Logto blog

Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.

Featured posts

Cover

Changelogs

  • release

Logto product updates

We’ve just rolled out v1.32, bringing new MFA options, better localization support, and a few handy improvements.

Sijie
Sijie
Developer
Logto product updates

Changelogs

  • release

Logto product updates

Logto product updates

Tutorial

  • rbac
  • role design
  • rbac implementation

RBAC in practice: Implementing secure authorization for your application

RBAC in practice: Implementing secure authorization for your application

Tech

  • saas development
  • multi-tenant saas
  • saas architecture
  • saas boilerplate

Build a multi-tenant SaaS application: A complete guide from design to implementation

Build a multi-tenant SaaS application: A complete guide from design to implementation

All posts

  • Cover

    Tech

    • multi-tenancy
    • organization
    • authentication

    How to build multi-tenant, organization-based authentication experience

    Tenant‑specific sign‑in for B2B SaaS with Logto: customize branding and email templates, route via enterprise SSO, require MFA, and auto‑provision users with JIT.

    How to build multi-tenant, organization-based authentication experience
  • Cover

    Tech

    • bearer tokens
    • jwt

    What is a bearer token? A complete guide for developers and businesses

    Learn what bearer tokens are, how they work in OAuth 2.0 and JWT, the difference from access tokens, and best practices.

    What is a bearer token? A complete guide for developers and businesses
  • Cover

    Tech

    • ai
    • claude
    • auth

    Using Claude Code and Logto to quickly build your custom login flows

    Learn how to use Claude Code to build a full-stack app with Logto authentication: from sign-in setup to custom login panels and social logins.

    Using Claude Code and Logto to quickly build your custom login flows
  • Cover

    Tech

    • oauth
    • jwt

    JWT vs OAuth: Key differences, how they work together, and best practices

    A quick guide explaining how JWT and OAuth differ, how they complement each other, and best practices for using both effectively.

    JWT vs OAuth: Key differences, how they work together, and best practices
  • Cover

    Tech

    • Secret Vault
    • Token storage
    • Third-party services
    • Google

    How to access Google API persistently using OAuth and access token storage?

    Learn how to build smart productivity apps (e.g., AI agent) that integrate with Google APIs using Logto Secret Vault for secure access and refresh token storage, incremental authorization, and seamless OIDC/OAuth 2.0 integration.

    How to access Google API persistently using OAuth and access token storage?
  • Cover

    Tech

    • Bolt
    • AI
    • Direct sign-in

    Using Bolt.New and Logto to quickly build your custom login flows

    Learn how to use Bolt.new to build a full-stack app with Logto authentication. From configuring sign-in flows to creating a floating login panel and enabling social logins, this guide covers both setup and customization.

    Using Bolt.New and Logto to quickly build your custom login flows
  • Cover

    Tech

    • Supabase
    • AI
    • Auth

    Why AI startups choose Supabase and where it falls short

    Supabase offers fast backend setup for AI startups, but lacks robust authentication and authorization. Learn how pairing it with Logto creates a scalable, production-ready stack.

    Why AI startups choose Supabase and where it falls short
  • Cover

    Tech

    • postmortem
    • cloud-service
    • incident
    • db-alterations

    Postmortem: undeployed database alterations exception

    Incident report for the 2025-07-17 undeployed database alterations exception.

    Postmortem: undeployed database alterations exception
  • Cover

    Tech

    • agent
    • coding

    Top coding agents in 2025: Tools that actually help you build

    A detailed comparison of top AI coding agents like Cursor, GitHub Copilot, Windsurf, Bolt.new, and Replit. This article breaks down their key features, strengths, and ideal use cases to help developers choose the right tool for their workflow.

    Top coding agents in 2025: Tools that actually help you build
  • Cover

    Tech

    • ai
    • auth
    • IDE

    Vibe code using Lovable AI and Logto to quickly build your app and handle login flows

    Lovable is an AI-powered coding agent that helps you build full-stack apps using natural language: frontend, backend, database, and deployment, all in one place. With the support for Logto, you can now add secure login, user management, and auth flows effortlessly.

