![\"OIDC](\"/92a85a64e1a313e22d9a33bd141fa714/OIDC-App.webp\")
First, let's understand:
\nSSO stands for Single Sign-On. It's an authentication process that allows a user to access multiple applications or systems with one set of login credentials (username and password). Instead of requiring users to log in separately to each application, SSO enables them to log in once and gain access to all the connected systems without needing to re-enter their credentials.
\nOpenID Connect (OIDC) is a protocol that builds on OAuth 2.0 to ensure secure user authentication and authorization. It adds an identity layer to OAuth 2.0, allowing applications to confirm a user's identity and gather basic profile information. OIDC utilizes JSON Web Tokens (JWTs) for these functions, aligning with OAuth 2.0's token acquisition methods. This integration enables seamless user authentication across different platforms, supporting features like single sign-on, where users can access multiple applications with one set of credentials managed by an identity provider.
\nLoginRadius is a high-performance, scalable identity and access management platform focused on customer-facing use cases. It offers comprehensive features and capabilities to help you implement user authentication and authorization and manage user data with built-in workflows and security controls.
\nOn these lines, LoginRadius offers built-in support for OIDC and the use of OIDC to implement SSO.
\nFirst, you need to create an OIDC application in LoginRadius to tailor user claim fields effortlessly. You can fine-tune these customizable user claims through LoginRadius' user-friendly interface. Subsequently, you can seamlessly integrate these claims into the token, enabling streamlined extraction and utilization within the application ecosystem.
\nIn essence, LoginRadius facilitates the setup of OIDC applications and offers customization capabilities through its intuitive interface. This ensures efficient management of user claims, ultimately contributing to a more personalized and secure authentication experience.
\nAfter setting up the OIDC app from the LoginRadius dashboard, you'll use the go-oidc library to configure our provider further and configure the oidc connect.
Go to OIDC Application Configuration and click on Add App button
\n
Enter the App name and click one of the following:
\nNative App, Single page App or Web App according to your application.
\n![\"OIDC](\"/dc9d3f7635cd7f1a5ed3a5806e7b8317/App-Setup.webp\")
After clicking the Create button, you'll get the OIDC application configuration page. This page contains details like your application's Client ID and Client Secret, which are necessary for setting up the OIDC provider and configuration when you code in Golang.
\n![\"OIDC](\"/79919f23bcc8f66944360d3832a09bb7/App-Credentials.webp\")
This array of configurable options empowers you to fine-tune your OIDC Application according to your specific requirements.
\nTo ensure seamless redirection of requests and successful callbacks to your endpoint, add your application's domain to the whitelist. This will authorize the redirection process and prevent failures when calling the callback endpoint.
\nhttps://localhost:8080\").![\"Whitelisting](\"/0baf77821f8c2128f1c1f044f1518959/Whitelisting-Domain.webp\")
LoginRadius lets you uniquely identify the redirect URLs for individual OIDC applications:
\nprovider, err := oidc.NewProvider(ctx, "`https://api.loginradius.com/{oidcappname}")`\nif err != nil {\n // handle error\n}\n\n// Configure an OpenID Connect aware OAuth2 client.\noauth2Config := oauth2.Config{\n ClientID: your-oidc-clientID,\n ClientSecret: your-oidc-clientSecret\n RedirectURL: redirectURL,\n\n // Discovery returns the OAuth2 endpoints.\n Endpoint: provider.Endpoint(),\n\n // "openid" is a required scope for OpenID Connect flows.\n Scopes: []string{oidc.ScopeOpenID, "profile", "email"},\n}When setting up a new provider, you'll need to input the LoginRadius OIDC App URL, typically in this format: https://{siteUrl}/service/oidc/{OidcAppName}
To seamlessly integrate this with your Go backend, create two essential APIs for setting up and configuring go-oidc:
By establishing these APIs, your Go backend efficiently handles the authentication flow, ensuring a smooth user experience while securely managing user identity and access.
\nHandle the callback hit that exchanged the authorization token for the access token:
\nvar verifier = provider.Verifier(&oidc.Config{ClientID: clientID})\n\nfunc handleOAuth2Callback(ctx *gin.context) {\n // Verify state and errors.\n authCode := ctx.query("code")\n\n oauth2Token, err := oauth2Config.Exchange(ctx, authCode)\n if err != nil {\n // handle error\n }\n\n // Extract the ID Token from the OAuth2 token.\n rawIDToken, ok := oauth2Token.Extra("id_token").(string)\n if !ok {\n // handle missing token\n }\n\n // Parse and verify ID Token payload.\n idToken, err := verifier.Verify(ctx, rawIDToken)\n if err != nil {\n // handle error\n }\n\n // Extract custom claims\n var claims struct {\n Email string `json:"email"`\n Verified bool `json:"email_verified"`\n }\n if err := idToken.Claims(&claims); err != nil {\n // handle error\n }\n}For both endpoints, let's review a sample backend server with implementation in Gin Golang.
\nFor OIDC integration with the Go backend, you'll implement it using the coreos/go-oidc library (feel free to check it out). This library provides comprehensive support for OIDC, allowing to easily verify tokens, extract user claims, and validate ID tokens. Its features ensure secure authentication and seamless integration with various OIDC providers.
\nWith the go-oidc library, you can efficiently implement OIDC authentication in the Go backend, guaranteeing users a smooth and secure authentication process.
go get github.com/coreos/go-oidc/v3/oidcpackage main\n\nimport (\n\t"encoding/json"\n\t"fmt"\n\t"io"\n\t"log"\n\t"net/http"\n\t"os"\n\n\t"github.com/coreos/go-oidc/v3/oidc"\n\t"github.com/gin-gonic/gin"\n\t"golang.org/x/oauth2"\n)\n\n// Define global OAuth2 configuration and OIDC provider.\nvar (\n\toauthConfig = &oauth2.Config{\n\t\tClientID: "your-client-id", // Replace with your LoginRadius Client ID\n\t\tRedirectURL: "http://localhost:8080/api/callback",\n\t\tClientSecret: "your-client-secret", // Replace with your LoginRadius Client Secret\n\t\tScopes: []string{"user"},\n\t}\n\tglobalProvider *oidc.Provider\n\tglobalOuthConfig *oauth2.Config\n)\n\n// Server struct holds interfaces like HTTP server, DBHelper, ServerProvider, MongoDB client, etc.\ntype Server struct {\n\n}\n\n// InitializeOAuthConfig sets up the global OAuth2 configuration and OIDC provider.\nfunc InitializeOAuthConfig() {\n\t// Create a new OIDC provider using the OAuth2 endpoint and OIDC provider URL.\n\tprovider, err := oidc.NewProvider(context.Background(), "https://<siteUrl>/service/oidc/<OidcAppName>") // Replace with your OIDC Provider URL\n\tif err!= nil {\n\t\tlog.Fatalf("Failed to create new provider: %v", err)\n\t}\n\tglobalProvider = provider\n\n\t// Set up the OAuth2 configuration with the client ID, secret, redirect URL, and scopes.\n\toauth2Config := &oauth2.Config{\n\t\tClientID: oauthConfig.ClientID,\n\t\tClientSecret: oauthConfig.ClientSecret,\n\t\tRedirectURL: oauthConfig.RedirectURL,\n\t\tEndpoint: provider.Endpoint(),\n\t\tScopes: []string{oidc.ScopeOpenID, "profile", "email"},\n\t}\n\tglobalOuthConfig = oauth2Config\n}\n\n// StartLoginProcess initiates the login process by redirecting the user to the OIDC provider.\nfunc StartLoginProcess(ctx *gin.Context) {\n\t// Generate the authorization URL for the OIDC provider.\n\tauthURL := globalOuthConfig.AuthCodeURL("state", oidc.Nonce(""))\n\t// Redirect the user to the OIDC provider for authentication.\n\thttp.Redirect(ctx.Writer, ctx.Request, authURL, http.StatusFound)\n}\n\n// HandleCallback processes the callback from the OIDC provider after the user has authenticated.\nfunc HandleCallback(ctx *gin.Context) {\n\t// Retrieve the authorization code from the query parameters.\n\tcode := ctx.Query("code")\n\n\t// Exchange the authorization code for an access token.\n\toauth2Token, err := globalOuthConfig.Exchange(ctx, code)\n\tif err!= nil {\n\t\tlog.Printf("Error exchanging code for token: %v", err)\n\t\treturn\n\t}\n\n\t// Extract the ID token from the OAuth2 token.\n\trawIDToken, ok := oauth2Token.Extra("id_token").(string)\n\tif!ok {\n\t\tlog.Println("Missing ID token")\n\t\treturn\n\t}\n\n\t// Verify the ID token using the OIDC provider.\n\tvar verifier = globalProvider.Verifier(&oidc.Config{ClientID: globalOuthConfig.ClientID, SkipClientIDCheck: true})\n\n\tidToken, err := verifier.Verify(ctx, rawIDToken)\n\tif err!= nil {\n\t\tlog.Printf("Error verifying ID token: %v", err)\n\t\treturn\n\t}\n\n\t// Extract claims from the verified ID token.\n\tvar claims interface{}\n\tif err := idToken.Claims(&claims); err!= nil {\n\t\tlog.Printf("Error extracting claims: %v", err)\n\t\treturn\n\t}\n\n\t// Respond with a success message.\n\tctx.JSON(http.StatusOK, gin.H{"message": "success"})\n}\n\n// InjectRoutes sets up the routes for the application, including login and callback endpoints.\nfunc (srv *Server) InjectRoutes() *gin.Engine {\n\trouter := gin.Default()\n\n\tapi := router.Group("/api")\n\t{\n\t\t// Define the login route that redirects users to the OIDC provider for authentication.\n\t\tapi.GET("/login", StartLoginProcess)\n\t\t// Define the callback route that handles the callback from the OIDC provider.\n\t\tapi.GET("/callback", HandleCallback)\n\t}\n\n\treturn router\n}\n\nfunc main() {\n\t// Initialize the OAuth2 configuration and OIDC provider.\n\tInitializeOAuthConfig()\n\t// Create a new server instance.\n\tserver := &Server{}\n\t// Inject routes into the Gin engine.\n\trouter := server.InjectRoutes()\n\t// Start the HTTP server.\n\tlog.Fatal(http.ListenAndServe(":8080", router))\n}The process described involves several key steps in setting up an OAuth2 flow with OpenID Connect (OIDC) for user authentication.
