![\"benefits-identity-governance\"](\"/0b487b37115af190758bcddf277302c4/benefits-identity-governance.webp\")
Identity Governance and Administration (IGA) is defined as the branch of Identity and Access Management (IAM) responsible for making these access approvals while aiding in auditing and meeting compliance standards of some industries.
\nIn its essence, Identity Governance is about automating the process of giving relevant data access levels to varying stakeholders. Identity Governance is based on the Identity Governance Framework, a project that aimed to standardize the treatment and facilitation of identity information usage in enterprises.
\nAt present, IGA is used by several entities across different industries to improve data security of their systems and meet regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), and the Gramm-Leach-Bliley Act (GLBA).
\nWhile it goes without saying that it should be any business’s priority to safeguard classified information on itself as well as the sensitive and personally identifiable information (PII) of its consumers, that isn’t what IGA is all about.
\nAmong other merits, IGA is also important for retaining efficiency through a seamless transition in access rights when an employee switches departments or gains privilege access when he or she gets promoted to an administrative position.
\nUser identities are an essential factor in the protection and monitoring of data. In a predominantly tech-intensive world, enterprises of all sizes need to do their best at safeguarding classified and personal information from cyber-attacks.
\nNo matter how big or small, a firm needs to protect its cyber existence and the trust that its consumers placed in it.
\nLike most of the tech space, IGA has been moving towards cloud governance as well. Leaders in the field integrate their Identity Governance solutions with cross-domain capabilities, hence, allowing administration of cloud as well as on-premises applications.
\nManual control of user access, i.e., manually altering the provisioning or deprovisioning of access to data, is inefficient and tedious. Not to mention, it is susceptible to human error. It also distracts the IT staff from other intensive tasks that demand effective human intervention.
\nUsing an automated and specialized access certification issuing system frees up human capital for core business activities.
\nIGA adds more functionality to the mainstream Identity Management systems. IGA enables an entity to audit access reports for compliance requirements. IGA solutions automate the process of provisioning and deprovisioning the access to certain data by a stakeholder throughout their Access Lifecycle.
\n
In the digital age of immediacy and the consequent instant availability of information, we’re no longer used to waiting for hours or even minutes to have access to the information needed. Identity Governance can be a key contributor to improving CX (Consumer Experience).
\nThe Identity Administration part of a typical IGA system would allow for a centralized or designated approval location to be set for different data sets. Hence your stakeholders can conveniently ask for approvals.
\nThis, at the same time, also allows you to track activity that may seem suspicious and hence kick out the perpetrator before any breaches.
\nThe ongoing pandemic has made the importance of flexibility clear. Always working on-premises and using safe and secured corporate devices and networks is unrealistic in the new context.
\nThis restates the importance of IGA, through which the firm can allow remote access, albeit limited for security, on employees’ personal devices for the operations to keep running.
\n![\"enterprise-buyer-guide-to-consumer-identity\"](\"/8d142c4bce979012259a782b37ef2f2f/enterprise-buyer-guide-to-consumer-identity.webp\")
Since IGA was essentially built to meet corporate regulations on data accessibility, it might seem obvious that it helps an entity meet these regulations. However, you will at first need to make sure that the necessary controls are in place to comply with the security and privacy standards set out by data-laws.
\nApplications, devices, data, and stakeholders are all linked through the IGA solutions. Consequently, the system can determine who has access to which information, device, and/or application, hence, helping it in making access reports that are relevant to the questions that come up during regulatory auditing.
\n![\"loginradius-identity-governance-solution\"](\"/5f08c8a31e74c04e1a3c28291d93ba2f/loginradius-identity-governance-solution.webp\")
The fundamental factor underpinning IGA is data governance. LoginRadius offers world-class data governance, which, consequently, bolsters your organization’s cybersecurity and the virtual security of your consumers.
\nHere’s how LoginRadius’ data governance solutions are remarkably effective at aiding identity governance in your organization:
\nComprehensive Encryption: All data moving from one server to another does so over HTTPS tunnels that are encrypted using industry-standard ciphers.
