Blog

Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.

A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.

What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.

OAuth 2.0 just got a major upgrade in how resources describe themselves. Find out what RFC 9728 introduces and why it matters.

From expired assertions to signature fails — a survival guide for anyone who's ever screamed at a SAML error message.

How to avoid common pitfalls and build resilient auth systems in on-prem and hybrid setups.

Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.

SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more

Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.

oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server. 

A deep dive on how pooled connections work in the Elixir DBConnection library.

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).

IBM Research’s Agent Communication Protocol (ACP) provides autonomous agents with a common “wire format” for talking to each other. But how does it differ from MCP and A2A?

A deep dive into the messy world of SAML signature verification bugs — complete with real examples, cautionary tales, and practical tips to keep your app out of trouble.