Using SAML Federation as an alternative to the OAuth 2 SAML Extension Grant We were recently approached by a client to develop an API management solution which would allow distinct user communities to authenticate against their chosen identity provider, some of which would support the OIDC standard while others would rely on the SAML standard. […]

The role of API Gateways in Modern Enterprise After my previous article on OAuth 2 scopes, several people contacted me to ask what exactly an API Manager is. In this article, I will aim to provide a clearer idea of why an organisation may choose to deploy an API Gateway solution and the associated benefits. […]

  This article will explore the benefit of using OAuth 2 scopes to manage access to APIs. THE OAUTH 2 STANDARD OAuth 2 is an open standard for privilege delegation. The right to use a service is controlled via an “access token”. Access tokens may be freely exchanged between parties, can be revoked at any […]

WHY OPENID CONNECT ISN’T THE IDENTITY FEDERATION SOLUTION YOU’RE LOOKING FOR Recently several clients have approached us to request our assistance in implementing so-called “social login” solutions, whereby a user is able to authenticate themselves by using their personal Facebook, LinkedIn or Google account. With the advent of OpenID Connect in 2014, we firmly believed […]