\nTransparent data consent and preference management dashboard:
\nThe demand for IGA is growing year on year. The increased agility granted by introducing IGA in a company’s application ecosystem and elsewhere has logical merit.
\nNeedless to say, so does the issue of relevant access certification to designated stakeholders. With the automation of policy management and auditing, adding to its favor, identity governance seems immensely important in an increasingly agility-demanding and virtual work environment.
\n![\"book-a-demo-loginradius\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
Businesses are accountable to consumers that trust them with their personal data. So, they should not only be protecting it but also should be explaining how they are managing and processing such data.
\nOur recently launched Privacy Policy Management serves as the central place where businesses maintain versions of their privacy policy, notify consumers when it changes, or get their acceptance of the newer versions.
\n![\"privacy-policy-loginradius\"](\"/c29788d47d12bf23b1516637bc3d2437/privacy-policy-loginradius.gif\")
With LoginRadius Privacy Policy Management, we achieve the following benefits for businesses.
\nAs the global compliance and data protection landscape continue to evolve, LoginRadius offers the following capabilities:
\n![\"privacy-policy-management-datasheet\"](\"/14b177c94e35a01d330efdea91227cef/privacy-policy-management-datasheet.webp\")
LoginRadius supports the following implementation and deployment methods for Privacy Policy Management.
\nBusinesses cannot escape from maintaining privacy policy versions and workflows for their consumers. Looking forward, LoginRadius' Privacy Policy Management will effortlessly ensure a holistic insight into privacy policies where consumers are notified about new updates, everytime.
\n
The goal of this post is to learn about the various ways of data migration in MongoDB that can help us to write scripts that change your database by adding new documents, modifying existing ones.
\nIf you're coming here for the first time, please take a look at the prequel Self-Hosted MongoDB.
\nAlright then, picking from where we left off, let's get started with the data migration in MongoDB.
\nNow, the basic steps to migrate data from one MongoDB to another would be:
\nThis is very straight forward when the source database is not online because we know that there won't be any new documents created/updated during the migration process.\nLet's look at simple migration first before diving into the live scenario.
\nWe're going to use an existing utility program mongodump for creating the database backup.
\nRun this command in the source database server
\nmongodump --host="hostname:port" \\\n --username="username" --password="password" \\\n --authenticationDatabase "admin" \\\n --db="db name" --collection="collection name" --query='json' \\\n --forceTableScan -v --gzip --out ./dump--host: The source MongoDB hostname along with the port. It defaults to localhost:27017. If it is a connection string you can use this option —-uri=\"mongodb://username:password@host1[:port1]...\"
--username: Specifies a username to authenticate to a MongoDB database that uses authentication.
--password: Specifies a password to authenticate to a MongoDB database that uses authentication.
--authenticationDatabase: Specifies the authentication database where the specified --username has been created.
\n\nIf you do not specify an authentication database or a database to export, mongodump assumes the admin database holds the user's credentials.
\n
--db: Specifies the database to take a backup from. If you do not specify a database, mongodump collects from all databases in this instance.
\n\nAlternatively, you can also specify the database directly in the URI connection string i.e.
\nmongodb://username:password@uri/dbname.
Providing a connection string while also using--dband specifying conflicting information will result in an error.
--collection: Specifies a collection to backup. If you do not specify a collection, this option copies all collections in the specified database or instance to the dump files.
--query : Provides a JSON document as a query that optionally limits the documents included in the output of mongodump.
\nYou must enclose the query document in single quotes ('{ ... }') to ensure that it does not interact with your environment.
\nThe query must be in Extended JSON v2 format (either relaxed or canonical/strict mode), including enclosing the field names and operators in quotes e.g. '{ \"created_at\": { \"\\$gte\": ISODate(...) } }'.
\n\nTo use the
\n--queryoption, you must also specify the--collectionoption.
--forceTableScan: Forces mongodump to scan the data store directly. Typically, mongodump saves entries as they appear in the index of the _id field.
