Blog
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
Security
/ 8 Jan, 2025Protecting against malicious OAuth 2.0 applications
Several Chrome extension developers were compromised in recent weeks by an attack seeking to create a backdoor in the extensions. The root cause of the breach was a phishing email that leveraged OAuth 2.0/OIDC to steal the user credentials. This blog post explores the details of such attacks and how SlashID can help detect them and contain the blast radius.
Deep Dives
/ 24 May, 2023Passkeys - Threat modeling and implementation considerations
In this blog post, we review the current state of the technology from a security standpoint and we’ll discuss some critical aspects of passkey implementation.
New Feature
/ 12 May, 2023Authentication flows with SlashID
Implement MFA and Step-Up Authentication in React applications with SlashID.
Tutorial
/ 20 Feb, 2023Using Google Tink to sign JWTs with ECDSA
In this blog post, we will show how the Tink cryptography library can be used to create, sign, and verify JSON Web Tokens (JWTs), as well as to manage the cryptographic keys for doing so.
New Feature
/ 9 Feb, 2023React SDK support for <Groups>
With the latest React SDK release we are introducing a new control component, <Groups>. You can use <Groups> to conditionally render parts of the UI depending on whether the authenticated user belongs to specific Groups.
New Feature
/ 18 Jan, 2023Sign-in and Sign-up React component release
Today we’re happy to announce the next step in that journey to deliver a streamlined, low friction onboarding experience to our customers with the release of our sign-up/sign-in form component.
New Feature
/ 16 Jan, 2023Fetching Google Groups with SlashID SSO
Use SlashID to fetch Google Groups as part of a user authentication flow.
Experiments
/ 18 Dec, 2022In-browser HSM-backed Encryption with Tink and Wasm
This post explores how to use Wasm to lift Tink to JavaScript and how you can leverage it to perform client-side encryption directly from the browser, backed with a master key stored in a HSM.
New Feature
/ 28 Nov, 2022Official React SDK release
Today we’re excited to announce the public release of the official SlashID React SDK In this blog post we’ll go over the design pillars, main features, and why we’re thrilled about what’s coming next.
Open Source
/ 12 Nov, 2022Adding Identity to Docusaurus
Today we are releasing the docusaurus-slashid-login theme as well as a fork of docusaurus-openapi-docs. The slashid plugin enables you to add out of the box authentication to docusaurus. The docusaurus-openapi-docs fork allows you to autofill API keys data, API parameters and more through slashid user attributes.