\nHere's a brief overview of what was done in the code:
\noidc.NewProvider function, which requires the OAuth2 endpoint and the OIDC provider's URL. This step is crucial for establishing a connection with the OIDC provider, enabling the application to authenticate users through the provider.oauthConfig) is set up with essential details such as the client ID, client secret, redirect URL, and scopes. These credentials are specific to the OIDC application registered with the provider (e.g., LoginRadius). The redirect URL is where the provider will send the user after authentication, and the scopes define the permissions requested from the user./api/callback. This endpoint handles the callback from the OIDC provider after the user has been authenticated.This process leverages the security and standardization provided by OIDC and OAuth2 to implement a secure authentication flow. By following these steps, the application can authenticate users through LoginRadius OIDC provider, ensuring that user credentials are managed securely and that the application can trust authenticated users' identities.
\nIn this tutorial, you have learned how to implement OIDC SSO with LoginRadius as the Identity Provider. You have also built a simple Golang backend with Gin to understand the implementation.
\n","frontmatter":{"date":"May 30, 2024","updated_date":null,"title":"How to Implement OpenID Connect (OIDC) SSO with LoginRadius?","tags":["SSO","OIDC","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/185a654052323b1a8fd3b9ee7f274ad3/58556/implementing-oidc-sso.webp","srcSet":"/static/185a654052323b1a8fd3b9ee7f274ad3/61e93/implementing-oidc-sso.webp 200w,\n/static/185a654052323b1a8fd3b9ee7f274ad3/1f5c5/implementing-oidc-sso.webp 400w,\n/static/185a654052323b1a8fd3b9ee7f274ad3/58556/implementing-oidc-sso.webp 800w,\n/static/185a654052323b1a8fd3b9ee7f274ad3/99238/implementing-oidc-sso.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Sanjay Velu","github":"SanjayV0","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/bruteforce-lock-and-unlock/"},"html":"First, let's understand some basic terminology.
\nIn LoginRadius, you can implement brute-force lockout using APIs.
\n\n\nTo implement brute-force lockout, please register in the LoginRadius Admin Console.
\n
Let's go through the API implementation of brute-force lockout and user unlock.
\n\n\nYou can view the created app using the link https://
\n<app-name>.hub.loginradius.com/auth.aspx in the implement section of the Identity Experience Framework or from the preview section.
In LoginRadius, the brute-force lockout feature can be enabled from the Admin Console.
\n![\"admin_bfl_page.webp\"](\"/d4fefb72eed8a8c22337eb1a58634dfa/admin_bfl_page.webp\")
![\"loginpage_with_data.webp\"](\"/74e2274825a55d924012bf48c28cdec8/loginpage_with_data.webp\")
\n
\n![\"successful_login.webp\"](\"/c6754bab6e942978fa8890e779759a9b/successful_login.webp\")
![\"incorrect_pwd.webp\"](\"/aca756d4489465f26ff81bc09fe7672d/incorrect_pwd.webp\")
\n\nIn the Admin Console, you can set the brute-force lockout threshold, lockout type, and suspend effective period.
\n
LoginRadius supports the following lockout types:
\nCAPTCHA:
\n\n\nRefer CAPTCHA in miscellaneous section to learn more.
\n
You can unlock the locked user account in two ways, using:
\n\n\nFor more understanding on Auth Unlock Account, refer Auth Security Configuration
\n
Calling the Account Update API with the provided endpoint, using the given method, providing the apisecret and apikey, and formatting the given body will unlock the account.
\nhttps://api.loginradius.com/identity/v2/manage/account/{uid}{\n ...\n "FirstName": "Test",\n "MiddleName": null,\n ...\n}{\n ...\n "LoginLockedType": "None",\n "Email": [\n {\n "Type": "Primary",\n "Value": "user1@yopmail.com"\n }\n ],\n ...\n}![\"unlocked_account_update.webp\"](\"/7388319d1164e569687328d8f65724ba/unlocked_account_update.webp\")
LoginRadius supports the following types of CAPTCHAs:
\nTo understand more about LoginRadius APIs, refer to the API docs.
\n","frontmatter":{"date":"May 29, 2024","updated_date":null,"title":"Testing Brute-force Lockout with LoginRadius","tags":["Brute-force","LoginRadius","Authentication"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/868ffd6ee6f1dcdc0618db2afa053099/58556/implementing-brute-force-lockout.webp","srcSet":"/static/868ffd6ee6f1dcdc0618db2afa053099/61e93/implementing-brute-force-lockout.webp 200w,\n/static/868ffd6ee6f1dcdc0618db2afa053099/1f5c5/implementing-brute-force-lockout.webp 400w,\n/static/868ffd6ee6f1dcdc0618db2afa053099/58556/implementing-brute-force-lockout.webp 800w,\n/static/868ffd6ee6f1dcdc0618db2afa053099/99238/implementing-brute-force-lockout.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Gayathri Suresh","github":"gayathrisuresh150501","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/smart-cache-redis-cloud-aws-elasticache-for-redis/"},"html":"LoginRadius is one of the leading and technologically advanced Customer Identity and Access Management (CIAM) solutions. Enterprise customers rely on our CIAM to manage end-user authentication and authorization. They typically serve hundreds of thousands to millions of end-users, making our CIAM a critical part of their IT infrastructure and value delivery.
\nOur backend consists of multiple microservices handling various identity and access management functions and workflows through APIs. And we use MongoDB as persistent storage for configuration data. For faster access and availability of this data, we deployed Redis in-memory cache through Redis Enterprise Cloud.
\nWe had our configuration cache set up in Redis Cloud. And to reduce the Redis Cloud latency, we kept the configuration cache at the application level in memory — but we ran into problems.
\nGenerally, customers don’t update their configurations so frequently. But when a customer updates their configuration, it doesn’t propagate in the backend until the server memory cache is purged — sometimes even taking several hours.
\nThis is bad for business: A customer updates configurations in response to a new requirement or rapidly changing business environment. If these changes take so much time for a digital identity process, it can affect end-users and, in turn, business outcomes. Simply imagine that a customer updated app configuration to accommodate a one-time flash sale, and end-users can’t place orders properly due to configuration update issues!
\nSo, we started evaluating various options to address these issues. We considered running multiple instances in the Redis Cloud and synchronizing them to minimize latency for all regions while ensuring customer configuration updates go live immediately. But this proved to be technically cumbersome and costly.
\nWe continued our research with various solutions and concluded that AWS ElastiCache for Redis best serves our needs.
\nAWS provides ElastiCache for Redis as a Redis Cloud alternative with all necessary capabilities. Also, we were already using AWS Cloud for some of our IT infrastructure needs.\nSo, we can deploy ElastiCache alongside the same infrastructure to solve the latency issues.
\nAccordingly, we have created ElastiCache instances in multiple AWS regions and set up the primary ElastiCache DB to quickly sync configuration updates in the secondary ElastiCache instances. Also, we deployed ElastiCache instances in multiple locations as needed.
\nFor migration, we updated the old Redis and ElastiCache primary instances simultaneously. Once we reached a sufficient confidence level with the new setup, we completely switched over to ElastiCache.
\nOur applications and cache are deployed in AWS, so our API response latency is no longer problematic. Ultimately, we can reduce application in memory cache updates to a few minutes or seconds as required.
\nNow customers get updated configurations deployed rapidly, solving our primary challenge!
\n","frontmatter":{"date":"August 09, 2023","updated_date":null,"title":"Breaking Down the Decision: Why We Chose AWS ElastiCache Over Redis Cloud","tags":["Cache","AWS","Redis","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/c24493552cd32d4940767196408ef18d/58556/migrating-to-aws-elasticache-for-redis.webp","srcSet":"/static/c24493552cd32d4940767196408ef18d/61e93/migrating-to-aws-elasticache-for-redis.webp 200w,\n/static/c24493552cd32d4940767196408ef18d/1f5c5/migrating-to-aws-elasticache-for-redis.webp 400w,\n/static/c24493552cd32d4940767196408ef18d/58556/migrating-to-aws-elasticache-for-redis.webp 800w,\n/static/c24493552cd32d4940767196408ef18d/99238/migrating-to-aws-elasticache-for-redis.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Kundan Singh","github":null,"avatar":null}}}},{"node":{"fields":{"slug":"/growth/flexible-work-culture-game-changer-for-employees/"},"html":"As an employee who has been part of the LoginRadius family for the past four years, I am thrilled to share how our flexible work culture has revolutionized our professional lives.
\nIn this blog, I want to provide insights into the transformative power of our flexible work model and highlight the incredible initiatives that LoginRadius has implemented to support our well-being. This include daily virtual zumba sessions, month end celebrations and team parties, to name a few.
\nPost COVID-19 pandemic, LoginRadius swiftly embraced a flexible work model, blending the best aspects of remote and in-office work. This innovative approach provides the flexibility to work both from the office and remotely.
\nThe flexible work culture at LoginRadius has been a game-changer when it comes to achieving work-life balance. Having the option to work from the office for a portion of the week allows us to collaborate in person, engage in face-to-face meetings, and strengthen our connections with colleagues.
\nOn the other hand, the flexibility to work remotely provides us with the opportunity to manage personal commitments, minimize commuting time, spend time with loved ones and create a harmonious integration of work and personal life.