\n\nIf you specify a query
\n--query, mongodump will use the most appropriate index to support that query.
Hence , you cannot use--forceTableScanwith the--queryoption.
--gzip: Compresses the output. If mongodump outputs to the dump directory, the new feature compresses the individual files. The files have the suffix .gz.
--out: Specifies the directory where mongodump will write BSON files for the dumped databases. By default, mongodump saves output files in a directory named dump in the current working directory.
We will use a utility program called mongorestore for restoring the database backup.
Copy the backup directory dump to the new Database instance and run the following command:
\nmongorestore --uri="mongodb://user:password@host:port/?authSource=admin" \\\n --drop --noIndexRestore --gzip -v ./dumpReplace the credentials with the new database credentials. Unline in the previous step, the --authenticationDatabase option is specified in the URI string.
Also, use --gzip if used while creating the backup.
--drop: Before restoring the collections from the dumped backup, drops the collections from the target database. It does not drop collections that are not in the backup.\n--noIndexRestore: Prevents mongorestore from restoring and building indexes as specified in the corresponding mongodump output.
\n\nIf you want to change name of the database while restoring, you can do so using
\n--nsFrom=\"old_name.*\" --nsTo=\"new_name.*\"options.
However, it won’t work if you were to migrate withoplogswhich is a requirement in migration from an online instance.
The only challenge with migrating from an online database is not able to pause the updates during migration. So here is the overview of the steps,
\noplogs capture\n\nNow, to capture
\noplogs, a replica set must be initialized in the source and destination databases. This is because theoplogsare captured fromlocal.oplog.rsnamespace, which is created after initializing a replica set.
You can follow this guide to configure a replica set.
Oplogs, in simple words, are the operation logs created per operation in the database. They represent a partial document state or, in other words, the database state. So we are going to capture any updates in our old database during the migration process using these oplogs.
Run the mongodump program with the following options,
\nmongodump --uri=".../?authSource=admin" \\\n --forceTableScan --oplog \\\n --gzip -v --out ./dump--oplog: Creates a file named oplog.bson as part of the mongodump output. The oplog.bson file, located in the top level of the output directory, contains oplog entries that occur during the mongodump operation. This file provides an effective point-in-time snapshot of the state of our database instance.
In order to replay the oplogs, a special role is required. Let's create and assign the role to the database user being used for migration.
\ndb.createRole({\n role: "interalUseOnlyOplogRestore",\n privileges: [\n {\n resource: { anyResource: true },\n actions: [ "anyAction" ] \n }\n ],\n roles: []\n})db.grantRolesToUser(\n "admin",\n [{ role:"interalUseOnlyOplogRestore", db:"admin" }]\n);Now you can restore using the mongorestore program with the following options,
\nmongorestore --uri="mongodb://admin:.../?authSource=admin" \\\n --oplogReplay \n --gzip -v ./dumpIn the above command, using the same user admin with whom the role was associated.
--oplogReplay: After restoring the database dump, replays the oplog entries from a bson file and restores the database to the point-in-time backup captured with the mongodump --oplog command.
Alright, so far we are done with most of the heavy lifting. The only thing that remains is maintaining consistency between the databases during the connection switch in our application servers.
\n\n\nIf you're running MongoDB version 3.6+, it's better to go for the Change Stream approach, which is a event-based mechanism introduced to capture changes in your database in an optimized way. Here is an article that covers it : An Introduction to Change Streams
\n
Check out the generic sync script, which you can run as a CRON job every minute.
\nUpdate the variables in this script and run as
\n$ ./delta-sync.sh from_epoch_in_milliseconds\n\n# from_epoch_in_milliseconds is automatically picked with every iteration if not suppliedOr you can set up a cron job to run this every minute.
\n* * * * * ~/delta-sync.shThe output can be monitored with the following command (I'm running RHEL 8, refer to your OS guide for cron output)
\n$ tail -f /var/log/cron | grep CRONThis is a sample sync log.
