Logto blog

Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.

Featured posts

Cover

Changelogs

  • release
  • WebAuthn
  • Passkey
  • jwt

Logto product updates

🎉 Introducing our June release: Account API for Passkeys, access user interaction details in custom JWT, and more updates!

Sijie
Sijie
Developer
Logto product updates

Tutorial

  • rbac
  • role design
  • rbac implementation

RBAC in practice: Implementing secure authorization for your application

RBAC in practice: Implementing secure authorization for your application

Tech

  • saas development
  • multi-tenant saas
  • saas architecture
  • saas boilerplate

Build a multi-tenant SaaS application: A complete guide from design to implementation

Build a multi-tenant SaaS application: A complete guide from design to implementation

All posts

  • Cover

    Product

    • saas
    • environment
    • configuration

    Why I said "no" for a year: rethinking dev-to-prod environment promotion

    How we learned that environment isolation doesn't mean configuration isolation, and why that matters for developer-focused SaaS.

    Why I said "no" for a year: rethinking dev-to-prod environment promotion
  • Cover

    Product

    • postmortem

    Postmortem: Logto auth service outage

    On June 12, 2025, Logto services on `logto.app` were briefly disrupted by a Cloudflare outage affecting request routing. The issue was resolved quickly, with no impact on data security or core services.

    Postmortem: Logto auth service outage
  • Cover

    Product

    • Magic link
    • Passwordless
    • Authentication
    • Invitation

    Magic link authentication

    Learn to implement magic links for passwordless sign-in, invitation-only registration, and organization member invites using one-time tokens.

    Magic link authentication
  • Cover

    Product

    • Security
    • IAM

    IAM security: from fundamentals to advanced protection (Best practices 2025)

    Master IAM security threats, essential features, and modern best practices. Discover how Logto’s developer-first IAM platform implements secure authN and authZ.

    IAM security: from fundamentals to advanced protection (Best practices 2025)
  • Cover

    Product

    • e-commerce
    • identity
    • gobal

    Behind the E-commerce boom: Why auth and identity management matters

    Global e-commerce brings complex identity challenges. Managing identity is now key to growth, security, and compliance. This article covers essentials like SSO, multi-identifier sign-ups, MFA, and CAPTCHA.

    Behind the E-commerce boom: Why auth and identity management matters
  • Cover

    Product

    • Logto OSS
    • Logto Cloud

    Auth provider: Logto OSS vs. Logto Cloud

    Looking for an auth provider? Logto lets you choose between a managed SaaS (SOC2/HIPAA compliant, instant scaling) or a self-hosted open-source solution. Free trial & easy migration.

    Auth provider: Logto OSS vs. Logto Cloud
  • Cover

    Product

    • ai
    • doc

    Smarter with AI: Logto’s latest with Inkeep

    We’ve upgraded Logto’s docs with AI to help you find answers more efficiently. You can access it across multiple channels—including our documentation site, Logto Cloud, and the Discord community.

    Smarter with AI: Logto’s latest with Inkeep
  • Cover

    Product

    • open-source
    • auth
    • milesone

    Logto reaches 10,000 GitHub stars and 1 million identities: The open foundation for identity in the AI era

    We’re deeply grateful to have you on this journey. Join us in celebrating Logto’s milestone achievements!

    Logto reaches 10,000 GitHub stars and 1 million identities: The open foundation for identity in the AI era
  • Cover

    Product

    • security
    • auth
    • email
    • disposable email

    Disposable emails: What they are, Why they exist, and how to handle them in your app

    Learn what disposable emails are, why they exist, the risks they pose to applications, and the key strategies you can use to detect and block them for stronger security and cleaner user data.

    Disposable emails: What they are, Why they exist, and how to handle them in your app
  • Cover

    Product

    • iam
    • auth solution

    What makes a good identity and access management solution

    Explores the key elements of an effective IAM solution including user experience, security, integration capabilities, documentation, cost-effectiveness, support, and future readiness based on Logto's experience serving developers.

    What makes a good identity and access management solution
  • Cover

    Product

    • japan
    • logto-cloud
    • region

    Announcing the Logto Cloud Japan region

    Logto Cloud now supports a new region in Japan, offering low-latency access and local data residency compliance for users in the Asia-Pacific region.

    Announcing the Logto Cloud Japan region
  • Cover

    Product

    • AI
    • MCP
    • Agent
    • IdP

    What you need to have in place for AI Agent and MCP Integration for your product

    In this piece, we explore the latest AI breakthroughs that underscore the urgency of secure agent and MCP integration. We highlight OAuth-based authentication as an important measure for protecting user credentials and explain how Logto can help your product serve as both an MCP server and an identity provider in the rapidly growing AI ecosystem.

    What you need to have in place for AI Agent and MCP Integration for your product
  • Cover

    Product

    • Firebase Auth
    • Pricing

    2025 Firebase Authentication’s latest pricing explained and the best alternatives

    This article provides an overview and breaks down the key details of Firebase Authentication. It covers what Firebase Auth is, a summary of its pricing, and the best alternatives to Firebase Auth.

    2025 Firebase Authentication’s latest pricing explained and the best alternatives
  • Cover

    Product

    • auth
    • agent
    • agent auth

    AI agent auth: use cases and identity needs

    2025 is the year of AI. As LLMs and agent experiences evolve, new challenges in authentication and authorization emerge. This article explores AI agent interactions, highlighting key security and authentication scenarios.

    AI agent auth: use cases and identity needs
  • Cover

    Product

    • oss
    • IAM
    • SSO providers

    Top 5 Open Source Identity and Access Management (IAM) providers 2025

    Compare features, protocols, integrations, pros, and cons for Logto, Keycloak, NextAuth, Casdoor, and SuperTokens to find the best OSS fit for your authentication and authorization needs.

    Top 5 Open Source Identity and Access Management (IAM) providers 2025
  • Cover

    Product

    • Region
    • Data
    • Security

    Protect your identities in local regions and dedicated computing resources

    In this article, we’ll discuss when you might need to store your identities in local regions and how Logto can help.

    Protect your identities in local regions and dedicated computing resources
  • Cover

    Product

    • Personal access token
    • Authentication

    What is personal access token (PAT)? A more secure API token

    Explain how personal access tokens (PATs) work, when to use them, how to support API authentication in your services, and how they differ from API keys, API tokens, bearer tokens, OAuth tokens, and passwords.

    What is personal access token (PAT)? A more secure API token
  • Cover

    Product

    • impersonation
    • ai
    • authentication
    • authorization

    What is impersonation in cybersecurity and identity management? How can AI agents use it?

    Learn how impersonation is used in cybersecurity and identity management, and how AI agents can use this feature.

    What is impersonation in cybersecurity and identity management? How can AI agents use it?
  • Cover

    Product

    • soc2
    • security
    • compliance

    Logto is now SOC 2 Type II compliant!

    Logto is now SOC 2 Type II compliant, proving our commitment to security.

    Logto is now SOC 2 Type II compliant!
  • Cover

    Product

    • Amazon Cognito
    • Pricing

    2025 Amazon Cognito's latest pricing explained and the best Amazon Cognito alternatives

    This article provides an overview and breaks down the key details of Amazon Cognito. It covers what Amazon Cognito is, a summary of its pricing, and the best alternatives to Amazon Cognito.

    2025 Amazon Cognito's latest pricing explained and the best Amazon Cognito alternatives