\nThe combination of in-office and remote work at LoginRadius has successfully fostered collaboration and connectivity among employees. When we gather in the office, we can engage in spontaneous discussions, brainstorming sessions, and effective collaboration that is sometimes challenging to replicate in a remote work setting.
\n![\"zumba-session\"](\"/98cc8dd06145c067f98bbe82eca16307/zumba-sessions.webp\" "\\"image_tooltip\\"")
In addition to providing flexibility and autonomy, LoginRadius has taken employee well-being to another level by organizing daily virtual Zumba sessions. These fitness sessions are a testament to the company's commitment to fostering a healthy and vibrant work environment. The virtual Zumba sessions offer a fun and energetic outlet for us to stay active, destress, and recharge our minds. It's an opportunity to connect with colleagues virtually, share positive energy, and build camaraderie.
\nLoginRadius TT League is an interdepartmental table tennis league that brings out the competitive spirit and camaraderie within our teams. It is a time for friendly matches, cheering each other on, and building connections beyond our usual work interactions. During the league, we gather to showcase our table tennis skills, engage in thrilling matches, and support each other with cheers and encouragement. This league adds an extra dose of fun and excitement to our work environment, and it is just another way LoginRadius nurtures a positive and engaging culture for its employees.
\n![\"alt_text\"](\"/fdaa5a15895006e00ca46a1faeb1b608/party-mode.webp\" "\\"image_tooltip\\"")
LoginRadius understands the importance of celebrating milestones, recognizing achievements, and fostering a sense of community among its employees. To honor our hard work and create memorable experiences, LoginRadius organizes Celebrate You: Month End celebrations. These celebrations encompass a range of activities, including team-building exercises, recognition ceremonies, and engaging games. It's a time to come together as a team, celebrate our collective achievements, and forge deeper connections.
\nAnd the fun doesn't stop there! Our monthly team lunch parties add an extra sprinkle of joy to our work life. These gatherings are a time for us to come together, share a delicious meal, and enjoy informal conversations outside of work tasks. Whether we are enjoying a catered meal or ordering from our favorite local restaurants, these lunch parties create a warm and inclusive atmosphere where laughter and conversation flow freely.
\nLoginRadius' adoption of a flexible work culture has proven to be a game-changer. It aligns our professional and personal lives, nurtures our well-being, and strengthens our sense of community and connection.
\nAs an employee at LoginRadius, I am grateful to be part of an organization that prioritizes the holistic development and happiness of its employees. The flexible work model, combined with these initiatives, exemplifies the company's commitment to fostering a positive and engaging work culture.
\nTogether, we are embracing the exciting future of flexible work at LoginRadius, where collaboration, well-being, and celebration go hand in hand.
\n![\"CTA\"](\"/db67cf8ccbab4c6c31bf98536baf7d6a/cta.webp\")
Currently, the LoginRadius Identity Platform processes more than 100K requests per second. As our developer and enterprise customers grow, we should be able to scale our APIs to handle staggering loads of requests per second. It won’t be surprising if our APIs have to serve a million requests per second in the future.
\nGenerally, we add more instances, CPU, or memory for supporting high request volumes. However, it has been burdening our infrastructure budget and maintenance.
\nSo, we’re focused on reducing the cost of compute capacity by improving efficiency. In this engineering update, we share our experience with a highly effective, low-risk, large-scale performance and cost optimization with Go.
\nLoginRadius production environment consists of 30+ microservices backed by a cloud-native infrastructure. Most of these services are written in .NET and Node.js. In Q1 2021, we explored the possibilities of improving the performance of our services and optimizing costs.
\nLoginRadius tech stack consists of 30+ microservices. We have different microservices for each business service like Authentication, Web SSO, Federated SSO, etc.
\nCore Applications: Multiple microservices instances for Authentication, Account API, Analytics API, Risk-based Authentication, Backend Jobs, Integrations, and much more,
\nData Storage: MongoDB, Elasticsearch, Redis, and PostgreSQL clusters are used to store a range of datasets for various applications and functionalities.
\nQueues: Amazon Kinesis Data Streams, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), and Azure Queue Storage.
\nOther Services: Services for rate-limiting, bcrypt clusters, feature flags, and more.
\nRouting: AWS load balancers (ALB, NLB, and ELB from AWS) and some nodes running NGINX as a proxy.
\nWe've been utilizing a multi-cloud and multi-region architecture for years based on our and our customers’ data and privacy compliance requirements. However, as our usage (and load) grew with maintenance costs, we relied more on AWS resources.
\nThis is the basic architecture of the environment in the US:
\n![\"Basic](\"/491e73fe4836ca5daa93f6aad47f3b4d/basic-architecture.webp\")
Each request is processed as follows:
\n![\"Request](\"/fc6929115da8e289aaaaa4880d05fe5b/request-processing-flow.webp\")
The above diagram shows two cloud regions — US East and US West.
\nWhen requests come:
\nSo, how do we maintain high availability?
\nEvery availability zone has operating instances of all services (including databases). If one availability zone is down, we still have two availability zones.
\nWe are using a two-pronged scaling approach as scaling based on resource utilization (CPU & Memory) alone is not practical.
\nOnce, our multi-tenant application received a sudden spike in API requests — from thousands of requests to millions. Usually, adding new infrastructure to the existing pool takes around 60 seconds. And application deployment and start-up time were about 90 seconds. Plus, considering other possible delays in scaling, we can lose about 5 minutes for scaling up.
\nFurther, adding the time to gather metrics and make the scaling decision, the total delay can be ~6 minutes. This process can impact all multi-tenant customers' critical applications because user authentication and authorization are essential.
\nWe keep Scaling Buffers to support this kind of scenario.
\n\n\nScaling Buffers: During the Scale-up Time, the Scaling Buffer is the service's highest predicted traffic spike. Depending on the scaling strategy, we store several types of the buffer.
\n
Usually, we set a one million requests concurrency buffer. And based on the traffic pattern, our scaling automation triggers the scaling.
\nOur Platform performance is good. We can quickly handle millions of requests, and our application platform was scalable but not great. Minding the kind of growth we’re expecting, we wanted to improve and prepare our platform for the future.
\nNo. of requests can fluctuate within a few seconds if not minutes or hours, especially with specific events such as holiday shopping, promotional events, Black Friday, etc. So, in the event of traffic spikes, application startup time plays a significant role in scaling.
\nOur application startup time was around 90 seconds, so whenever scaling was happening due to high traffic, scaling took more time. That's why we needed to improve the application startup time.
\nWe used hundreds of AWS c5.2xlarge instances in a production environment to handle daily traffic. During certain events such as holiday shopping and Black Friday, we doubled our infrastructure according to expected traffic with a 20~30% buffer. We kept a high buffer because scaling took time with the existing .NET Core services. As a result, infrastructure cost was burdening as we were inefficiently deploying cloud infrastructure.
\nWe designed our Identity Platform a few years ago. Since then, the technology landscape has dramatically improved and optimized in recent years.
\nAlso, current technology platforms available to build and support our product (Identity Platform) are limited. So, it is crucial to align functionality with proper technology capabilities.
\nWe were facing challenges in customization. It was inflexible and limiting to deliver the required outcomes in more complex situations and use cases.
\nWe did a lot of research to choose the appropriate programming language for our application. We needed a language that would be simple to understand and learn, easy to maintain, and has high concurrency. Our research ended with Go due to its amazing qualities.
\nLet's take a closer look. Why choose Go? What makes Go such an excellent development language? What distinguishes it from the competition?
\nLet's get to the bottom of this by looking at what makes Go special.
\nGo is an open-source programming language developed by Google's Rob Pike, Robert Griesemer, and Ken Thompson. It was initially released in 2009. It has several enhancements and additions based on the C syntax to properly control memory use, manage objects, and enable static or strict typing along with concurrency.
\nConcurrent code can be executed in parallel by separate computer cores or in sequence. Most programming languages lack concurrent execution when working with multiple threads. They often slow down programming, compiling, and execution.
\nGo works with goroutines that are lightweight, low-cost threads. And Go channels allow goroutines to communicate with one another.
\nSequential Processes Communication: They are very similar to threads in Java but lightweight, and the cost of creating them is meager.
\nGo's core value is simplicity: it builds quickly, runs quickly, and is simple to learn. To help speed things up, there are no classes or type inheritance. This makes it easier to build a market-ready product quickly. Furthermore, its simplicity allows for quick and simple maintenance.
\nGo has an excellent standard library that includes a large number of built-in essential type functions and packages that are both practical and straightforward to use: I/O, encoding and decoding, manipulating raw bytes, network utility functions, parsing, debugging, and a lot more are all made simple by particular packages. Testing support is also included in the standard library, so no other dependencies are required.
\nGo has a simpler syntax than other languages and is simple to learn. The syntax of Go is somewhat similar to the C language. Developers can begin with Go in a couple of hours, but they need to spend time understanding best coding practices, especially understanding goroutines for concurrency.
\nWe run benchmarks on our API so that the performance insights help us make decisions about the tech stack. It will paint a clearer picture of where we stand compared to our existing tech stack and what areas need improvement or immediate attention.
\nWe did multiple stress tests on our high usage APIs built separately with .NET Core(Old) and Go (new).
\nWe are using Kubernetes to deploy and manage our microservices and application infrastructure and deploy our application microservices across multiple Pods.
\n| Test Item | \nValue | \n
|---|---|
| Instance Type | \nc5.2xlarge on AWS | \n
| No. of Instances | \n20 | \n
| Reverse Proxy | \nNGINX | \n
| Concurrent Requests | \n20K per second | \n
| Duration | \n5 minutes | \n
| Stress Test Tool | \nGatling | \n
We deployed both applications in the same infrastructure and did the same stress test.\nGolang application has performed much better.
