Logto blog

Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.

Featured posts

Cover

Changelogs

  • release
  • WebAuthn
  • Passkey
  • jwt

Logto product updates

🎉 Introducing our June release: Account API for Passkeys, access user interaction details in custom JWT, and more updates!

Sijie
Sijie
Developer
Logto product updates

Tutorial

  • rbac
  • role design
  • rbac implementation

RBAC in practice: Implementing secure authorization for your application

RBAC in practice: Implementing secure authorization for your application

Tech

  • saas development
  • multi-tenant saas
  • saas architecture
  • saas boilerplate

Build a multi-tenant SaaS application: A complete guide from design to implementation

Build a multi-tenant SaaS application: A complete guide from design to implementation

All posts

  • Cover

    Tech

    • postmortem
    • cloud-service
    • incident
    • db-alterations

    Postmortem: undeployed database alterations exception

    Incident report for the 2025-07-17 undeployed database alterations exception.

    Postmortem: undeployed database alterations exception
  • Cover

    Tech

    • agent
    • coding

    Top coding agents in 2025: Tools that actually help you build

    A detailed comparison of top AI coding agents like Cursor, GitHub Copilot, Windsurf, Bolt.new, and Replit. This article breaks down their key features, strengths, and ideal use cases to help developers choose the right tool for their workflow.

    Top coding agents in 2025: Tools that actually help you build
  • Cover

    Product

    • Captcha
    • Security

    CAPTCHA provider buyer’s guide 2025

    Learn how does modern CAPTCHA works. Compare Google reCAPTCHA, Cloudflare Turnstiles, and more providers from features, pricing, and integration tips.

    CAPTCHA provider buyer’s guide 2025
  • Cover

    Product

    • saas
    • environment
    • configuration

    Why I said "no" for a year: rethinking dev-to-prod environment promotion

    How we learned that environment isolation doesn't mean configuration isolation, and why that matters for developer-focused SaaS.

    Why I said "no" for a year: rethinking dev-to-prod environment promotion
  • Cover

    Tech

    • ai
    • auth
    • IDE

    Vibe code using Lovable AI and Logto to quickly build your app and handle login flows

    Lovable is an AI-powered coding agent that helps you build full-stack apps using natural language: frontend, backend, database, and deployment, all in one place. With the support for Logto, you can now add secure login, user management, and auth flows effortlessly.

    Vibe code using Lovable AI and Logto to quickly build your app and handle login flows
  • Cover

    Tech

    • cursor
    • integration
    • ai

    Vibe code using Cursor and Logto to quickly build your app and handle login flows

    Learn how to vibe code a photo gallery app using Cursor and add login with Logto in minutes. From UI to authentication, it’s fast, simple, and AI-powered.

    Vibe code using Cursor and Logto to quickly build your app and handle login flows
  • Cover

    Tutorial

    • mcp
    • mcp-auth

    MCP server auth implementation guide: using the latest spec

    Provides key implementation points for MCP server authentication compliance with the 2025-06-18 specification.

    MCP server auth implementation guide: using the latest spec
  • Cover

    Tech

    • agent
    • ai
    • login

    How Manus handles login state and user credentials in the Cloud Browser

    This article covers how Manus manages login sessions in its cloud browser, the security risks of agent-based authentication, and alternatives like OAuth and credential vaults.

    How Manus handles login state and user credentials in the Cloud Browser
  • Cover

    Changelogs

    • release
    • WebAuthn
    • Passkey
    • jwt

    Logto product updates

    🎉 Introducing our June release: Account API for Passkeys, access user interaction details in custom JWT, and more updates!

    Logto product updates
  • Cover

    Product

    • postmortem

    Postmortem: Logto auth service outage

    On June 12, 2025, Logto services on `logto.app` were briefly disrupted by a Cloudflare outage affecting request routing. The issue was resolved quickly, with no impact on data security or core services.

    Postmortem: Logto auth service outage
  • Cover

    Product

    • Magic link
    • Passwordless
    • Authentication
    • Invitation

    Magic link authentication

    Learn to implement magic links for passwordless sign-in, invitation-only registration, and organization member invites using one-time tokens.

    Magic link authentication
  • Cover

    Product

    • Security
    • IAM

    IAM security: from fundamentals to advanced protection (Best practices 2025)

    Master IAM security threats, essential features, and modern best practices. Discover how Logto’s developer-first IAM platform implements secure authN and authZ.

    IAM security: from fundamentals to advanced protection (Best practices 2025)
  • Cover

    Product

    • e-commerce
    • identity
    • gobal

    Behind the E-commerce boom: Why auth and identity management matters

    Global e-commerce brings complex identity challenges. Managing identity is now key to growth, security, and compliance. This article covers essentials like SSO, multi-identifier sign-ups, MFA, and CAPTCHA.

    Behind the E-commerce boom: Why auth and identity management matters
  • Cover

    Changelogs

    • release
    • email blocklist
    • qq connector

    Logto product updates

    🎉 Introducing our May release: Email blocklist policy, improved phone number handling, QQ social connector, and more updates!

    Logto product updates
  • Cover

    Tech

    • agent
    • agent auth
    • ai
    • oauth

    What’s changed and what hasn’t in Auth and Identity for agentic apps

    As AI agents become more capable and connected, building secure and scalable agentic products requires a strong foundation in authentication and identity. This guide breaks down what’s changed, what hasn’t, and what every builder needs to know to navigate the new landscape.

    What’s changed and what hasn’t in Auth and Identity for agentic apps
  • Cover

    Product

    • Logto OSS
    • Logto Cloud

    Auth provider: Logto OSS vs. Logto Cloud

    Looking for an auth provider? Logto lets you choose between a managed SaaS (SOC2/HIPAA compliant, instant scaling) or a self-hosted open-source solution. Free trial & easy migration.

    Auth provider: Logto OSS vs. Logto Cloud
  • Cover

    Product

    • ai
    • doc

    Smarter with AI: Logto’s latest with Inkeep

    We’ve upgraded Logto’s docs with AI to help you find answers more efficiently. You can access it across multiple channels—including our documentation site, Logto Cloud, and the Discord community.

    Smarter with AI: Logto’s latest with Inkeep
  • Cover

    Tech

    • mcp
    • modelcontextprotocol

    Introduce MCP Auth - Plug-and-play auth for MCP servers

    MCP Auth gives you everything you need to add production-ready auth to your MCP server. No weeks spent reading specs or wiring things up.

    Introduce MCP Auth - Plug-and-play auth for MCP servers
  • Cover

    Product

    • open-source
    • auth
    • milesone

    Logto reaches 10,000 GitHub stars and 1 million identities: The open foundation for identity in the AI era

    We’re deeply grateful to have you on this journey. Join us in celebrating Logto’s milestone achievements!

    Logto reaches 10,000 GitHub stars and 1 million identities: The open foundation for identity in the AI era
  • Cover

    Product

    • security
    • auth
    • email
    • disposable email

    Disposable emails: What they are, Why they exist, and how to handle them in your app

    Learn what disposable emails are, why they exist, the risks they pose to applications, and the key strategies you can use to detect and block them for stronger security and cleaner user data.

    Disposable emails: What they are, Why they exist, and how to handle them in your app