    Vibe code using Lovable AI and Logto to quickly build your app and handle login flows
  • Cover

    Tech

    • cursor
    • integration
    • ai

    Vibe code using Cursor and Logto to quickly build your app and handle login flows

    Learn how to vibe code a photo gallery app using Cursor and add login with Logto in minutes. From UI to authentication, it’s fast, simple, and AI-powered.

    Vibe code using Cursor and Logto to quickly build your app and handle login flows
  • Cover

    Tech

    • agent
    • ai
    • login

    How Manus handles login state and user credentials in the Cloud Browser

    This article covers how Manus manages login sessions in its cloud browser, the security risks of agent-based authentication, and alternatives like OAuth and credential vaults.

    How Manus handles login state and user credentials in the Cloud Browser
  • Cover

    Tech

    • agent
    • agent auth
    • ai
    • oauth

    What’s changed and what hasn’t in Auth and Identity for agentic apps

    As AI agents become more capable and connected, building secure and scalable agentic products requires a strong foundation in authentication and identity. This guide breaks down what’s changed, what hasn’t, and what every builder needs to know to navigate the new landscape.

    What’s changed and what hasn’t in Auth and Identity for agentic apps
  • Cover

    Tech

    • mcp
    • modelcontextprotocol

    Introduce MCP Auth - Plug-and-play auth for MCP servers

    MCP Auth gives you everything you need to add production-ready auth to your MCP server. No weeks spent reading specs or wiring things up.

    Introduce MCP Auth - Plug-and-play auth for MCP servers
  • Cover

    Tech

    • ai
    • OAuth 2.0
    • OIDC
    • agent

    Why your product needs OAuth 2.0 and OIDC — Especially in the AI era

    Learn why OAuth 2.0 and OpenID Connect (OIDC) are important for modern authentication, especially in the age of AI, agents, and smart devices. This article covers key use cases, when to implement these protocols, and how to choose the right auth provider for scalability and security.

    Why your product needs OAuth 2.0 and OIDC — Especially in the AI era
  • Cover

    Tech

    • A2A
    • AI
    • MCP

    A2A vs MCP: Two complementary protocols for the emerging agent ecosystem

    This article introduces A2A and MCP — two emerging protocols shaping the future of AI agent systems. It explains how they work, how they differ, and why understanding this architecture matters for developers, designers, and AI product builders.

    A2A vs MCP: Two complementary protocols for the emerging agent ecosystem
  • Cover

    Tech

    • mcp
    • mcp-auth
    • oauth

    In-Depth review of the MCP authorization spec (2025-03-26 edition)

    Deeply analyzes the MCP Authorization Specification, examining MCP Server's dual roles as Authorization and Resource Server, Dynamic Client Registration mechanisms, and practical considerations for implementing this protocol in real-world scenarios.

    In-Depth review of the MCP authorization spec (2025-03-26 edition)
  • Cover

    Tech

    • MCP
    • Model Context Protocol
    • AI

    What is MCP (Model Context Protocol) and how it works

    An easy-to-understand guide to Model Context Protocol (MCP), explaining how it helps LLMs access external resources to overcome knowledge limitations and build more powerful AI applications.

    What is MCP (Model Context Protocol) and how it works
  • Cover

    Tech

    • Logto cloud
    • Region
    • Japan

    Logto cloud muti-region support - Japan region coming soon

    Logto is adding a new data region in Japan! Contact us to join the waitlist.

    Logto cloud muti-region support - Japan region coming soon
  • Cover

    Tech

    • saas development
    • multi-tenant saas
    • saas architecture
    • saas boilerplate

    Build a multi-tenant SaaS application: A complete guide from design to implementation

    Learn how to efficiently build a multi-tenant SaaS application with robust authentication, organization management, and role-based access control in just a few hours.

    Build a multi-tenant SaaS application: A complete guide from design to implementation