\n![\"Requests](\"/425ce0aea8c01e3281101dd268d0def6/requests-and-responses-per-second-dot-net-core.webp\")
\n ![\"API](\"/d7b965865c218de9b3e71b6559787500/response-time-percentiles-dot-net-core.webp\")
\n ![\"Overall](\"/cd1c01d04ed3965ac3ca5bfce7ba66dc/overall-matrix-dot-net-core.webp\")
\n You can see some errors in Graph - 1(a) after ramping up to 15K users. Also, response time is increasing, as seen in Graph - 1(b).
\nThe application can recover after a couple of seconds, and after that, the application cannot respond. Application scaling is taking time. And existing infra cannot handle this spike, so the application crashes after 18K RPS.
\nWe did the same stress test with the new Go application. It is easily able to handle this kind of concurrency without any issue.
\n![\"Requests](\"/64fd50adc421658ca67fbf096038dc9e/requests-and-responses-per-second-go-lang.webp\")
\n ![\"API](\"/dd50184c7b2f042915816c6374a53590/response-time-percentiles-go-lang.webp\")
\n ![\"Overall](\"/19f6d7a35332ce026578459805a2327d/overall-matrix-go-lang.webp\")
\n The Go application can easily handle 20K ramp-up requests per second without any issue, as shown in Graph -2(a).
\nYou can see in Graph - 2(b) what the response time was after 2 min 47 sec for a couple of seconds. The Go application was scaling during that time. It is scaling quickly, so it is not impacting API request performance, and, also, the application can recover response API time as expected.
\nIn this article, you have learned how we have achieved better API performance by rebuilding them in Go, which were previously built in .NET Core. And you have understood our approach to this transition and how it increased the API performance of the LoginRadius Identity Platform.
\nLeverage LoginRadius Identity Platform to build authentication functionality for your web and mobile apps. Sign up for a free LoginRadius account here
\n","frontmatter":{"date":"June 06, 2022","updated_date":null,"title":"Why We Re-engineered LoginRadius APIs with Go?","tags":["Go","API",".NET","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/da26686e342d94b3007681cd0379367c/58556/high-performance-identity-apis.webp","srcSet":"/static/da26686e342d94b3007681cd0379367c/61e93/high-performance-identity-apis.webp 200w,\n/static/da26686e342d94b3007681cd0379367c/1f5c5/high-performance-identity-apis.webp 400w,\n/static/da26686e342d94b3007681cd0379367c/58556/high-performance-identity-apis.webp 800w,\n/static/da26686e342d94b3007681cd0379367c/99238/high-performance-identity-apis.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vijay Singh Shekhawat","github":"code-vj","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/integrate-invisible-captcha-for-bot-protection/"},"html":"Finding it challenging to integrate invisible reCAPTCHA only on specific web pages? This short tutorial helps you implement invisible reCAPTCHA at specific and distinct containers, such as login and forgot password. This tutorial uses LoginRadius to demonstrate this.
\n\n\n\n
Google reCAPTCHA is a security service that helps protect your websites from fraud and abuse.
\nCurrently, LoginRadius supports two different versions of Google v2reCAPTCHA.
\nYou want to enable invisible reCAPTCHA on a specific page — a login page, for demonstration. To achieve this, first login to your LoginRadius dashboard. Or, sign up here for a free account or 21-day free trial for the Developer Pro plan.
\nIf you're new to LoginRadius, follow our Getting Started documentationdocs/references/javascript-library/getting-started/) to get going.
\nSo, you will need to do the following client-side setup for adding the invisible reCAPTCHA on a specific page only — for example, on the login page.
\nraasoption.invisibleRecaptcha = false;Now, add the following code to render the captcha only at the login page, and here beforeFormRender hook is used.
LRObject.$hooks.register('beforeFormRender', function(name, schema){\nLRObject.options.invisibleRecaptcha = false;\nif (name == 'login' ) {\n LRObject.options.invisibleRecaptcha = true;\n LRObject.util.addRecaptchaJS();\n LRObject.util.captchaSchema("loginradius-recaptcha_widget_login", schema);\n}\n});The above code used the utility method addRecaptchaJS that adds the required JS for invisible reCAPTCHA. It also used the captchaSchema method to add reCAPTCHA within the Login Schema.
The last step is to stop resetting the reCAPTCHA before reCAPTCHA submission. So, add the following code:
\nLRObject.$hooks.register('eventCalls', function(name){\nLRObject.options.invisibleRecaptcha = false;\nLRObject.options.optionalRecaptchaConfiguration.IsEnabled = true;\nif (name == 'login' ) {\n LRObject.options.invisibleRecaptcha = true;\n LRObject.options.optionalRecaptchaConfiguration.IsEnabled = false;\n}\n});When you check your hosted page, invisible reCAPTCHA will appear only on the login page.
\nSimilarly, you can follow the above steps to enable invisible reCAPTCHA on the registration(signup) page or any other page.
\nYou have learned how to use invisible reCAPTCHA on specific web pages and forms with LoginRadius to improve user experience and prevent malicious bot traffic from being effective.
\n","frontmatter":{"date":"April 08, 2022","updated_date":null,"title":"How to Integrate Invisible reCAPTCHA for Bot Protection","tags":["reCAPTCHA","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/f8a146c57decdef4899cbaa4abd69ba6/58556/configure-invisible-reCAPTCHA.webp","srcSet":"/static/f8a146c57decdef4899cbaa4abd69ba6/61e93/configure-invisible-reCAPTCHA.webp 200w,\n/static/f8a146c57decdef4899cbaa4abd69ba6/1f5c5/configure-invisible-reCAPTCHA.webp 400w,\n/static/f8a146c57decdef4899cbaa4abd69ba6/58556/configure-invisible-reCAPTCHA.webp 800w,\n/static/f8a146c57decdef4899cbaa4abd69ba6/99238/configure-invisible-reCAPTCHA.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Versha Gupta","github":"vershagupta","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/guest-post/authenticating-svelte-apps/"},"html":"In this tutorial, I’ll talk about adding authentication in a Svelte application using LoginRadius Authentication APIs. You'll understand step by step how to:
\nYou'll also learn how to consume REST APIs in a Svelte app using Fetch API and update user information in your Svelte store.
\nSvelte is a lightweight and minimal JavaScript compiler that ships a single JavaScript bundle to your application without any internal code of its own. This results in smaller bundle size and often a faster running application. It was also the most loved framework of 2021.
\nBut what's the first feature you'd add in a Svelte application? Authentication! It's the gateway for your users to interact and use your website.
\nSo in this post, I’ll talk about how to add authentication in a Svelte application.
\nYou'll learn how to create forms in Svelte and add reactivity to it. You'll also understand how to conditionally render different UI components and set up protected routes for authenticated users in a Svelte application.
\nTo speed things up, you won't build your own authentication services from scratch. Instead, you'll use LoginRadius to quickly configure an authentication backend for your Svelte App.
\nHere's a little demo of what your Svelte App would look like by the end of the tutorial:
\n\nLooks exciting? Let's jump right into it!
\nLet's start by creating a new Svelte project and adding some boilerplate code.
\nNavigate into the directory of your choice and create a new Svelte project by running:
\nnpx degit sveltejs/template svelte-auth-appThat should create a new Svelte project with a simple starter template.
\nAdditionally, you'll need to install svelte-navigator package to set up routing in your Svelte app:
\nnpm i svelte-navigatorYou need to add environment variable support in your Svelte app to store and use your LoginRadius API Keys and Secrets.
\nFirst, install a package called dotenv that let's create and use a special .env file to define your environment variables.
npm i dotenvNext, head over to the rollup.config.js file. Here, make some configurational changes on the plugins property, so your Svelte app can read those environment variables on the client-side:
\t...\n\tplugins: [\n\t\treplace({\n\t\t\t// stringify the object\n\t\t\t__myapp: JSON.stringify({\n\t\t\t env: {\n\t\t\t\tisProd: production,\n\t\t\t\t...config().parsed // attached the .env config\n\t\t\t }\n\t\t\t}),\n\t\t }),\n ...\n\t],You can refer to the complete rollup.config.js file for this project here.
Besides the initial set of files, your project will have the following directory structure:
\n![\"Directory](\"/7ff6a22848efd6f0ca45f4ef24257176/Directory-Structure-Svelte-App.webp\")
So go ahead and create those files and folders accordingly. I'll talk about each of these as you start filling them with some code.
\nYour starter template should come with the following styles inside your App.svelte file:
main {\n text-align: center;\n padding: 1em;\n max-width: 240px;\n margin: 0 auto;\n}\n\nh1 {\n color: #ff3e00;\n text-transform: uppercase;\n font-size: 4em;\n font-weight: 100;\n}\n\n@media (min-width: 640px) {\n main {\n max-width: none;\n }\n}However, I have also added some additional styles inside the global stylesheet inside the /public/build/global.css file. You can copy those styles from here.
Your Svelte app will store the authenticated user's data in a global data store to easily access and modify that data from any component within your application. Svelte provides you with the writable function inside the svelte/store dependency.
Create a global object called user inside your /src/stores.js file:
import { writable } from "svelte/store"\n\nexport const user = writable(\n localStorage.user ? JSON.parse(localStorage.getItem("user")) : null\n)You have also synced the above user object with the browser's local storage so that this data persists on page reloads. If you're unfamiliar with what local storage is, check out my guide on Local Storage vs. Session Storage vs. Cookies that dives deeper into browser storage and other related concepts.
The root component in your Svelte app is the App Component. This is located inside /src/App.svelte.
It has the following imports declared inside:
\n<script>\n /** IMPORTS */ import Login from './Login.svelte'; import Signup from\n './Signup.svelte'; import Home from './Home.svelte'; import PrivateRoute from\n "./routes/PrivateRoutes.svelte"; /** VARIABLES */ const sdkoptions = {}\n</script>It also has an sdkoptions variable that will store the environment variables that you can easily pass to different components as and when they need it. You can get rid of any additional HTML inside the App.svelte file generated by the starter template.