\nCMD (~/cron/dsync.sh)\nCMDOUT (INFO: Updated log registry to use new timestamp on next run.)\nCMDOUT (INFO: Created sync directory: /home/ec2-user/cron/dump/2020-11-03T19:01:01Z)\nCMDOUT (Fetching oplog in range [2020-11-03T19:00:01Z - 2020-11-03T19:01:01Z])\nCMDOUT (2020-11-03T19:01:02.319+0000#011dumping up to 1 collections in parallel)\nCMDOUT (2020-11-03T19:01:02.334+0000#011writing local.oplog.rs to /home/ec2-user/cron/dump/2020-11-03T19:01:01Z/local/oplog.rs.bson.gz)\nCMDOUT (2020-11-03T19:01:04.943+0000#011local.oplog.rs 0)\nCMDOUT (2020-11-03T19:01:04.964+0000#011local.oplog.rs 0)\nCMDOUT (2020-11-03T19:01:04.964+0000#011done dumping local.oplog.rs (0 documents))\nCMDOUT (INFO: Dump success!)\nCMDOUT (INFO: Replaying oplogs...)\nCMDOUT (2020-11-03T19:01:05.030+0000#011using write concern: &{majority false 0})\nCMDOUT (2020-11-03T19:01:05.054+0000#011will listen for SIGTERM, SIGINT, and SIGKILL)\nCMDOUT (2020-11-03T19:01:05.055+0000#011connected to node type: standalone)\nCMDOUT (2020-11-03T19:01:05.055+0000#011mongorestore target is a directory, not a file)\nCMDOUT (2020-11-03T19:01:05.055+0000#011preparing collections to restore from)\nCMDOUT (2020-11-03T19:01:05.055+0000#011found collection local.oplog.rs bson to restore to local.oplog.rs)\nCMDOUT (2020-11-03T19:01:05.055+0000#011found collection metadata from local.oplog.rs to restore to local.oplog.rs)\nCMDOUT (2020-11-03T19:01:05.055+0000#011restoring up to 4 collections in parallel)\nCMDOUT (2020-11-03T19:01:05.055+0000#011replaying oplog)\nCMDOUT (2020-11-03T19:01:05.055+0000#011applied 0 oplog entries)\nCMDOUT (2020-11-03T19:01:05.055+0000#0110 document(s) restored successfully. 0 document(s) failed to restore.)\nCMDOUT (INFO: Restore success!)You can stop this script after verifying that no more oplogs are being created, i.e., when source DB went offline.
This concludes the complete self-hosted MongoDB data migration guide. If you want to learn more about MongoDB here is a useful resource on how to use MongoDB as datasource in goLang.
\n","frontmatter":{"date":"December 14, 2020","updated_date":null,"description":"This article covers the guide to migrate data from offline or live MongoDB instance using oplog replay alongside mitigate connection switch latency with existing utilities.","title":"How to Migrate Data In MongoDB","tags":["MongoDB"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.4184397163120568,"src":"/static/358a76df2469bd65a47d7ec0a70675d7/58556/index.webp","srcSet":"/static/358a76df2469bd65a47d7ec0a70675d7/61e93/index.webp 200w,\n/static/358a76df2469bd65a47d7ec0a70675d7/1f5c5/index.webp 400w,\n/static/358a76df2469bd65a47d7ec0a70675d7/58556/index.webp 800w,\n/static/358a76df2469bd65a47d7ec0a70675d7/e30b5/index.webp 1000w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Chinmaya Pati","github":"cnp96","avatar":null}}}},{"node":{"excerpt":"For many businesses, login security is still an unexplored corner that does not get much attention. In reality, there are so many mistakes…","fields":{"slug":"/identity/login-security/"},"html":"For many businesses, login security is still an unexplored corner that does not get much attention.
\nIn reality, there are so many mistakes that can leave your account vulnerable to cyber threats. Hackers can read your email, transfer money out of your bank account, sell your data in the dark web, expose your session to a CSRF attack, hijacked sessions, etc.
