Logto Blog
Logto is an Auth0 alternative for building modern customer identity infrastructure with minimal effort, for both your customers and their organizations.

PRODUCT
What sets Logto apart from Auth0 and our perspective on it
Our customers often ask us what makes us different from Auth0. In this article, we'll explain the key details and share some strong opinions about what sets our product apart from Auth0 and other alternatives.
July 25, 202314 min read
All Blogs
- TUTORIAL
A general guideline to migrate your existing user database to Logto
This article introduces how to utilize existing tools to migrate previous user data to Logto, in the situation where Logto has not yet provided data migration services.September 19, 20239 min read - TUTORIAL
Exploring OIDC grants: understanding and troubleshooting the "invalid_grant" error
Learn the essentials of OpenID Connect (OIDC) grants, and how to troubleshoot the "invalid_grant" error.September 19, 20237 min read - TUTORIAL
Protect your Express.js API with JWT and Logto
Learn how to protect your Express.js API endpoints with JSON Web Tokens (JWT) and Logto.September 18, 20236 min read - PRODUCT
Design your password policy
Gain insights into crafting product password policies that are compliant, secure, and user-friendly, with Logto ensuring the security of your authentication process.September 12, 20237 min read - TUTORIAL
Migrating from Node.js crypto to Web Crypto API: A guided experience
Deep into the transition experience of crypto to Web Crypto API, providing a comprehensive guide focusing on 3 commonly scenarios.September 11, 20235 min read - TECHNOLOGY
Why JWT in most OAuth 2.0 services
This article explains why JWT is widely adopted as the format for access tokens in OAuth 2.0, highlighting its benefits and limitations.September 11, 20238 min read - PRODUCT
What is developer experience? (vol. 1)
As creators of developer tools, we frequently discuss the notion of "developer experience." This term is akin to "user experience" but can appear hazy and abstract. So, what precisely does it entail?September 05, 20235 min read - TUTORIAL
Build ASP.NET Core authentication with Logto
Learn how to build a user authentication flow with ASP.NET Core by integrating Logto SDK.September 03, 20236 min read - TUTORIAL
Integrating Azure AD with Logto
Learn how to integrate Azure AD SSO with Logto using standard SAML connector.September 02, 20235 min read - TEAM
Learn Python in a weekend: From zero to a complete project
How can we quickly learn a new programming language? In this article, we'll share our weekend experience of learning Python by building a complete project.August 28, 202312 min read - PRODUCT
Understanding refresh token rotation
Dive in and let's talk about why refresh token rotation is an effective way to protect the safety of your refresh tokens.August 27, 20234 min read - TECHNOLOGY
How are your passwords cracked? How to improve password security?
In this article, we have presented several classic methods for cracking passwords, along with the underlying principles behind these approaches. Addressing these concepts, we have provided practices from both the perspective of password custodians and account owners on how to enhance the security of passwords.August 25, 20238 min read - PRODUCT
Exploring MFA: Looking at authentication from a product perspective
Deconstructing Multi-Factor Authentication (MFA) through an analysis of its core components, user processes, and essential guiding principles.August 22, 20236 min read - TUTORIAL
Implementing stateless session for Next.js using Server Actions
Using Next.js new feature Server Actions to implement cookie-based stateless session, and experiencing the benifits of Server Actions.August 21, 20236 min read - TEAM
Product thinking in startups
How to determine whether it's necessary to develop a new feature.August 16, 202311 min read - PRODUCT
Understanding refresh tokens, access tokens, and ID tokens in OIDC protocol
The OpenID Connect (OIDC) Protocol, has emerged as a widely adopted standard for identity management. But do you really understand the roles and attributes of these tokens?August 10, 20238 min read - PRODUCT
Do you really need multiple tenants to manage your identity system?