Let's head over to the /src/Login.svelte file to create the Login Page.
Here's what the HTML of your Login Form consists of:
\n<h3>Login</h3>\n<form on:submit|preventDefault="{handleSubmit}">\n <input\n class="form-field"\n bind:value="{email}"\n type="email"\n placeholder="Email"\n />\n <input\n class="form-field"\n bind:value="{password}"\n type="password"\n placeholder="Password"\n />\n <button class="form-field">\n Login\n </button>\n</form>\n<p>\n Don't have an account?\n <strong class="link" on:click="{navigateToSignup}">Sign up</strong>\n</p>You have a login form with two input fields for email and password and a submit button. The form also has an on:submit handler with an event modifier to prevent the default reloading action of the form when it gets submitted.
After the form, you have a simple link with an on:click handler that allows the user to navigate to the Signup page.
Inside the script of your Login component, create two variables — email and password — to handle the bindings to the input fields. Also, make the sdkoptions variable exportable since you'll receive it as props from the App component.
<script>let email; let password; export let sdkoptions;</script>You also need to create a function called handleSubmit that is the on:submit handler for your Login form:
<script>\n\t...\n const handleSubmit=(e)=>{\n let loginFields={email,password};\n\t console.log(loginFields)\n }\n const navigateToSignup=()=>{}\n</script>At the moment, you're simply encapsulating the email and password bindings into a JavaScript object. Later, you'll send a request to your Login API here. You also have an empty navigateToSignup function that I'll come back to once you set up your routes.
Let's render the Login component inside your App.svelte file:
<main>\n <Login />\n</main>![\"Login](\"/7804c05118f523c534443446c37d8939/Login-Page.webp\")
Awesome! Let's follow the same process to create your Signup form.
\nHead over to the /src/Signup.svelte file to create your Signup Page.
Similar to the Login Form, the Signup Form will have the following HTML:
\n<h3>Create a New Account</h3>\n<form on:submit|preventDefault="{handleSubmit}">\n <input\n class="form-field"\n bind:value="{firstName}"\n type="text"\n placeholder="First Name"\n />\n <input\n class="form-field"\n bind:value="{lastName}"\n type="text"\n placeholder="Last Name"\n />\n <input\n class="form-field"\n bind:value="{email}"\n type="email"\n placeholder="Email"\n />\n <input\n class="form-field"\n bind:value="{password}"\n type="password"\n placeholder="Password"\n />\n <button class="form-field">\n Signup\n </button>\n</form>\n<p>\n Already have an account?\n <strong class="link" on:click="{navigateToLogin}">Login</strong>\n</p>The only difference is now you have two additional fields — first name and last name. You also have a link just below the signup form that takes the user to the login page.
\nHere's what the script section of your Signup.svelte file should look like:
<script>\n\n\tlet email;\n let password;\n let firstName;\n let lastName;\n let loading;\n\n\n export let sdkoptions;\n\n const handleSubmit=()=>{\n const signupFields={\n "FirstName": firstName,\n "LastName": lastName,\n "Email": [\n {\n "Type": "Primary",\n "Value": email\n }\n ],\n "Password": password\n }\n console.log(signupFields)\n }\n\n const navigateToLogin=()=>{}\n</script>Your signupFields object has a specific format because it aligns with the structure of your Signup API's request. It would make complete sense when you hook your Signup API here.
Let's render the Signup component inside your App.svelte file:
![\"Signup](\"/a18f23d4ceb0fe893dd8d49789a5b911/Signup-Page.webp\")
Let's create your Home component or the page where you'll redirect an user on a successfull login. Inside /src/Home.svelte file, add the following HTML:
{#if user && _user}\n<h3>Welcome {_user?.profile?.FullName}</h3>\n<button on:click="{logout}">Logout</button>\n{/if}In the above HTML, you simply use some Svelte conditionals to render the user's name and a logout button. The script part of your Home component looks like this:
\n<script>\n import {user} from './stores';\n\n let _user;\n\n user.subscribe(data=>_user=data)\n const logout=()=>{\n user.set(null);\n localStorage.clear();\n }\n\n</script>You import the global user object from your Svelte store and store it inside your Home component's state _user. For the logout function, you simply set this user object in your store to null and clear the local storage.
The next step is to set up LoginRadius, so you can start using its Authentication APIs from your Svelte App.
\nHead over to LoginRadius and create a new account by filling in the following details:
\n![\"Signup](\"/07e3f97860f329f52e8fd676c7ca73fb/Signup-2.webp\")
You'll then see a form with the name of your App, a URL, and a Data Center:
\n![\"Signup](\"/fdeb64de0e13dcf68954b8d6a8c801b5/Signup-3.webp\")
Hit Next and LoginRadius will set up an authentication app for you. You can try the pre-built authentication page LoginRadius provides for your app by clicking on Try Signing Up Now.
\n![\"Signup](\"/a7d6dc1dd6df5add1461011a1a270cb3/Signup-4.webp\")
Once you do that, you'll be shown a pre-built authentication page of your LoginRadius app:
\n![\"LoginRadius](\"/54605addc29f464b1e42e5e254d71222/LoginRadius-Auth-Page.webp\")
However, for this tutorial, all you need are the LoginRadius APIs since you already have a frontend (your Svelte App) in place.
\nOnce you're inside your LoginRadius account, head over to the Configurations tab from your dashboard. Then expand the API Credentials tab of your application.
\n![\"LoginRadius](\"/33760eee3a762ea61cb29f2f95e3bdfe/LoginRadius-Configuration-Tab.webp\")
Inside that, you should see your APP Name, API Key, and API Secret.
\n![\"LoginRadius](\"/9a345c5c29b7bf85649af7394a806147/LoginRadius-API-Credentials.webp\")
Head back to the Svelte App's .env file and add the above credentials inside it:
APP_NAME=<YOUR_APP_NAME>\nAPI_CLIENT_KEY= <YOUR_APP_API_KEY>\nAPI_SECRET= <YOUR_APP_API_SECRET>You'll need to ensure that the above .env file is present inside the .gitignore of your Svelte project. You don't want to accidentally push this file to a public repository on Github.
/node_modules/\n/public/build/\n\n.DS_Store\n\n.envFinally, you need to extract these environment variables in your sdkoptions variables inside your App component file.
...\n\tconst sdkoptions = {\n\t"apiKey": __myapp["env"].API_CLIENT_KEY,\n\t"appName":__myapp["env"].APP_NAME,\n "apiSecret":__myapp["env"].API_SECRET\n\t}\n...And pass this variable as props to both the Login and Signup component:
\n...\n<Login {sdkoptions} />\n<Signup {sdkoptions} />\n...Great! Now you're ready to integrate LoginRadius APIs in your Svelte app.
\nYou'll use two APIs — one for registering the user on the Signup page and the other for authenticating the user on the Login Page. However, both APIs will take the API key and API secret as query parameters.
\nconst endpoint = `${BASE_URL}?apikey=${sdkoptions.apiKey}&apisecret=${sdkoptions.apiSecret}`So in the above endpoint, you'll only change the BASE_URL according to which API you're hitting.
Inside your Signup.svelte file, you'll create a variable called signupResponse to store the result of the Signup API. It also has properties like success and error to prompt the user on the status of your API calls.
<script>\n let signupResponse={\n success:null,\n error:null,\n uid:null,\n id:null,\n fullname:null\n }\n \tlet loading;\n\n</script>Since an API request is an asynchronous process, you also have a' loading' variable to disable the submit button until the API responds.
\nYou need to send a request to the Signup API inside your handleSubmit() function. First, set the loading to true and reset the signupResponse object. Then, use the fetch API to make a POST request with the signupFields object as post parameter:
const handleSubmit = () => {\n const signupFields = {\n FirstName: firstName,\n LastName: lastName,\n Email: [\n {\n Type: "Primary",\n Value: email,\n },\n ],\n Password: password,\n }\n loading = true\n signupResponse = {\n success: null,\n error: null,\n uid: null,\n id: null,\n fullname: null,\n }\n const endpoint = `https://api.loginradius.com/identity/v2/manage/account?apikey=${sdkoptions.apiKey}&apisecret=${sdkoptions.apiSecret}`\n fetch(endpoint, {\n method: "POST",\n headers: {\n "Content-Type": "application/json",\n },\n body: JSON.stringify(signupFields),\n })\n .then(response => response.json())\n .then(data => {})\n .catch(error => console.log(error))\n .finally(() => (loading = false))\n}Inside the callback of your fetch request, you can handle any errors returned by the API based on different error codes. In case of success, you'll populate your signupResponse object with data from the API. In the finally block, set the loading to false.
...\n.then(data=>{\n if(data.ErrorCode){\n if(data.ErrorCode==936){\n signupResponse={\n ...signupResponse,\n error:data.Message\n }\n }\n else if(data.ErrorCode==1134){\n signupResponse={\n ...signupResponse,\n error:data.Errors[0].ErrorMessage\n }\n }else{\n signupResponse={\n ...signupResponse,\n error:data.Description\n }\n }\n }else{\n signupResponse={\n ...signupResponse,\n success:"Account created successfully! Please login via the same details.",\n fullname:data.FullName,\n id:data.id,\n uid:data.Uid\n }\n }\n })\n...You can set the disabled attribute on your Submit button based on the loading state of the API.
\n...\n<button disabled="{loading}" class="form-field">\n Signup\n</button>\n...Lastly, render a conditional template based on the status of your Signup API.
