrated app
Have you ever encountered a "404 Not Found" error when you tried to sign in to a Logto-integrated app? This blog post explains why this happens and what you can do to avoid it.
- Read more
Changelogs
- release
Logto product updates
It’s time for a new Logto release! This month, we’re introducing new connectors for GatewayAPI, plus a variety of improvements and fixes.
- Read more
Tech
- authentication
- authorization
- oauth
- openid-connect
- oidc
- application
- api
Secure cloud-based applications with OAuth 2.0 and OpenID Connect
A complete guide for securing your cloud applications with OAuth 2.0 and OpenID Connect and how to offer a great user experience with authentication and authorization.
- Read more
Tech
- SSO SAML
IdP-initiated SSO vs SP-initiated SSO
Learn more about the differences between IdP-initiated SSO and SP-initiated SSO and why SP-initiated SSO is more secure.
- Read more
Tech
- csrf attack
- web security
- cross-site request forgery
- cookie security
- same-origin policy
- csrf prevention
- SameSite
Understanding CSRF in depth
Provides an in-depth exploration of Cross-Site Request Forgery (CSRF) attacks, explaining their mechanics, demonstrating examples, and detailing various prevention methods to enhance web application security.
- Read more
Tech
- XML
- HTML
- SAML
- data transfer
What is XML?
XML is a versatile markup language for structuring and transferring data. It features customizable tags, hierarchical structure, and schema definitions. Unlike HTML, XML focuses on data representation rather than display. It's widely used in various applications, including SSO configurations like Logto's SAML implementation.
- Read more
Product
- enterprise sso
- customer iam
- workforce iam
- single sign-in
Enterprise SSO: What it is, how it works, and why it matters
Explore the world of Enterprise Single Sign-On (SSO) and discover how it can benefit your business. This guide includes straightforward explanations, real-world examples, and practical tips.
- Read more
Tutorial
- embedded login
- direct sign-in
- first screen
- sign-in experience
- authentication parameters
Embed login or registration forms securely on your site
Use Logto authentication parameters to embed sign-up or sign-in forms or buttons directly anywhere on your website. Appropriately integrate authentication into your product context while maintaining robust security standards, leading to increased registration conversion rate.
- Read more
Tutorial
- rtl-language
- rtl-friendly
- arabic
- arabic-language
- right-to-left
Supporting RTL language layout in your web application
This blog post will guide you through the fundamental steps to implement RTL (Right-to-left) language support in your web application effectively.
- Read more
Tutorial
- https
- tls
- nginx
- express
- proxy
Dealing with local HTTPS development
Explore how to implement local HTTPS in your development workflow with tools like Mkcert and step-by-step guides for Express.js and Next.js.
- Read more
Tech
- SAML
- SSO
- authentication
SAML security cheat sheet
A quick reference guide to the Security Assertion Markup Language (SAML) and its security features. Understand key terms, implementation tips, and best practices for securing SAML-based authentication and authorization in enterprise environments.
- Read more
Tutorial
- sign-in experience
- organization
- app
- customization
How can I customize the sign-in experience for each app or organization?
How to set up customized sign-in experiences for multi-app and multi-tenant businesses.
- Read more
Tech
- oidc
- oauth
- authentication
- authorization
- jwt
The complete guide to integrating an OIDC server into your project
Learn the best practices of integrating an OIDC (OpenID Connect) server into your project and understand how components interact with each other on the stage.
- Read more
Tech
- oauth 2.0
- token introspection
- access token
- refresh token
- opaque token
OAuth 2.0 token introspection
This article explores OAuth 2.0 token introspection, a method that allows a protected resource to query the authorization server for token metadata, determining whether an access or refresh token is valid.
- Read more
Tech
- chatgpt
- ai
- prompt
- i18n
Long-context JSON translation with ChatGPT
Learn how to use the latest ChatGPT model and JSON mode to translate a JSON object with long context and stream the output back to JSON.