Sign in

You can harden your SPA security with Token Handler

With the web constantly evolving, Single Page Applications have become a prevalent style of applications used on the frontend. It is explained by higher demands on user experience and infrastructure management, which SPAs are great at. However, handling the security of such apps can be challenging.

SPA Security Problem


The original post was written by Jacob Ideskog and published in the Curity blog. You can read it here.

There’s a lot of activity in the identity community currently. Financial Grade APIs (FAPI), OAuth 2.1, WebAuthn, decentralized identity, and other facets are being actively maintained and updated. In addition, entirely…

  1. What is it?

The Hypermedia Authentication API lets you make another step in increasing User Experience and security of your applications. …

Mobile apps might be the most popular type of applications, having reached the number of almost 9 million, according to a new report from RiskIQ. However, when it comes to the security of users, they are not so highly favored.

The security vulnerability of mobile apps is closely connected to…

The world is different, time for something new?

Jacob Ideskog, CTO @ Curity (

The Past

For centuries, proving identity and allowing access to certain information, crossing borders, or gaining permission for a certain activity was a matter of official certifications, identity cards, passports, and special seals that proved who

10 things you need to know about JWTs in questions and answers

JWTs are JSON web tokens that are widely utilized in OAuth and OpenID Connect. In fact, their application is so popular that the main principles of their use are quite often overlooked. However, the basics should not be forgotten.

So, that is why we decided to brush some dust off…

We’ve outlined some key things to keep in mind when designing and building APIs.

Today we are witnessing the rise of the API economy, where APIs play an essential role in business success. However, this development raises new challenges. In 2017, Gartner predicted that by 2022, API abuses will be…

Neo-security Architecture

And why should it be a consideration when mapping out your security architecture?

Neo-Security Architecture is a modular and open-standard-based security architecture that aims to secure and assert legitimate access to APIs and services as well as web and mobile applications.

The Neo Security architecture is intended to be used as a roadmap, to be ready when new needs arise. It provides a…

Authentication API

Jacob Ideskog — CTO @

Ever since the OAuth 2.0 specification was finalized, we have dealt with the limitations of the Resource Owner Password Flow (ROPC). It was intended as a flow to support legacy applications that did not have a browser available, or to be used as a…

Computer systems built today have very little in common with what we built only a few years ago. Systems have evolved from classic client-server solutions, into distributed systems that span over many data centers and geolocations. DevOps teams are now able to build applications that scale up and down effortlessly…


Curity is the leading supplier of API-driven identity management, providing unified security for digital services. Visit or contact

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store