Blog
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
New Feature
/ 10 Jun, 2024Credential Tokenization: Protecting third-party API credentials
Stolen secrets and credentials are one of the most common ways for attackers to move laterally and maintain persistence in cloud environments. In this blog post we introduce credential tokenization to protect secrets at runtime, introduce separation of duties, and reduce the credential rotation burden.
New Feature
/ 3 Jun, 2024Secure API and M2M Access with OAuth2 Client Credentials and SlashID's sidecar
The recent Hugging Face breach is yet another reminder that securing machine-to-machine communication and API access is essential today. By leveraging OAuth2 Client Credentials, you can enhance security, enable fine-grained access control, simplify credential management, and benefit from a standards-based approach.
New Feature
/ 14 May, 2024Introducing Organization Attributes
With organization attributes, you can now easily store and manage tenant-level data directly on our platform.
New Feature
/ 24 Apr, 2024Introducing Anonymous Users: Balancing First-Party Data Collection and User Experience
With the deprecation of third-party cookies, first-party data has become crucial for websites to personalize user experiences. SlashID introduces Anonymous Users, a feature that allows websites to collect user data without forcing users to register or log in, striking the perfect balance between data collection and user experience.
Product Releases
/ 2 Apr, 2024SlashID SDK for PHP and Laravel authentication
While very popular, PHP lacks modern identity and access management (IAM) capabilities. SlashID changes that with the release of our SDK for PHP and Laravel. This is just the beginning; according to W3Tech PHP is used by over 76% of indexed websites. In the weeks to come, we aim to cover other popular frameworks such as Drupal and Symfony.
Deep Dives
/ 6 Mar, 2024Adding custom claims to identity tokens
Adding custom claims to JWTs allows you to share identity information without repeated queries to external data sources. Read on to learn how to customize claims with SlashID's webhooks.
New Feature
/ 19 Feb, 2024SlashID: Building a globally distributed Identity Platform
We built the SlashID infrastructure so that your user data is globally distributed. Our architecture helps applications using SlashID benefit from dramatically reduced latency, high availability and comply with data protection laws without fragmented identity silos or extra fees.
Deep Dives
/ 31 Jan, 2024Passkeys Adoption Trends: Survey from Large Deployments
In this comprehensive blog post, we delve into the publicly available data on large-scale passkeys rollouts, examining results, conversion rates, and implementation challenges as documented in engineering blogs by companies like Kayak and Yahoo Japan.
Security
/ 18 Jan, 2024Single Sign-On implementation: Safely retrieving the email claim
A number of security issues have been discovered recently caused by the reliance on the email claim when using OpenID Connect (OIDC) for SSO. In this blog post we'll review some of the major OIDC providers to discuss how to retrieve the claim safely