\n... {#if signupResponse.error}\n<p class="error">Error ❌ {signupResponse.error}</p>\n{/if} {#if signupResponse.success}\n<p class="success">\n Success ✔ {signupResponse.success}\n</p>\n{/if} ...And that's it! Let's give your Signup functionality a whirl. Create a new account first:
\n![\"Signup](\"/d6d0033b0fcf1b74c7ccf39658e1f036/Signup-Success-with-API.webp\")
And voila! You can see in the network tab that the API is successful. And you got back a bunch of data about the newly created user. You also have a success that appears underneath the Signup form.
\nLet's also test an erroneous flow. What if you signup via the same credentials again?
\n![\"Signup](\"/6f7b551dfb5856a6f944dac271fc31fa/Signup-Failure-Existing-Email.webp\")
The LoginRadius Signup API returns the error message, details, error code, etc., that you've handled accordingly.
\nAlso, if you use a simple password, the LoginRadius API returns an error based on a validation mechanism.
\n![\"Signup](\"/40d4723bf56be75f912462de00e42e33/Signup-Error-Password-Validation.webp\")
That's great because it makes your authentication workflow more air-tight.
\nSimilarly, you can now integrate the Login API as well in your Login.svelte file:
<script>\n\n\t...\n import {user} from './stores';\n\n let email;\n let password;\n let loading;\n\n let loginResponse={\n error:null,\n success:null,\n profile:null,\n auth_token:null\n }\n\n export let sdkoptions;\n\n const handleSubmit=(e)=>{\n let loginFields={email,password};\n loading=true;\n loginResponse={\n error:null,\n success:null,\n profile:null,\n auth_token:null\n }\n const endpoint=`https://api.loginradius.com/identity/v2/auth/login?apikey=${sdkoptions.apiKey}&apisecret=${sdkoptions.apiSecret}`;\n loading=true;\n fetch(endpoint,\n {\n method:'POST',\n headers: {\n 'Content-Type': 'application/json'\n },\n body:JSON.stringify(loginFields)\n }).then(response=>response.json())\n .then(data=>{\n console.log(data)\n if(data.ErrorCode){\n if(data.ErrorCode==936){\n loginResponse={\n ...loginResponse,\n error:data.Message\n }\n }\n else if(data.ErrorCode==1134){\n loginResponse={\n ...loginResponse,\n error:data.Errors[0].ErrorMessage\n }\n }else{\n loginResponse={\n ...loginResponse,\n error:data.Description\n }\n }\n }else{\n loginResponse={\n ...loginResponse,\n success:true,\n profile:data.Profile,\n auth_token:{\n access_token:data.access_token,\n refresh_token:data.refresh_token,\n ttl:data.expires_in\n }\n }\n user.set(loginResponse)\n localStorage.setItem('user',JSON.stringify(loginResponse))\n\n }\n })\n .catch(error=>console.log(error))\n .finally(()=>loading=false);\n }\n ...\n\n</script>\n\n...\n{#if loginResponse.error}\n\t<p class="error">Error ❌ {loginResponse.error}</p>\n{/if}\n{#if loginResponse.success}\n\t<p class="success">\n Success ✔\n </p>\n{/if}\n<p>\n Don't have an account?\n <strong class="link" on:click={navigateToSignup}>Sign up</strong>\n</p>If you relate it to the Signup component, it's almost identical. The only thing that has changed is the API endpoint. Additionally, if the Login API is a success, you're also storing the data in your user store and consequently updating your localStorage.
Let's also test this out:
\n![\"Login](\"/431c32e3326ed149d1fccfa746e5829a/Login-API-Success.webp\")
Let's also test an erroneous Login flow by entering the credentials for a user that doesn't exist:
\n![\"Login](\"/df37014cbbe64aa85cd395d049a791fa/Login-Error.webp\")
Great! Let's now tie all these individual pages together by setting up routing in your Svelte app.
\nYou'll use the svelte-navigator package that you previously installed to configure routing in your app.
First, you'll define the routes for the Signup, Login, and Home pages inside your App.svelte file:
<script>\n\n /** IMPORTS */\n import { Router, Route } from "svelte-navigator";\n ...\n</script>\n\n<main>\n <Router>\n <div>\n <Route path="signup">\n <Signup {sdkoptions} />\n </Route>\n <Route path="login">\n <Login {sdkoptions} />\n </Route>\n <Route path="/">\n <Home />\n </Route>\n </div>\n </Router>\n</main>If you visit /login, you should see the Login Page. Similarly, if you go to /signup, you should see the Signup Page.
Remember, you had a link to the Signup page at the bottom of the Login page and vice versa?
\nAlso, your login page doesn't redirect anywhere after you login successfully. In order to programmatically navigate to a specific page on completion of an action, you can use the useNavigate hook from the svelte-navigator library.
To use this hook, import useNavigate and save its invoked reference inside a variable, as follows:
<script>\n import {useNavigate} from "svelte-navigator"; const navigate = useNavigate();\n ...\n</script>Now call the navigate() function and pass the path of the page you wish to redirect to. So let's complete the navigateToLogin function inside your Signup component:
<script>... const navigateToLogin=()=>navigate('/login'); ...</script>Similarly, you can also complete the navigateToSignup function inside your Login component:
<script>... const navigateToSignup=()=>navigate('/signup') ...</script>Finally, you'll also navigate to the Home page on a successful response from your Login API inside your Login component's handleSubmit function:
const handleSubmit=(e)=>{\n ...\n fetch(endpoint,\n ...\n .then(data=>{\n \t\t\t\t...\n }else{\n\t\t\t\t...\n navigate('/')\n }\n })\n ...\n }\n\n</script>Great! You can now navigate from your Login page to the Signup page and vice versa. You should also be automatically redirected to the Home page on a successful login.
\nIf you try to visit the Home component by entering the path / in the URL, you'll be able to see the Home page regardless of your authenticated state. However, you must protect this route so that it's only accessible to authenticated users in your application.
For this purpose, you have created a RouteGuard.svelte file inside your routes folder. It's a higher-order component that uses the useNavigation hook to programmatically redirect to the login page if an unauthenticated user visits the home page. You use the user object from your Svelte store to validate the authenticated state of a user.
<script>\n import { useNavigate, useLocation } from "svelte-navigator";\n import { user } from "../stores";\n\n const navigate = useNavigate();\n const location = useLocation();\n\n $: if (!$user) {\n navigate("/login", {\n state: { from: $location.pathname },\n replace: true,\n });\n }\n </script>\n\n {#if $user}\n <slot />\n {/if}You can then wrap another higher order Route component on top of the RouteGuard component inside the PrivateRoutes.svelte file, as follows:
<script>\n import { Route } from "svelte-navigator";\n import RouteGuard from "./RouteGuard.svelte";\n\n export let path;\n </script>\n\n <Route {path} let:params let:location let:navigate>\n <RouteGuard>\n <slot {params} {location} {navigate} />\n </RouteGuard>\n </Route>Now, all you need to do is use this PrivateRoute component to wrap your Home component instead of a regular Route component:
...\n\t<PrivateRoute path="/" let:location>\n\t\t<Home />\n\t</PrivateRoute>\n...And now you should be able to access the / route or the Home page only when you're authenticated:
![\"Home](\"/0b7bfdfedf02190c8f4cf508c3d5ae7d/Home-Component.webp\")
I hope I've shed some light on how to authenticate Svelte apps. You can do a lot from here, like adding Svelte Kit to this project to simplify the routing system for your Svelte application.
\nYou can refer to the entire source code for this tutorial here.
\nYou can also explore LoginRadius to add forgot password functionality or social signups with Facebook and Google.
\n","frontmatter":{"date":"March 10, 2022","updated_date":null,"title":"How to Authenticate Svelte Apps","tags":["Authentication","Svelte","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/c47b7b41ce6f525c5d8fa037d7313ae0/58556/authenticate-svelte-apps.webp","srcSet":"/static/c47b7b41ce6f525c5d8fa037d7313ae0/61e93/authenticate-svelte-apps.webp 200w,\n/static/c47b7b41ce6f525c5d8fa037d7313ae0/1f5c5/authenticate-svelte-apps.webp 400w,\n/static/c47b7b41ce6f525c5d8fa037d7313ae0/58556/authenticate-svelte-apps.webp 800w,\n/static/c47b7b41ce6f525c5d8fa037d7313ae0/99238/authenticate-svelte-apps.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Siddhant Varma","github":"FuzzySid","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/guest-post/nextjs-authentication-guide/"},"html":"In this article, you'll learn about authentication in Next.js and how you can authenticate Next.js applications with LoginRadius.
\n\n\nNote: An understanding of React, Hooks, and Next.js is beneficial to follow this tutorial.
\n
Authentication is the process of validating that an individual is who they claim to be. Authentication is an essential feature for applications, particularly those that store user data.
\nYou should not mistake authentication for authorization. Authorization is the process of verifying that whether a user has required permission to access an asset or data set.
\nAuthentication deals with identifying a user, while authorization checks what resources or data an authenticated user has permission to access.
\nSome of the methods used to implement authentication are:
\nAuthentication is one of the most critical parts of an application’s security, so you should address it adequately.
\nA few aspects you should consider when assessing if you should build your authentication system or use a third-party solution:
\nIdentity Provider Support: How many identity providers do you plan to support, if any? With third-party solutions, you can authenticate users with email/password as well as identity providers such as Google, Github, Facebook, and more. Third-party solutions are always working hard to add support to even more providers. They also provide other authentication methods like Magic Link for passwordless authentication.
\nCan you build an authentication system that allows users to use their preferred authentication method, or will they be restricted?
\nAdvanced Security Features: Security and authentication go beyond email/password sign-in. Most third-party solutions provide necessary features, such as email confirmation, two-factor authentication (2FA), etc.
\nYou should let the security experts such as LoginRadius do what they do best while focusing on your main tasks — building excellent applications.
\nConsidering these factors, it's pretty easier to rely on a third-party solution, and it's also cheaper and more secure than building your own authentication system.
