Logto blog

Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.

Featured posts

Cover

Changelogs

  • release
  • i18n
  • email templates

Logto product updates

It's time for a new Logto release! This update brings custom email templates for multiple languages, some improvements and fixes.

Darcy Ye
Darcy Ye
Developer
Logto product updates

Tutorial

  • rbac
  • role design
  • rbac implementation

RBAC in practice: Implementing secure authorization for your application

RBAC in practice: Implementing secure authorization for your application

Tech

  • saas development
  • multi-tenant saas
  • saas architecture
  • saas boilerplate

Build a multi-tenant SaaS application: A complete guide from design to implementation

Build a multi-tenant SaaS application: A complete guide from design to implementation

All posts

  • Cover

    Product

    • AI
    • MCP
    • Agent
    • IdP

    What you need to have in place for AI Agent and MCP Integration for your product

    In this piece, we explore the latest AI breakthroughs that underscore the urgency of secure agent and MCP integration. We highlight OAuth-based authentication as an important measure for protecting user credentials and explain how Logto can help your product serve as both an MCP server and an identity provider in the rapidly growing AI ecosystem.

    What you need to have in place for AI Agent and MCP Integration for your product
  • Cover

    Product

    • Firebase Auth
    • Pricing

    2025 Firebase Authentication’s latest pricing explained and the best alternatives

    This article provides an overview and breaks down the key details of Firebase Authentication. It covers what Firebase Auth is, a summary of its pricing, and the best alternatives to Firebase Auth.

    2025 Firebase Authentication’s latest pricing explained and the best alternatives
  • Cover

    Product

    • auth
    • agent
    • agent auth

    AI agent auth: use cases and identity needs

    2025 is the year of AI. As LLMs and agent experiences evolve, new challenges in authentication and authorization emerge. This article explores AI agent interactions, highlighting key security and authentication scenarios.

    AI agent auth: use cases and identity needs
  • Cover

    Product

    • oss
    • IAM
    • SSO providers

    Top 5 Open Source Identity and Access Management (IAM) providers 2025

    Compare features, protocols, integrations, pros, and cons for Logto, Keycloak, NextAuth, Casdoor, and SuperTokens to find the best OSS fit for your authentication and authorization needs.

    Top 5 Open Source Identity and Access Management (IAM) providers 2025
  • Cover

    Product

    • Region
    • Data
    • Security

    Protect your identities in local regions and dedicated computing resources

    In this article, we’ll discuss when you might need to store your identities in local regions and how Logto can help.

    Protect your identities in local regions and dedicated computing resources
  • Cover

    Product

    • Personal access token
    • Authentication

    What is personal access token (PAT)? A more secure API token

    Explain how personal access tokens (PATs) work, when to use them, how to support API authentication in your services, and how they differ from API keys, API tokens, bearer tokens, OAuth tokens, and passwords.

    What is personal access token (PAT)? A more secure API token
  • Cover

    Product

    • impersonation
    • ai
    • authentication
    • authorization

    What is impersonation in cybersecurity and identity management? How can AI agents use it?

    Learn how impersonation is used in cybersecurity and identity management, and how AI agents can use this feature.

    What is impersonation in cybersecurity and identity management? How can AI agents use it?
  • Cover

    Product

    • soc2
    • security
    • compliance

    Logto is now SOC 2 Type II compliant!

    Logto is now SOC 2 Type II compliant, proving our commitment to security.

    Logto is now SOC 2 Type II compliant!
  • Cover

    Product

    • Amazon Cognito
    • Pricing

    2025 Amazon Cognito's latest pricing explained and the best Amazon Cognito alternatives

    This article provides an overview and breaks down the key details of Amazon Cognito. It covers what Amazon Cognito is, a summary of its pricing, and the best alternatives to Amazon Cognito.

    2025 Amazon Cognito's latest pricing explained and the best Amazon Cognito alternatives
  • Cover

    Product

    • SAML
    • SSO
    • Identity Provider

    Simplify SAML app integration for developers

    Learn what SAML is, how to implement SSO, and quick steps to integrate SAML apps as an Identity Provider (IdP) or Service Provider (SP).