\nNo wonder security executives and flag bearers emphasize the advantages of a secure and optimized login process—not just from the consumer's perspective but also from ensuring business credibility.
\nIt's hard out there to secure login. If a hacker gets hold of your account, they can do anything with it (it can get as worse as leaving the account owner bankrupt).
\nSo when you ask how bad can it get, you are actually asking about the common login security vulnerabilities. And that means you need to be on the lookout for the following flaws:
\nWhen consumers create their own passwords, there is always a possibility that they will come up with credentials that are weak and easily vulnerable to cyber attacks. Because consumers are more inclined to have something that's easy to remember, they may subconsciously skip password security best practices. As a result, hackers can adjust their brute-force systems and crack open passwords in no time.
\nWhen hackers use a method of trial and error to guess correct passwords, that's a brute-force attack. Usually, these attacks are automated using a list of frequently used usernames and passwords. Hackers use dedicated tools to make vast numbers of login attempts at high speed.
\nIt's one thing to educate your consumers about password complexity; for example, they should use upper case letters, numbers, and special characters. But it is an entirely different story when you take the initiative to implement it. Ensure that for every account, a consumer's password is unique. That means no repeats!
\nWhile thousands of threats are discovered daily, one of the greatest risks an organization may take is failing to repair or \"patch\" certain vulnerabilities once they are found. It is quite common for consumers to dismiss the \"update available\" alerts that show up in some programs because they do not want to waste a few minutes of their time. They aren't aware of the fact that updating patches can save them from ruthless cyberattacks.
\nIt happens when hackers psychologically manipulate consumers into giving up their login credentials. Some common warning signs of social engineering attacks include asking for immediate assistance, luring with too good to be true offers, and threatening reprimands if their requests are ignored.
\n![\"login-security-vulnerabilities\"](\"/3c719042c5a438eda7a9b239b2f9fcef/login-security-vulnerabilities.webp\")
Each risk has individual implications. Therefore, to keep your consumer's login secure, you need to prevent as many vulnerabilities as possible. Here are a few best login security practices that every organization should follow.
\nHandle consumers' login credentials with care. Never store them as plaintext passwords. Instead, go for cryptographically strong password hashes that can not be reversed. You can create those with PBKDF2, Argon2, Scrypt, or Bcrypt.
\nIt is important to salt the hash with a value special to that particular login credential. Do not use obsolete hashing technologies such as MD5, SHA1, and you should not use reversible encryption in any condition or attempt to develop your own hashing algorithm.
\nBiometric authentication is a strong authentication and identity solution that relies on an individual's specific biological features like fingerprint, retina, face recognition, or voice to verify the individual's authenticity.
\nThe greatest advantage of biometrics is that in order to gather the information needed to circumvent the login, a hacker must be in the individual's physical vicinity. And that's not always possible!
\nMulti-factor authentication or MFA is adding multiple layers to the login process. If a hacker has compromised one of the factors, the chances of another factor still being compromised are low, so having multiple authentication factors offers a greater degree of certainty about the login security of consumers.
\nHowever, note that each security layer should be guarded by a different tags: something your consumers know, something they have, or something they are. For example, if your consumer has associated their phone number as the second layer of authentication, a one-time passcode (OTP) will be sent to the phone. So, if hackers do not have the phone, they cannot get the code, meaning they cannot log in.
\n
Force your consumers to choose a strong password. Here are a few tips that will ensure that their login security is as strong as possible.
\nSuppose you allow consumers to enter their login credentials or reset their passwords as many times they want. In that case, hackers may indulge in brute-force attempts by entering different combinations until the account is cracked.
\nTherefore, it is a good practice to limit the number of failed login attempts per user or block the user based on the IP. You can also add a captcha, say, after the fifth attempt. But don't add the captcha after the first attempt, it does not sound right from the consumer experience.
\nSession length is a frequently neglected component of security and authentication. You may have a good justification to keep a session open indefinitely. But from a login security point of view, you need to set thresholds for active sessions, after which you should ask for passwords, a second factor of authentication, or other methods of verification to allow re-entry.