\n\n\nLoginradius is the world's first no-code identity platform. It is a simple, implementable solution for adding user authentication and authorization to your website.
\n
LoginRadius provides no-code services for authorization, authentication, account security, and much more. It has several interesting features, and some of them are:
\nNext.js offers two authentication patterns — client-side and server-side authentication.
\nWith client-side authentication, the authentication logic and user redirection are done in the browser. The page component fully loads before the redirect logic is executed.
\nWhen this authentication approach is used, developers usually use a loading indicator to indicate to the user that a process is running in the background. The loading indicator helps boost user experience. If the user’s authentication fails, redirect the user to a login page.
\nThe following example shows how to handle client-side redirects:
\nimport { useEffect } from "react"\nimport { useRouter } from "next/router"\nimport authService from "auth-service" //imaginary auth service\n\nexport default function ProtectedPage() {\n const router = useRouter()\n\n useEffect(() => {\n const authUser = authService.getUser()\n\n // if there is no authenticated user, redirect to login page_\n\n if (!authUser) {\n router.push("/login")\n }\n }, [])\n\n return (\n <>\n <h1>Welcome {user.name}. This is a protected page</h1>`\n </>\n )\n}The above code snippet handles client-side redirects in the browser using next/router. It also uses an imaginary authentication service, auth-service, for illustration purposes. You’ll work with LoginRadius later in this tutorial.
It checks if there is an authenticated user with the authService.getUser() method in the useEffect. If there is none, it redirects the user to the /login page using Next.js’s router object.
This is a simple illustration of client-side authentication and redirection.
\nWith server-side authentication, you can redirect a user from, say, pages/profile to pages/login. When non-authenticated users try to access a protected page, they are redirected to a login page. All of this is done on the server — before the request reaches the browser.
A benefit of this pattern is that non-authenticated users do not see flashes of unauthenticated content before they are redirected.
\nThe following example below shows how to handle server-side redirects:
\nexport default function ProtectedPage({ user }) {\n\treturn (\n\t\t<>\n\t\t\t<h1>Welcome {user.name}. This is a protected page</h1>\n\t\t</>\n\t)\n}\n\nexport const getServerSideProps = async context => {\n\tconst { user } = authService.getUser(context.req)\n\n\t// if there is no authenticated user, redirect to login page\n\n\tif (!user)\n\t\treturn {\n\t\t\tprops: {},\n\n\t\t\tredirect: { destination: "/login" },\n\t\t}\n\n\t\treturn { props: { user } }\n\t}\n}Using getServerSideProps enables rendering pages on the server. You can take advantage of that to also handle the redirection on the server.
The above code snippet uses the authService.getUser() method to get the authenticated user’s object. If there is no user, it returns an object with a redirect object. The redirect object contains a destination key, where you can put the page you want to redirect the user to, which is your application’s login page.
Now that you’ve understood the authentication patterns available, let’s see how to authenticate a Next.js application with LoginRadius.
\nThe steps below highlight how you can integrate and authenticate your Next.js applications with LoginRadius:
\nYou should create an account to get started with LoginRadius. There is a free plan you can start with.
\nNow that you have an account, you should get the credentials for your appName and apiKey from the dashboard. You'll need them later to use the React SDK.
Run the following command in your terminal to create a new Next.js application:
\nnpx create-next-app <name-of-project>\n//or\nyarn add create-next-app <name-of-project>Next, install the React SDK into the project:
\n```javascript\nnpm install loginradius-react\n//or\nyarn add loginradius-react\n```You need to wrap the root component with the SDK’s authentication provider.
\nYou also need to pass the account credentials to the provider. You can get these credentials from your LoginRadius account dashboard.
\nNavigate to pages/_app.js and update it with the code below:
import Head from "next/head"\nimport { LRAuthProvider } from "loginradius-react"\nimport { ChakraProvider } from "@chakra-ui/react"\nimport Layout from "../layout"\nimport "../styles/globals.css"\n\nfunction MyApp({ Component, pageProps }) {\n return (\n <>\n <Head>\n <title>Loginradius Next</title>\n </Head>\n\n <LRAuthProvider\n appName="your-app-name"\n apiKey="your-api-key"\n redirectUri={"http://localhost:3000/"}\n >\n <ChakraProvider>\n <Layout>\n <Component {...pageProps} />\n </Layout>\n </ChakraProvider>\n </LRAuthProvider>\n </>\n )\n}\n\nexport default MyAppThe above code snippet imports the LRAuthProvider component from loginradius-react. It passes the appName and apiKey taken from the LoginRadius account dashboard earlier to LRAuthProvider. It also sets the redirectUri to http://localhost:3000/.
The redirectUri is the callback URL where you want to redirect users after being authenticated. You should whitelist the redirect_uri in your LoginRadius account dashboard. Localhost URLs are whitelisted by default.
Now that you've integrated the SDK, let’s add the authentication functionality.
\nYour users should be able to log in and out of our application, so let’s set that up.
\nWe will add the log in and log out functionality to a Nav component. Let’s set up the component.
Create a layout folder in the root directory, and create a Nav.js file there. Add the following code to Nav.js:
import { Button, Flex, Stack } from "@chakra-ui/react"\nimport { useLRAuth } from "loginradius-react"\n\nexport default function Nav() {\n const { loginWithRedirect, logout } = useLRAuth()\n\n return (\n <Flex>\n <Stack spacing={[6, 8]}>\n <Button onClick={() => loginWithRedirect()}>Login to continue</Button>\n <Button onClick={() => logout()}>Log out</Button>\n </Stack>\n </Flex>\n )\n}Here, Chakra UI is used for UI components.
\nFirst, it imports the useLRAuth hook from the SDK. Next, it accesses the loginWithRedirect and logout methods from the useLRAuth hook.
Then, it passes loginWithRedirect and logout to the login and logout buttons’ onClick event handlers, respectively.
Having created the Nav component, we need to create the Layout component we mentioned earlier.
Create an index.js file in the layout folder, and paste the code below:
import { Box } from "@chakra-ui/react"\nimport Nav from "./Nav"\n\nexport default function Layout({ children }) {\n return (\n <Box h="100vh" bg="green.50">\n <Nav />\n <Box>{children}</Box>\n </Box>\n )\n}With that, you've added authentication to your application. However, you need a way to track the authentication state. You need to know if there is a logged-in user and do something with that information.
\nThe SDK also provides error and user objects, along with isLoading and isAuthenticated booleans. You'll use these to track the authentication state.
You can access information about an authenticated user, such as their email address, from the user object. If any, you can display error messages from the error object.
isAuthenticated returns true if there is an authenticated user and false if there is not.
We are currently rendering both the login and logout buttons in the Nav component. However, we don’t want that. We want to display the login button when there is no authenticated user and logout when there is an authenticated user.
Let’s update the Nav.js file with the code below to fix that:
import { Button, Flex, Stack } from "@chakra-ui/react"\nimport { useLRAuth } from "loginradius-react"\n\nexport default function Nav() {\n const { isAuthenticated, user, loginWithRedirect, logout } = useLRAuth()\n return (\n <Flex as="nav">\n <Stack spacing={[6, 8]}>\n {!user && (\n <Button onClick={() => loginWithRedirect()}>Login to continue</Button>\n )}\n\n {isAuthenticated && user && (\n <Button onClick={() => logout()}>Log out</Button>\n )}\n </Stack>\n </Flex>\n )\n}We conditionally display the login and logout buttons based on the authentication state.
\nIf there is a logged-in user, we want to redirect them to the profile page.
\nNavigate to pages/index.js file and update it with the code below:
import { useEffect } from "react"\nimport { useRouter } from "next/router"\nimport { useLRAuth } from "loginradius-react"\nimport { Button, Heading, VStack, Center } from "@chakra-ui/react"\n\nexport default function Home() {\n const { isLoading, isAuthenticated, error, user } = useLRAuth()\n const router = useRouter()\n\n useEffect(() => {\n if (user && isAuthenticated) {\n router.push("/profile")\n }\n }, [router, user, isAuthenticated])\n\n if (isLoading) {\n return <div>Loading...</div>\n }\n\n if (error) {\n return <div>Oops... {error.message}</div>\n }\n\n return (\n <Center pt={10}>\n <VStack spacing={[6, 8]}>\n <Heading as="h2">Welcome</Heading>\n <Text fontSize="3xl">Login to continue</Text>\n </VStack>\n </Center>\n )\n}Let’s break down the above code snippet:
\nuseEffect, it checks if there is a user object and if isAuthenticated is true. If these conditions are true, it redirects the user to their profile page. These conditions will only be true when the user has logged in. You'll set up the profile page later.isLoading boolean. If true, it displays “loading…”. In a production-ready application, you would display a loading spinner.error object and displays it to the user.You have to display information about the authenticated user. Let’s set that up.\nCreate a profile.js file in the pages directory and paste the code below:
\nimport { Box, Center, Heading } from "@chakra-ui/react"\nimport { useLRAuth } from "loginradius-react"\n\nexport default function Profile() {\n const { user, isLoading, isAuthenticated } = useLRAuth()\n\n if (isLoading) {\n return <div>Loading...</div>\n }\n\n if (isAuthenticated) {\n return (\n <Box>\n <Center mt={10}>\n <Heading a="h2">\n Welcome to your profile {user.Email[0].Value}\n </Heading>\n </Center>\n </Box>\n )\n }\n}You should display a user’s information if they're authenticated. Here, you check that they're authenticated with the isAuthenticated hook. If they're authenticated, return some JSX and display the user’s email address.
You can create protected routes to ensure only authenticated users can access those routes.