    Simplify SAML app integration for developers
  • Cover

    Product

    • SaaS
    • Multi-tenant
    • B2B
    • Authentication

    What is B2B SaaS, and what will the post-SaaS era (2025+) with AI look like?

    A concise guide to B2B SaaS, covering key features, metrics (MRR, ARR, CAC, LTV), and the future of AI in SaaS. Get our idea and thoughts on how AI agents and dynamic systems will shape SaaS, and why human control remains essential. Ideal for SaaS developers and AI builders.

    What is B2B SaaS, and what will the post-SaaS era (2025+) with AI look like?
  • Cover

    Product

    • token
    • oidc
    • refresh token
    • rotation
    • security

    What is refresh token rotation and why is it important?

    Dive in and let's talk about why refresh token rotation is an effective way to protect the safety of your refresh tokens.

    What is refresh token rotation and why is it important?
  • Cover

    Product

    • pricing-update

    Logto plan update: Optimizing token quotas to protect Logto from abuse and ensure reliability

    Token changes will only affect Free plan users and new Pro users.

    Logto plan update: Optimizing token quotas to protect Logto from abuse and ensure reliability
  • Cover

    Product

    • token
    • oidc
    • refresh token
    • access token
    • ID token

    Understanding access tokens, refresh tokens, and ID tokens in OpenID Connect (OIDC) protocol

    The OpenID Connect (OIDC) Protocol, has emerged as a widely adopted standard for identity management. But do you really understand the roles and attributes of these tokens?

    Understanding access tokens, refresh tokens, and ID tokens in OpenID Connect (OIDC) protocol
  • Cover

    Product

    • pricing
    • auth0 alternatives
    • auth0

    2025 Auth0's latest pricing explained and the best Auth0 alternatives

    Auth0 has updated its pricing twice within a year. This article provides an overview and breaks down the key details. It covers what Auth0 is, a summary of its pricing, and the best alternatives to Auth0.

    2025 Auth0's latest pricing explained and the best Auth0 alternatives
  • Cover

    Product

    • authenticator app
    • 2FA
    • MFA
    • TOTP
    • Google Authenticator
    • Microsoft Authenticator

    What is an authenticator app

    Learn what an authenticator app is and how it protects your accounts. Includes a detailed explanation of how it works and a step-by-step example guide to use an authenticator app.

    What is an authenticator app
  • Cover

    Product

    • OTP bots
    • MFA
    • Authentication
    • Security
    • Passwordless

    OTP bots: What they are and how to prevent attacks

    Learn what OTP bots are, how they exploit one-time passwords with real cases, and strategies to protect your business from these cyber threats. This guide offers actionable tips for professionals in product development and enterprise management.

    OTP bots: What they are and how to prevent attacks
  • Cover

    Product

    • 404-not-found
    • logto-unknown-session
    • authorization-code-flow

    Why you might see a 404 when signing in to your Logto-integrated app

    Have you ever encountered a "404 Not Found" error when you tried to sign in to a Logto-integrated app? This blog post explains why this happens and what you can do to avoid it.

    Why you might see a 404 when signing in to your Logto-integrated app
  • Cover

    Product

    • webhook
    • welcome email
    • Sync authorization

    Real use cases: Expanding your auth system with webhooks

    Discover real-world cases of using Logto webhooks for authentication and authorization, including sending welcome emails, syncing data to your database, updating user roles/permissions in real-time, and integrating with third-party analytics.

    Real use cases: Expanding your auth system with webhooks
  • Cover

    Product

    • enterprise sso
    • customer iam
    • workforce iam
    • single sign-in

    Enterprise SSO: What it is, how it works, and why it matters

    Explore the world of Enterprise Single Sign-On (SSO) and discover how it can benefit your business. This guide includes straightforward explanations, real-world examples, and practical tips.

    Enterprise SSO: What it is, how it works, and why it matters