This article introduces how to utilize existing tools to migrate previous user data to Logto, in the situation where Logto has not yet provided data migration services.

Learn the essentials of OpenID Connect (OIDC) grants, and how to troubleshoot the "invalid_grant" error.

Learn how to protect your Express.js API endpoints with JSON Web Tokens (JWT) and Logto.

Gain insights into crafting product password policies that are compliant, secure, and user-friendly, with Logto ensuring the security of your authentication process.

Deep into the transition experience of crypto to Web Crypto API, providing a comprehensive guide focusing on 3 commonly scenarios.

This article explains why JWT is widely adopted as the format for access tokens in OAuth 2.0, highlighting its benefits and limitations.

As creators of developer tools, we frequently discuss the notion of "developer experience." This term is akin to "user experience" but can appear hazy and abstract. So, what precisely does it entail?

Learn how to build a user authentication flow with ASP.NET Core by integrating Logto SDK.

Learn how to integrate Azure AD SSO with Logto using standard SAML connector.

How can we quickly learn a new programming language? In this article, we'll share our weekend experience of learning Python by building a complete project.

Dive in and let's talk about why refresh token rotation is an effective way to protect the safety of your refresh tokens.

In this article, we have presented several classic methods for cracking passwords, along with the underlying principles behind these approaches. Addressing these concepts, we have provided practices from both the perspective of password custodians and account owners on how to enhance the security of passwords.

Deconstructing Multi-Factor Authentication (MFA) through an analysis of its core components, user processes, and essential guiding principles.

Using Next.js new feature Server Actions to implement cookie-based stateless session, and experiencing the benifits of Server Actions.

How to determine whether it's necessary to develop a new feature.

The OpenID Connect (OIDC) Protocol, has emerged as a widely adopted standard for identity management. But do you really understand the roles and attributes of these tokens?

The concept of 'tenant' is relatively unfamiliar to most users, but it is especially important for building identity models. In this article, we will go through examples to help everyone understand what kind of identity model suits their business.

Logto offers a variety of SDKs for different platforms. Apart from our official SDKs, we encourage developers from the community to create their own user-friendly SDKs. This article will guide you on building a basic client-side SDK for OIDC.

Explore email types and factors affecting delivery in auth scenarios. Easily integrate popular email delivery service with sign-in experience, or choose the free email delivery solution without any configuration provided by Logto.

Tracking DAU and MAU in high-traffic sites is a challenging task. This article describes how we solved this problem at Logto.

In this tutorial, we will demonstrate how to build the authentication flow with Logto in Capacitor. This will enable you to create cross-platform sign-in and sign-up flows with ease.

This article explains how PKCE protects the authorization code flow for native apps, using unique code verifiers and code challenges to prevent potential attacks.

Our customers often ask us what makes us different from Auth0. In this article, we'll explain the key details and share some strong opinions about what sets our product apart from Auth0 and other alternatives.

As we gear up for the official launch, I want to assure you of a smooth transition. Your experience with Logto Cloud will be seamless, and here are some things you can expect.

At Logto, we prioritize the utmost security measures to protect your data and ensure your trust in our services.

With the arrival of the era of multi-device collaboration, does your app support collaboration across devices? If not, what problems are you facing? In this article, we will explore how an app can take the first step to adapt to cross-device collaboration by allowing signing in to multiple devices.

You may heard of advices for choosing password hashing algorithms, but did you think why they are recommended? In this article, we will explore the evolution of password hashing algorithms and the reasons behind them.

The story of how we support an array of diverse connectors with both good user experience and development experience. With the help of config driven development, we made a low-code connectors platform.

We have published the sign-in experience Figma resources to public, including comprehensive authentication flow designs and versatile styles and components.

This article provides four tips for remote work from the real experience as a full-time employee of Logto.

Our pricing model is not just about revenue generation. We’re eager to share how we’ve designed it to address the unseen challenges startups face.

As a developer-centric product, we greatly value the feedback and contributions from our community, constantly striving to establish a healthy and self-sustainable environment. Discover our ongoing community management journey in the post.

A recent experience with a company worth billions of dollars showed a negative example of how even a common and fundamental user requirement can be mishandled.

Building user identity is a critical component of any application. Validating usernames and passwords may seem like the simplest approach, but there are many other aspects to consider.

Discover the latest improvements from Logto for tiered pricing, custom domains, and more.