The concept of 'tenant' is relatively unfamiliar to most users, but it is especially important for building identity models. In this article, we will go through examples to help everyone understand what kind of identity model suits their business.August 09, 20237 min read - TUTORIAL
Implement a simple client-side OIDC SDK
Logto offers a variety of SDKs for different platforms. Apart from our official SDKs, we encourage developers from the community to create their own user-friendly SDKs. This article will guide you on building a basic client-side SDK for OIDC.August 01, 202316 min read - PRODUCT
Maximize verification email delivery to guarantee user access
Explore email types and factors affecting delivery in auth scenarios. Easily integrate popular email delivery service with sign-in experience, or choose the free email delivery solution without any configuration provided by Logto.August 01, 20235 min read - TECHNOLOGY
Efficiently tracking DAU and MAU in high-traffic sites
Tracking DAU and MAU in high-traffic sites is a challenging task. This article describes how we solved this problem at Logto.July 31, 20235 min read - TUTORIAL
Build CapacitorJS authentication with Logto
In this tutorial, we will demonstrate how to build the authentication flow with Logto in Capacitor. This will enable you to create cross-platform sign-in and sign-up flows with ease.July 31, 20235 min read - TECHNOLOGY
How PKCE protects the authorization code flow for native apps
This article explains how PKCE protects the authorization code flow for native apps, using unique code verifiers and code challenges to prevent potential attacks.July 28, 20235 min read - PRODUCT
What sets Logto apart from Auth0 and our perspective on it
Our customers often ask us what makes us different from Auth0. In this article, we'll explain the key details and share some strong opinions about what sets our product apart from Auth0 and other alternatives.July 25, 202314 min read - PRODUCT
Logto Cloud launch letter for preview users
As we gear up for the official launch, I want to assure you of a smooth transition. Your experience with Logto Cloud will be seamless, and here are some things you can expect.July 24, 20233 min read - PRODUCT
Trust and security at Logto
At Logto, we prioritize the utmost security measures to protect your data and ensure your trust in our services.July 18, 20234 min read - PRODUCT
What prevents your app from allowing simultaneous sign-in on multiple devices
With the arrival of the era of multi-device collaboration, does your app support collaboration across devices? If not, what problems are you facing? In this article, we will explore how an app can take the first step to adapt to cross-device collaboration by allowing signing in to multiple devices.July 18, 20238 min read - TECHNOLOGY
The evolution of password hashing
You may heard of advices for choosing password hashing algorithms, but did you think why they are recommended? In this article, we will explore the evolution of password hashing algorithms and the reasons behind them.July 16, 20239 min read - TECHNOLOGY
How we support an array of diverse connectors
The story of how we support an array of diverse connectors with both good user experience and development experience. With the help of config driven development, we made a low-code connectors platform.July 12, 20236 min read - PRODUCT
From code to canvas: Logto makes sign-in experience design open-source
We have published the sign-in experience Figma resources to public, including comprehensive authentication flow designs and versatile styles and components.July 11, 20236 min read - TEAM
Embrace remote work: Four tips from my Logto journey
This article provides four tips for remote work from the real experience as a full-time employee of Logto.July 11, 20236 min read - PRODUCT
Logto unveiled a new pricing model to tackle startup hurdles behind the scenes
Our pricing model is not just about revenue generation. We’re eager to share how we’ve designed it to address the unseen challenges startups face.July 04, 202312 min read - TEAM
Nurturing our community management
As a developer-centric product, we greatly value the feedback and contributions from our community, constantly striving to establish a healthy and self-sustainable environment. Discover our ongoing community management journey in the post.July 03, 20239 min read - TEAM
Why it’s so hard: Things learned from a bad customer support experience
A recent experience with a company worth billions of dollars showed a negative example of how even a common and fundamental user requirement can be mishandled.July 01, 20237 min read - TECHNOLOGY
The essential security checklist for user identity
Building user identity is a critical component of any application. Validating usernames and passwords may seem like the simplest approach, but there are many other aspects to consider.July 01, 20237 min read - CHANGELOG
Logto 2023 July update
Discover the latest improvements from Logto for tiered pricing, custom domains, and more.July 01, 20233 min read - PRODUCT
Tackle social login experience: Unlocking the power of convenience
Increase conversions, enhance data quality, and improve user retention with social login (social sign-in)! This article explores its benefits and offers user-friendly design tips with comparative case studies.June 25, 20235 min read - TECHNOLOGY
React Router's lazy type handling and overcoming the impact with type-safe solutions
React Router is a popular library for managing routing in React applications. However, a recent change has displayed a level of arbitrariness and laziness that may negatively impact developers who seek robust type checking.June 19, 20237 min read - TUTORIAL
Implement ChatGPT plugins user authorization with Logto
In this article, we will demonstrate how to use OAuth `scope` for authorization in ChatGPT plugins.June 18, 20235 min read - TECHNOLOGY
A brief OAuth security recap
When it comes to OAuth, it is crucial to prioritize security and fraud protection. One can never be too careful in safeguarding sensitive information. How well-versed are you in the protective measures employed by OAuth? Does your system adhere to the open standard of OAuth? Are you mindful of the potential risks that may arise during the implementation of the user authentication flow? Let's briefly recap what we have learned about OAuth.June 15, 202315 min read - TECHNOLOGY
Efficient internationalization with ChatGPT
This article shares the experience of using the ChatGPT API to efficiently support internationalization (i18n) of products, providing tips on integrating the API, improving translation results, and optimizing instructions for better outcomes.June 14, 202310 min read - TECHNOLOGY