\nConsider how long a user should be allowed to remain inactive before you prompt them to re-authenticate. That's up to you. Also, prompt the user to re-verify in all active sessions after changing the password.
\nIf you are using a consumer identity and access management service like LoginRadius, a lot of login security issues are addressed for you automatically. Some of the common activities include:
\nThese are possible improvements, basic for any enterprise. Engineering them properly into your consumer accounts can prevent login security abuse to a great extent.
\nTo combat these common vulnerabilities, organizations can implement advanced authentication methods. Here are some effective strategies:
\nPassword hygiene is a necessity. Encourage consumers to choose strong passwords by enforcing rules such as:
\nAuthenticating consumers is tricky and cumbersome. Taken together, a CIAM solution can help a great deal in offering login security. It incorporates the above techniques and all best practices to filter authorized access and prevent common attack scenarios.
\n1. What do you mean by login security?
\nLogin security refers to measures taken to protect your login credentials (such as usernames and passwords) from unauthorized access, ensuring the safety of your online accounts.
\n2. How do I make my login secure?
\nTo make your login secure, use strong, unique passwords, enable multi-factor authentication (MFA), avoid sharing login information, and be cautious of phishing attempts.
\n3. How do I protect my login information?
\nProtect your login information by using secure passwords, avoiding public Wi-Fi for logging in, enabling two-factor authentication, and regularly updating your passwords.
\n4. What is the difference between login security and rights security?
\nLogin security focuses on protecting the access to an account through authentication methods like passwords and biometrics. Rights security involves managing permissions and access levels within an account and determining what actions a user can perform once logged in.
\n
This guide uses LoginRadius API for authenticating React apps. It provides React developers with a more straightforward way to add user authentication to react apps. To handle a lot of authentication implementation information, LoginRadius offers a high-level API. Using security best practices, now you can protect your response apps while writing less code.
\nThis article focuses on helping developers learn how to integrate user authentication in the React application. Practice the following security principles to improve authentication on React applications:
\nIn the React application, we can easily and quickly add authentication by using LoginRadius. If you already have a customized login/registration page ready, then I'll guide you to the next step of adding authentication in react apps.
\nA new application was created for you when you signed up for LoginRadius. From here, you get some essential information.
\n<script type="text/javascript" src="https://auth.lrcontent.com/v2/LoginRadiusV2.js"></script>We will use an API framework to call LoginRadius APIs for authentication. Create a new file LoginPage.js, and add the following code.
\n import React, { useState } from "react";\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n };\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n const LoginButton = () => {\n const loginButtonHandler = () => {\n loginradius.api.login({emailid: emailValue,\n password: passwordValue},\n (successResponse)=>{\n //Here you will get the access Token of \n \n \n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n });\n }\n const [emailValue, updateEmailValue] = useState("");\n const [passwordValue, updatePasswordValue] = useState("");\n return (\n <React.Fragment>\n <input type="text" value={emailValue} onChange={(e)=>{updateEmailValue(e.target.value)}} placeholder={"email"}/>\n <input type="password" value={passwordValue} onChange={(e)=>{updatePasswordValue(e.target.value)}} placeholder={"Password"} />\n <button onClick={() => loginButtonHandler()}>Log In</button>\n </React.Fragment>\n );\n };\n export default LoginButton;In the above code, you will see the lrConfig object, which has apikey that you will get from the LoginRadius account. After calling loginradius.api.login, you will get the response in which you will get the access Token. Through this access token, you can get the user profile.
Create LogoutPage.js file and add following code:
\n import React, { useState } from "react";\n\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n };\n\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n\n const LogoutButton = () => {\n const token = '************'; // Access Token that you got after login\n const logoutButtonHandler = () => {\n //Note: Call invalidate token api to invalidate the token.**\n loginradius.api.invalidateToken(\n token,\n (successResponse)=>{\n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n }\n );\n }\n return (\n <React.Fragment>\n <button onClick={() => logoutButtonHandler()}>Logout</button>\n </React.Fragment>\n );\n };\n export default LogoutButton;In the above code, we have called invalidated token api, which expires your access token.