Increase conversions, enhance data quality, and improve user retention with social login (social sign-in)! This article explores its benefits and offers user-friendly design tips with comparative case studies.

React Router is a popular library for managing routing in React applications. However, a recent change has displayed a level of arbitrariness and laziness that may negatively impact developers who seek robust type checking.

In this article, we will demonstrate how to use OAuth `scope` for authorization in ChatGPT plugins.

When it comes to OAuth, it is crucial to prioritize security and fraud protection. One can never be too careful in safeguarding sensitive information. How well-versed are you in the protective measures employed by OAuth? Does your system adhere to the open standard of OAuth? Are you mindful of the potential risks that may arise during the implementation of the user authentication flow? Let's briefly recap what we have learned about OAuth.

This article shares the experience of using the ChatGPT API to efficiently support internationalization (i18n) of products, providing tips on integrating the API, improving translation results, and optimizing instructions for better outcomes.

Edge Runtime has become a buzzword in the technology landscape, Vercel and its Next.js framework have recently added support for it. Logto's Next.js SDK is now supporting Edge Runtime as well. In this article, we're going to share our adventure, looking at the hurdles we faced, how we overcame them, and the cool stuff we learned along the way.

Logto offers a pay-as-you-go and usage-based pricing model with a transparent measurement of Monthly Active Users (MAU).

Logto product updates for May 2023

Last year, there were news articles circulating on the internet claiming that big tech companies were joining forces to eliminate passwords. Some startups even declared that passwords were obsolete and outdated.

Our community has expressed interest in using Logto as an Identity Provider for certain products, such as Outline or ChatGPT plugins. In theory, Logto can serve as an OAuth or OIDC (OpenID Connect) provider as long as the product you want to integrate supports either of these protocols.

ChatGPT plugins are now available to all Plus members. Although still in beta, these plugins hold great potential for AI-powered apps, as they seamlessly integrate with your business directly within the chat interface.

In this article, we will demonstrate how to use Logto as an OAuth identity provider for ChatGPT plugins.

In this article, we will demonstrate how to use Logto as an OpenID Connect (OIDC) identity provider for Outline.

This article details the process of migrating Logto's Next.js SDK sample project to the new Next.js 13 App Router, covering the steps of creating new pages and layouts, transitioning API routes, and utilizing server and client components.

This article is here to help you develop a secure and scalable identity system for your multi-app business. We will cover best practices, key factors to consider, and provide quick-start guides to get you started on the right track.

Logto product updates for April 2023

This article offers a comprehensive guide on mastering Role-Based Access Control (RBAC) in Logto, using a real-world example of an online bookstore to explore key user roles, scopes, and integrating Logto's RBAC features in frontend and backend applications for enhanced security and access control.

In this article, we demonstrate how Logto can mitigate certain frustrating user sign-in/up scenarios by presenting a real-life use case of Thomas, who had trouble signing in to the W app.

Logto product updates for March 2023

Logto Cloud (Preview) has launched on Product Hunt. Come and support us!

Logto product updates for February 2023 (extended)

I’ve seen a lot of developers asking questions like “Should I build my own auth for my app?”. While the answer cannot be a simple "Yes" or "No", I’d like to write an article to breakdown the implementation and demonstrate the pros and cons to help you decide.

Organization and Tenant are great for grouping Identities, but they lead to an absolute democracy: everyone can do anything in this system. While utopia is still a mystery, let’s take a look at the governance of access: Authorization (AuthZ).

Logto product updates for February 2023

Logto product updates for January 2023

In the previous piece, we discussed the development of the Sign-in Experience, and what makes a positive end-user encounter, and we ended on some thought-provoking topics. In this article, we'll answer these questions and show you how the Logto Admin Console can help.

Logto started with the CIAM for various reasons (we’ll have another article talking about this). During development, we realized that building a unified understanding across the team would be beneficial before taking our product to the next level. We hope this will also help you gain a better grasp of the IAM landscape.

In this article, we'll go over the history of Sign-in Experience, including its conception, design decisions, and product tradeoffs. You will also gain a better grasp of how to construct a successful and frictionless sign-in or sign-up experience.

In this article, we’ll focus on connecting Logto and Hasura, which enables you to implement authentication, authorization, and GraphQL APIs without friction. Thus you can quickly jump into your business without rocket-science learning.

In this article, I won’t compare monorepo and polyrepo since it’s all about philosophy. Instead, I’ll focus on the building and evolving experience and assume you are familiar with the JS/TS ecosystem.