Our experience adding Edge Runtime to Next.js SDK
Edge Runtime has become a buzzword in the technology landscape, Vercel and its Next.js framework have recently added support for it. Logto's Next.js SDK is now supporting Edge Runtime as well. In this article, we're going to share our adventure, looking at the hurdles we faced, how we overcame them, and the cool stuff we learned along the way.June 14, 20235 min read - PRODUCT
Logto pricing model
Logto offers a pay-as-you-go and usage-based pricing model with a transparent measurement of Monthly Active Users (MAU).June 13, 20236 min read - CHANGELOG
Logto 2023 May update
Logto product updates for May 2023May 30, 20232 min read - TECHNOLOGY
Password isn’t dying
Last year, there were news articles circulating on the internet claiming that big tech companies were joining forces to eliminate passwords. Some startups even declared that passwords were obsolete and outdated.May 28, 20236 min read - TUTORIAL
Streamline OAuth and OIDC Authentication with Logto
Our community has expressed interest in using Logto as an Identity Provider for certain products, such as Outline or ChatGPT plugins. In theory, Logto can serve as an OAuth or OIDC (OpenID Connect) provider as long as the product you want to integrate supports either of these protocols.May 27, 20236 min read - TECHNOLOGY
Authentication: The differentiator for ChatGPT plugins
ChatGPT plugins are now available to all Plus members. Although still in beta, these plugins hold great potential for AI-powered apps, as they seamlessly integrate with your business directly within the chat interface.May 24, 20233 min read - TUTORIAL
Implement ChatGPT plugins user authentication with Logto
In this article, we will demonstrate how to use Logto as an OAuth identity provider for ChatGPT plugins.May 24, 20235 min read - TUTORIAL
Simplify Outline authentication with Logto
In this article, we will demonstrate how to use Logto as an OpenID Connect (OIDC) identity provider for Outline.May 23, 20234 min read - TECHNOLOGY
Our Journey Migrating Logto SDK Sample to Next.js 13 App Router
This article details the process of migrating Logto's Next.js SDK sample project to the new Next.js 13 App Router, covering the steps of creating new pages and layouts, transitioning API routes, and utilizing server and client components.May 22, 20234 min read - PRODUCT
Why you need a centralized identity system for a multi-app business
This article is here to help you develop a secure and scalable identity system for your multi-app business. We will cover best practices, key factors to consider, and provide quick-start guides to get you started on the right track.May 06, 20236 min read - CHANGELOG
Logto 2023 April update
Logto product updates for April 2023April 30, 20232 min read - TECHNOLOGY
Mastering RBAC in Logto: A Comprehensive Real-World Example
This article offers a comprehensive guide on mastering Role-Based Access Control (RBAC) in Logto, using a real-world example of an online bookstore to explore key user roles, scopes, and integrating Logto's RBAC features in frontend and backend applications for enhanced security and access control.April 28, 202311 min read - PRODUCT
After trying a product’s sign-up process again, my friend decided to quit
In this article, we demonstrate how Logto can mitigate certain frustrating user sign-in/up scenarios by presenting a real-life use case of Thomas, who had trouble signing in to the W app.April 26, 20238 min read - CHANGELOG
Logto 2023 March update
Logto product updates for March 2023March 27, 20234 min read - PRODUCT
Announcing Logto Cloud (Preview) and OSS General Availability
Logto Cloud (Preview) has launched on Product Hunt. Come and support us!March 20, 20234 min read - CHANGELOG
Logto 2023 February update (extended)
Logto product updates for February 2023 (extended)February 26, 20236 min read - PRODUCT
Do you need to build your own auth for apps?
I’ve seen a lot of developers asking questions like “Should I build my own auth for my app?”. While the answer cannot be a simple "Yes" or "No", I’d like to write an article to breakdown the implementation and demonstrate the pros and cons to help you decide.February 16, 20237 min read - TECHNOLOGY
CIAM 102: Authorization & Role-based Access Control
Organization and Tenant are great for grouping Identities, but they lead to an absolute democracy: everyone can do anything in this system. While utopia is still a mystery, let’s take a look at the governance of access: Authorization (AuthZ).February 05, 20236 min read - CHANGELOG
Logto 2023 February update
Logto product updates for February 2023February 02, 20233 min read - CHANGELOG
Logto 2023 January update
Logto product updates for January 2023January 01, 20234 min read - PRODUCT
The design considerations for a seamless sign-in experience (Second Chapter)
In the previous piece, we discussed the development of the Sign-in Experience, and what makes a positive end-user encounter, and we ended on some thought-provoking topics. In this article, we'll answer these questions and show you how the Logto Admin Console can help.December 05, 20227 min read - TECHNOLOGY
CIAM 101: Authentication, Identity, SSO
Logto started with the CIAM for various reasons (we’ll have another article talking about this). During development, we realized that building a unified understanding across the team would be beneficial before taking our product to the next level. We hope this will also help you gain a better grasp of the IAM landscape.November 28, 202213 min read - PRODUCT
The design considerations for a seamless sign-in experience (First Chapter)
In this article, we'll go over the history of Sign-in Experience, including its conception, design decisions, and product tradeoffs. You will also gain a better grasp of how to construct a successful and frictionless sign-in or sign-up experience.November 15, 202215 min read - TECHNOLOGY
Logto x Hasura: How to use open-source auth + GraphQL solution to boost your project
In this article, we’ll focus on connecting Logto and Hasura, which enables you to implement authentication, authorization, and GraphQL APIs without friction. Thus you can quickly jump into your business without rocket-science learning.August 20, 20225 min read - TECHNOLOGY
TypeScript all-in-one: Monorepo with its pains and gains
In this article, I won’t compare monorepo and polyrepo since it’s all about philosophy. Instead, I’ll focus on the building and evolving experience and assume you are familiar with the JS/TS ecosystem.August 07, 20229 min read