\nCreate SignupPage.js file and add the following code:
\n import React, { useState } from "react";\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n sott: "***************************" //Secure Token for signup functionality\n };\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n const SignupButton = () => {\n const signupButtonHandler = () => {\n loginradius.api.registration({\n email: [{ type: "Primary", value: emailValue }],\n password: passwordValue\n },\n (successResponse)=>{\n //Here you will get the response after registration\n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n });\n }\n const [emailValue, updateEmailValue] = useState("");\n const [passwordValue, updatePasswordValue] = useState("");\n return (\n <React.Fragment>\n <input type="text" value={emailValue} onChange={(e)=>{updateEmailValue(e.target.value)}} placeholder={"email"}/>\n <input type="password" value={passwordValue} onChange={(e)=>{updatePasswordValue(e.target.value)}} placeholder={"Password"} />\n <button onClick={() => signupButtonHandler()}>Log In</button>\n </React.Fragment>\n );\n };\n export default SignupButton;In the above code, You will get a success/error response after calling the registration api.
\nThe most common authentication use case for a React application gets covered in this tutorial: quick login and logout. However, LoginRadius is an expandable and versatile platform that can help you accomplish much more. In this guide, We have used the LoginRadius API Framework. If you want to incorporate our hosted page into your application, follow this documentation.
\nLet me know what you think of this tutorial in the comments below. Thanks for reading :)
\n","frontmatter":{"date":"December 10, 2020","updated_date":null,"description":"This article focuses on helping developers learn how to integrate user authentication in React applications and determine the basic principles of authentication with React.","title":"A Guide To React User Authentication with LoginRadius","tags":["Authentication","LoginRadius","React"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/a877f5fa04ac6dd24b63bb101cc8302d/58556/authentication-main.webp","srcSet":"/static/a877f5fa04ac6dd24b63bb101cc8302d/61e93/authentication-main.webp 200w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/1f5c5/authentication-main.webp 400w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/58556/authentication-main.webp 800w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/99238/authentication-main.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Versha Gupta","github":"vershagupta","avatar":null}}}},{"node":{"excerpt":"Web authentication or WebAuthn is a new standard for authentication published by the World Wide Web Consortium and supported by the FIDO…","fields":{"slug":"/engineering/webauthn-authentication-application/"},"html":"Web authentication or WebAuthn is a new standard for authentication published by the World Wide Web Consortium and supported by the FIDO alliance. The standard works by providing a way for users to authenticate through a third-party authenticator. These authenticators can be built into the operating system software, like Windows Hello or Android biometrics, or through external authenticators, like a USB authenticator.
\nThis article will cover a high-level description of how WebAuthn works and two different ways an application can be set up to use the WebAuthn standard to authenticate users. One is through a basic registration flow where the authenticator data is stored upon registration and must be used to log in. The other is a flow where the authenticator can be used as a second-factor authentication method, prompted after a user logs in. For more information on this, resources like the World Wide Web Consortium documentation can be useful.
The WebAuthn authentication process involves the interaction between three entities: The relying party, which is the server that handles the credentials of the authenticator and verifies it, a web browser that should support the web authentication protocol, and the authenticator itself.
\nThe registration process begins when the client generates some sort of identifying information about themselves. Typically, this would be a user name or an email from the user but could be another identifier sent from the client, such as a randomly generated GUID. Using the Web Authentication APIs with JavaScript, the client can request the relying party to register the authenticator credentials.
\n![\"WebAuthn](\"/edf508fc06c12e6ed0eba68501a97ea2/webauthn-flow.webp\")
After receiving the request from the client, the relying party generates a challenge based on the options provided by the client. The client receives the response and attempts to get the user to verify the authenticator being used. For example, with Windows Hello as the authenticator, the user can enter their PIN. After verifying the authenticator, it signs the challenge-response back with identifying details and returns it to the relying party, which validates the authenticator and registers the user.
