Logto blog
Discover Logto and explore plenty of resources on authentication, authorization, identity management, open standards (OAuth, OpenID Connect, SAML), and more.
Tutorial
- custom-ui
- bring-your-own-ui
- custom-sign-in
- custom-auth-flow
Bring your own sign-in UI to Logto Cloud
This tutorial will guide you through the process of creating and deploying your own custom sign-in UI to Logto Cloud.
All posts
- Read more
Tech
- oidc
- oauth
- token-exchange
Understanding token exchange in OAuth/OIDC
Token exchange is an OAuth extension enabling trusted clients to obtain new tokens without user interaction, useful for impersonation, automation, cross-system integration, and token migration in various scenarios.
- Read more
Tech
- HTTP protocol
- WebSocket protocol
- Web application
- TCP
- Client server communication
HTTP vs. WebSocket
This article compares HTTP and WebSocket protocols, explaining their key differences, features, and ideal use cases. It provides developers with insights for choosing the right protocol for their web applications, contrasting HTTP's request-response model with WebSocket's real-time, bidirectional communication capabilities.
- Read more
Tech
- commit message
- conventional commits
- git commit
- commitlint
Conventional commits won't save your commit messages
Explore why simply following conventional commits isn't enough to write good commit messages, and introduce key thinking strategies to improve your development process and naturally create meaningful commits.
- Read more
Tech
- animation
- motion
- user experience
- react
Why GitHub's loading progress bar looks good and how to build it
We are going to discuss the user experience of GitHub's loading progress bar and build a similar one in React.
- Read more
Tech
- oidc
- oauth
- jwt
- opaque token
Opaque token vs JWT
Understand the differences between opaque tokens and JWTs, their use cases, and how they are validated in OIDC-based systems.
- Read more
Tech
- social meida
- open graph
- open standard
How to set Open Graph and Twitter card metadata for your website
Open Graph and Twitter (now X) card metadata are essential for sharing your website on social media. They will help you to show beautiful previews of your website and attract more attention.
- Read more
Tech
- jwt
- authentication
- security
- OIDC
When should I use JWTs?
A comprehensive guide on the pros and cons of using JWTs for authentication, with emphasis on auth provider services like Logto.
- Read more
Tech
- remark
- mdx
- reading-time
- esm
Create a remark plugin to extract MDX reading time
A guide to create a remark plugin to make the reading time data available when importing MDX files as ES modules.
- Read more
Tech
- css
- animation
- infinite-scroll
- carousel
CSS-only infinite scrolling carousel animation
Create an infinite scrolling carousel animation with pause on hover using only CSS. No JavaScript required.
- Read more
Tech
- browser
- url
- process
- domain name service
- DNS
- IP address
How does the browser process the URL input in the address bar?
When we open a particular URL in the browser, how does the browser load and display the content? We show what the browser did in turn, according to the order in which the event occurs.
- Read more
Tech
- base64
- encoding
Everything you need to know about Base64
Dive deep into the world of Base64 encoding. Learn its history, how it works, when to use it, and its limitations. Essential knowledge for every developer dealing with data encoding and transmission.
- Read more
Tech
- parcel
- vite
- js
- esbuild
- bundler
- monorepo
From Parcel to Vite: A short story of a 100K LOC migration
We've migrated our three frontend projects from Parcel to Vite, and the process was... smooth.
- Read more
Tech
- react
- lazy
- suspense
Use React.lazy with confidence: A safe way to load components when iterating fast
React.lazy is a great way to load components on demand and improve the performance of your app. However, sometimes it can lead to some issues like "ChunkLoadError" and "Loading chunk failed".
- Read more
Tech
- webhook
- polling
- api
Webhooks vs. polling
This article will compare webhooks vs. polling, analyze the advantages and disadvantages of each approach, and discuss when to use which.
- Read more
Tech
- postmortem
- cloud-service
- incident
Postmortem: unexpected 500 error occurred during user sign-in
Incident report for the unexpected 500 error returned from authentication services on Jul 18, 2024.
- Read more
Tech
- RESTful
- REST
- RPC
- API
- architecture
- API design
POST only? Let's end this absurd API design debate
Debunking the "POST only" API myth, explaining why it stems from a misunderstanding of API design principles, and clarifies the appropriate use cases for RESTful and RPC architectural styles.
- Read more
Tech
- oidc
- security
- dpop
Enhancing OIDC security with demonstrating proof of possession (DPoP)
Explore how Demonstrating Proof of Possession (DPoP) enhances the security of OpenID Connect (OIDC) by binding tokens to client instances, mitigating replay attacks, and reducing the risk of token theft.
- Read more
Tech
- github
- automation
Automatically rerun your GitHub workflow after failure
Sometimes your GitHub Actions workflow is moody and fails for random reasons. Let's see how you can automatically rerun it to save you time.
- Read more
Tech
- authorization
- rbac
- abac
RBAC and ABAC: The access control models you should know
Role-based access control (RBAC) and attribute-based access control (ABAC) are two of the most popular access control models. In this post, we will give a brief overview of both models and discuss their differences.
- Read more
Tech
- GraphQL
- REST API
- RESTful API
GraphQL and REST API
We will introduct GraphQL in this article and compare it with REST API.