Blog

May 20, 2025

Agno: The agent framework for Python teams

Agno is an open-source framework that helps you build clean, composable and Pythonic agentic applications with tools, memory and reasoning capabilities.

Security threats in SPAs and how to defend against them

A developer’s guide to identifying and fixing the most common security flaws in Single-page applications.

How to sync users from Entra ID to your app using Node and WorkOS

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Entra ID, Node, and WorkOS, with just a few lines of code.

OAuth 2.1: What’s new, what’s gone, and how to migrate securely

Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.

Secure by design: How engineers should build and consume APIs

A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.

What is NIST and why should developers care?

What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.

Introducing RFC 9728: Say hello to standardized OAuth 2.0 resource metadata

OAuth 2.0 just got a major upgrade in how resources describe themselves. Find out what RFC 9728 introduces and why it matters.

Diagnosing SAML assertion failures: A step-by-step debugging guide

From expired assertions to signature fails — a survival guide for anyone who's ever screamed at a SAML error message.

On-premises and hybrid authentication: Challenges and best practices

How to avoid common pitfalls and build resilient auth systems in on-prem and hybrid setups.

The hidden pitfalls of SAML metadata: How to avoid downtime

Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.

April Updates

SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more

Mastra.ai Quickstart - How to build a TypeScript agent in 5 minutes or less

Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.

oRPC: OpenAPI Remote Procedure Call for Type-Safe APIs

oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server.