\nWhen the registration begins, options are set from the relying party that changes how the flow will work. You can find a list of the options in this document on W3C. Here are some examples of the significant options that one might set for their flows:
\nThe authentication or login process is similar to the registration process. Using the JavaScript libraries, the authenticator passes identifying information to the relying party. The relying party returns a challenge, which should be validated by the user, processed by the authenticator, and finally validated by the relying party. User verification is checked from the options, but a majority of the options have been reduced as no credentials are generated or saved on either end.
\nWhen setting up WebAuthn as an authentication method for your application, two considerations are to use the standard as a primary registration and authentication method or as a second-factor authentication method.
\nAs a primary authentication method, the authenticator identification and credentials are stored by the server at the same time the user account is created.
\nTo begin, use the Web Authentication API to initiate the flow:
\nLet publicKeyCredentialCreationOptions = {\n user: {\n id: “1234”,\n name: "example@example.com",\n displayName: "example",\n },\n authenticatorSelection: {\n authenticatorAttachment: "platform",\n },\n attestation: "direct"\n};\n\nconst credential = await navigator.credentials.create({\n publicKey: publicKeyCredentialCreationOptions\n});For this section, the creation options are generated by the client. In other scenarios, including this blog's example, the options are generated from the relying party by retrieving them via an API call.
\nAfter the browser triggers this code, the authenticator will be prompted for validation. Since the authenticatorAttachment is set to 'platform', it would use the device's authenticator, like Windows Hello or an Android fingerprint scan.
\nThe data returned from the creation of the credentials will have a structure like this:
\nPublicKeyCredential {\n id: 'ADSUllKQmbqdGtpu4sjseh4cg2TxSvrbcHDTBsv4NSSX9...',\n rawId: ArrayBuffer(59),\n response: AuthenticatorAttestationResponse {\n clientDataJSON: ArrayBuffer(121),\n attestationObject: ArrayBuffer(306),\n },\n type: 'public-key'\n}This object should be passed to the relying party to complete the registration. The relying party verifies that the credentials passed in are correct and stores the identifier and credentials in the data store. In addition to storing the credentials object, any other registration variables should be passed in this step to register on your data store.
\nTo use this flow as part of a second-factor authentication process, the user account should be created before initiating this process with an already existing authentication method, like a password system. After the user account is created, running this flow should update the current user in the data store with the credential data. This will allow the second-factor authentication credentials to be configured and triggered after a password login.
\nMost programming languages have a library built that supports WebAuthn for a relying party server. For example, Duo has created them for Python and Go. Using one of these libraries during the development of the relying party server will simplify the process. These resources also provide demos on how to implement their libraries to handle the credential data generated by the JavaScript Web Authentication APIs.
Although the usage of WebAuthn is not widespread at the moment, the potential to authenticate a user passwordless or with the extra security of an authenticator allows it to be a strong contender in the future over regular password authentication flows. Hopefully, this blog helps you get started on your authentication apps with WebAuthn.
\n","frontmatter":{"date":"December 09, 2020","updated_date":null,"description":"Web authentication, or WebAuthn in short. A go-to guide for developers to learn more about WebAuthn API, and how to set it up in their services..","title":"WebAuthn: A Guide To Authenticate Your Application","tags":["WebAuthn","FIDO","Authentication"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/23998a17044eadfc099cb67908b28ac8/58556/webauthn-logo.webp","srcSet":"/static/23998a17044eadfc099cb67908b28ac8/61e93/webauthn-logo.webp 200w,\n/static/23998a17044eadfc099cb67908b28ac8/1f5c5/webauthn-logo.webp 400w,\n/static/23998a17044eadfc099cb67908b28ac8/58556/webauthn-logo.webp 800w,\n/static/23998a17044eadfc099cb67908b28ac8/99238/webauthn-logo.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Chris Yee","github":null,"avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":648,"currentPage":109,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}