
Browser-Based OAuth Client: The architecture you shouldn't be using
Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...
June 3, 2026
Categories

Of all possible browser-based OAuth architectures, the Browser-Based OAuth Client (BBOC) pattern is the least secure. Despite this, BBOC remains the most...
June 3, 2026

This post discusses the Token-Mediating Backend (TMB) authentication architecture for OAuth 2 applications. It covers how secure TMB is, when to use it, and...
May 7, 2026

On September 8, 2025, developer Josh Junon received what looked like a legitimate npm two-factor authentication (2FA) reset email. Within hours, malicious code...
April 22, 2026

We started making FusionAuth compliant with the General Data Protection Regulation (GDPR) as soon as the regulation was adopted. Although to be honest, there...
October 14, 2024

FusionAuth has had our SOC2 Type 2 for a few years now. Yes, we took the red pill early and dove head first into what has mostly become a requirement in the...
September 20, 2023

At the end of the OAuth Authorization Code grant, after a user presents their credentials at login, a code is returned which can be exchanged for one or more...
January 19, 2023

FusionAuth, the authentication and authorization platform built for developers, today announced it has received its SOC 2 Type 2 certification. Achieving SOC 2...
April 21, 2022
Showing 1to 7of 19results
Get updates on techniques, technical guides, and the latest product innovations coming from FusionAuth.