Image for post
Image for post

During conversations with FusionAuth customers, I have seen a common deployment pattern I call the “Auth Facade”. This architecture is useful when deploying software to heterogeneous environments. You and your team are building an application which will deploy onsite. This could be into a data center, an isolated network, or a private cloud. These environments are run by your customers and you have limited insight into their configuration.

You might choose this deployment model for a variety of reasons:

  • Data gravity, when your application needs to go to the data because there’s so much that the data isn’t coming to…

Image for post
Image for post

You’re a software engineering leader, and you’re great at your job. You know that the optimal path for software development lies in figuring out which components of your design to implement from scratch and which have already been implemented by specialists and can be reused.

You also know that these aren’t decisions that you can only make once — you have to keep reevaluating based on environment changes and the needs of new products.

Authentication is one of those components that you deal with all the time. Auth is a necessary part of any software product, but how you implement…


The Grant Negotiation and Authorization Protocol, also known as GNAP, is currently being formulated in an IETF working group. This protocol will not be backward compatible with OAuth2. However, since it is a new major auth standard and is currently in development, you should give it some attention.

GNAP is in the discussion and iteration stage, but you can read the draft version to which this post refers. According to the working group charter, this standard will be released in multiple parts beginning in the middle of 2021. …


In this tutorial, we will walk through setting up a basic Ruby on Rails app to securely authenticate with an OAuth2 server using the authorization code grant.

Many Rails applications traditionally handle authentication, authorization, and user management within the framework itself. There are many strategies for implementing, including using a handy gem like devise. With FusionAuth however, we are able to separate our auth concerns from our application. Right away, we can scale our user base independently of our main application. …


FusionAuth and Xkit came together for this blog post to share how you can use our services to boost your engineering team’s productivity. If you’re working on growing your SaaS business, you know just how much your engineers have on their plates. At both FusionAuth and Xkit, we believe that outsourcing what you can — like authentication and integration infrastructure — lets your team focus on the products and services that drive your business.

We’ve written this post to lay out how you can use our services together to simplify your auth and build native integrations into your app faster…


Letting a user register and provide custom profile data solves the problem of bringing such data into your auth system. But how can you manage the data as it changes over time?

After people register, you will want to enrich or change their profile. Sometimes this happens via automated systems. In that case, you can use an API. But what if you want to allow employees or other humans to update a user profile data?

Let’s set the stage. Suppose you created a custom registration form for a real estate search application, as outlined in this blog post series. …


In a recent article, we set up an API gateway with microservices for an eCommerce enterprise. FusionAuth handled our centralized authentication and then we passed user details for authorization to the microservices.

In this article, we’ll build on the example project from that article, focusing on tightening up security by implementing JSON Web Token (JWT) authorization. This is a critical security concern because we don’t want to allow just any application to call our microservices. You may want to re-read the Centralized Authentication with a Microservices Gateway post to refresh your memory. …


In this post, the goal is to allow web browsing only for users who have been authenticated. Imagine a campsite, a hotel, or a company that wants to provide this service to its visitors. There should also be adequate network infrastructure, but that’s beyond the scope of this post.

The proposed solution is a minimal, functional and highly customizable proof of concept.

I say customizable because there are obvious extensions. You may want to allow internet use in certain time slots, rather than just for a limited time or provide access without authentication to the boss’s computer! …


In this tutorial, we are going to learn how to secure a golang program with OAuth while using FusionAuth as the auth provider. Authentication and authorization are essential for any application, and golang apps are no different.

First, we will set up the FusionAuth server. Then, we’ll configure the golang program to construct a URL to direct a user to a login form generated by FusionAuth. Lastly, we will learn how to make use of an access token in order to get user data using OIDC.

You can follow along conceptually, or check out the GitHub repo with the complete…


Once you have migrated an application to use a modern identity provider, how can you migrate your users?

Previously, we updated a legacy line of business PHP application to use OAuth and FusionAuth to authenticate users. At the end of that post, “The ATM” application worked well for new users. But how do you migrate existing users without impacting their ability to use the application to do their job?

This is part of a two part series. Here are all the posts:

  1. Securing your legacy PHP business application with OAuth
  2. How to migrate your legacy user data to a centralized…

FusionAuth

Auth for built for devs. Installs on any server, anywhere in the world. Integrates with any codebase.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store