\nimport { withAuthenticationRequired } from "loginradius-react"\n\nconst Profile = () => {\n\tif (isAuthenticated) {\n\t\treturn (\n\t\t\t<Box\n\t\t\t\t...markup goes here\n\t\t\t</Box\n\t\t)\n\t}\n}\n\nexport default withAuthenticationRequired(Profile,\n\t//Show a message while the user waits to be redirected to the login page.\n\tonRedirecting: () => (\n\t\t<div>Redirecting you to LoginRadius awesome Login page</div>\n\t),\n});Here, the code snippet uses the withAuthenticationRequired higher-order component to wrap the Profile component. With this, anytime an unauthenticated user tries to access the /profile route, they'll be redirected to LoginRadius’s login page and then back to /profile after they log in.
The image below shows an authenticated user's profile page.
\n![\"An](\"/628d48eec1fa72e582fdd05f76b085e4/profile-page.webp\")
In this tutorial, you have learned about user authentication and understood whether you should develop an authentication system in-house or use a modern identity platform like LoginRadius.
\nThen, you have briefly learned different authentication patterns available in Next.js. And you step-by-step understood how to authenticate Next.js applications with LoginRadius’s React SDK.
\nA working version of the code used in this tutorial is available on Github.
\n","frontmatter":{"date":"January 13, 2022","updated_date":null,"title":"Your Ultimate Guide to Next.js Authentication","tags":["Authentication","React","Next.js","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/6a3f9e6ed0b8803f9523875b01d55a37/58556/next-authentication.webp","srcSet":"/static/6a3f9e6ed0b8803f9523875b01d55a37/61e93/next-authentication.webp 200w,\n/static/6a3f9e6ed0b8803f9523875b01d55a37/1f5c5/next-authentication.webp 400w,\n/static/6a3f9e6ed0b8803f9523875b01d55a37/58556/next-authentication.webp 800w,\n/static/6a3f9e6ed0b8803f9523875b01d55a37/99238/next-authentication.webp 1200w,\n/static/6a3f9e6ed0b8803f9523875b01d55a37/7c22d/next-authentication.webp 1600w,\n/static/6a3f9e6ed0b8803f9523875b01d55a37/25f09/next-authentication.webp 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Emadamerho-Atori Nefe","github":"nefejames","avatar":null}}}},{"node":{"fields":{"slug":"/identity/loginradius-top-performing-blogs-2021/"},"html":"2021 was a remarkable year since businesses began overcoming challenges and uncertainties worldwide amid the global pandemic.
\nRegardless of the industry, almost every organization bounced back and made every effort to stay up and running in the most unpredictable times.
\nAs far as the consumer identity and access management (CIAM) industry is concerned, LoginRadius was one of the top performers in securing billions of identities and educating the global audience regarding the diverse aspects of CIAM and security.
\nOur insightful blogs helped millions of people globally understand, implement, and enhance their platform experience by leveraging cutting-edge technology in the CIAM landscape.
\nIn this post, we’ve narrowed down the list of our Top 10 Performing Blogs in 2021 that people across the globe found insightful as they helped them cut corners during the unpredicted times.
\nWe hope you’ll find a topic you’re excited about and will get the most accurate and in-depth information about the same. Let’s get started.
\nTwo-factor authentication is one of the best security methods that use two layers to verify a consumer's identity.
\nThis means, rather than simply entering the password to log into an account, two-factor authentication requires a code sent via text message to the consumer's phone number or generated through an app.
\nRead this blog to learn everything about two-factor authentication, how to set up two-factor authentication on your social accounts, and its importance.
\nSalting hashes sounds like something that comes out of a recipe book. However, Salt plays a significant role in preventing a data breach in cryptography.
\nWhile data leaks can sometimes happen, hash salting generators only come to mind when there is a significant invasion of privacy that affects the majority of the consumers’ applications.
\nRead this blog to know more about Salt, utilizing hashing using Salt, and its importance in enhancing overall password security.
\nIdentity management in cloud computing is the subsequent identity and access management (IAM) solution.
\nHowever, it is a lot more than merely a straightforward web app single sign-on (SSO) solution. This next generation of IAM solution is a holistic move of the identity provider right to the cloud.
\nThis blog covers all the aspects of cloud IAM, its significance, and businesses must incline towards a modern cloud identity management solution.
\nLogin is a big deal that decides the entire UX your website will deliver. Businesses should try to put as little resistance as possible into their registration process.
\nAs with it comes customer identities—the most accurate first-party data beneficial for conversions and customer retention.
\nThis blog covers all the aspects associated with UI/UX along with the numerous benefits of using social login for your online platforms.
\nWhen the hacker gains access into the system admin's account by using the online platform's vulnerabilities, particularly in two areas: credential management and session management, it's referred to as broken authentication.
\nPoor credential management and poor session management always lead to broken authentication. Read on this blog to know everything about broken authentication, its consequences, and how to prevent it.
\nA token plays a crucial role in enhancing the overall security mechanism of an organization that helps to deliver flawless and secure authentication and authorization on their website or application.
\nWith token security, users have to re-authenticate themselves for obvious security reasons by offering credentials to sign in if the access token is expired.
\nHowever, this can be tedious and hampers user experience. To overcome this, the concept of refresh tokens was introduced.
\nThis blog provides an overview of using refresh tokens and helps securely authenticate users without hampering their overall experience.
\nConsumers demand a more innovative experience today. They don't like to create a new ID whenever they want to utilize a service. Instead, they are open to leveraging their existing digital identity securely and efficiently, with the opportunity to reuse it in multiple domains.
\nAnd as a response to this demand, businesses have come up with a concept called Bring Your Own Identity (BYOI).
\nRead on this blog to learn every aspect of BYOI.
\nTokens are widely used to provide authorization and authentication to users when accessing a website or a mobile application. This post covers detailed information about tokens' use and their advantages and disadvantages.
\nThis blog will help you better understand what a token is, what are its pros and cons and will help you decide whether you need to invoke the potential of tokens for your business or not.
\nTo cope with the increasing number of cyber frauds and data thefts, the National Institute of Standards and Technology (NIST) has issued specific requirements and controls for digital user identities.
\nThe NIST has dispensed several guidelines that ensure security to the user and eventually help enterprises secure their crucial business information.
\nThese guidelines offer recommendations for users for creating strong passwords and suggestions for vendors/verifiers handling passwords.
\nThis blog provides detailed information about NIST password guidelines and offers valuable insights into how businesses can ensure maximum security in 2021 and beyond.
\nThis is perhaps the most popular blog that depicts the importance of passwordless in the modern digital world.
\nA passwordless magic link allows you to log in directly with the help of a link that is received through an email. This process is similar to receiving a one-time password (OTP) though you might have to physically enter the OTP once you are redirected to the page or application.
\nIn the case of passwordless magic links, all you have to do is click on the link sent through an email, allowing you to log in directly.
\nRead on this insightful blog that covers all the aspects of passwordless login, challenges, and how organizations can use magic links for going passwordless.
\nThe blogs mentioned above can help you understand the CIAM landscape and the crucial role of incorporating a cutting-edge consumer identity and access management solution.
\nLoginRadius helps businesses deliver a flawless user experience backed by robust security through a world-class consumer identity and access management solution.
\nReach us to know more about LoginRadius CIAM and how it can help scale your business growth even in the most unpredictable times.
\n![\"book-a-demo-loginradius\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
Hacktoberfest 2021 is the 8th edition of Hacktoberfest hosted by DigitalOcean. It is an open source festival celebrated during October every year, encouraging people worldwide to actively participate and contribute to participating open source projects hosted across GitHub and GitLab.
\nIn fact, Hacktoberfest 2020 had attracted 169,886 participants and 116,361 participating open source repositories, representing 135 countries.
\nYou can simply register yourself here and start contributing to any participating open source project from Oct 01 - Oct 31. And if you meet the contribution criteria set by DigitalOcean, you’ll receive a Hacktoberfest t-shirt from DigitalOcean!
\nAdditionally, if you make successful contributions to LoginRadius open source projects, you’ll separately receive a LoginRadius branded Hacktoberfest t-shirt from us, recognizing and thanking you for your valuable contributions.
\nLoginRadius is an industry-leading Customer Identity and Access Management (CIAM) provider with a mission to secure every identity on this planet.
\nAt LoginRadius, we’re committed to making our cloud platform more accessible for developers across tech stacks, so they can quickly implement user registration and authentication processes in their applications and become more efficient at focusing on core business features.
\nWe’ve always loved open source and the many great things it has done for the software development community and businesses. This inspired us to open source many of our projects, including SDKs, LR CLI, and Async Blog, a leading publication for developers by developers.
\nThrough our open source projects, we actively collaborate with the developer community and drive change and innovation for the optimistic progress of everyone.
\nWhen you contribute to our open source projects, you’re helping the whole developer community become efficient, productive, and helping them manage user identities and authentication on their applications securely and scalably.
\nThe exciting part about being involved in the open source community is that no matter how small or big your contributions are, the community will welcome your efforts and collaborate with you positively, sharing feedback and expressing gratitude.
\nEspecially with LoginRadius open source projects, your contributions can make a big difference! We also try making your collaboration with us more enjoyable.
\nPlease note that only contributions that add significant value to our projects will be eligible for swag. This will be at our sole discretion. But you may go ahead and contribute in any way you would like.
\nYou should have a basic to intermediate understanding of the following:
\nEach of the following public repositories on GitHub will have a list of issues listed. You can choose to work on these issues based on your skills and expertise in solving them.
\nAt LoginRadius, we value your contributions and proactively collaborate with you to get your contribution accepted.
\nBut one thing to keep in mind is that we don’t tolerate spamming.
\nSo, what is spamming?
\nSpamming is creating a pull request for the sake of it and not adding value in any way. We’ll identify spam pull requests and report them according to GitHub guidelines.
\nAnyways, you don’t have to worry about spamming accidentally: it seldom occurs without a clear intention. If we identify something as spam, we’ll let you know and help you understand why it is marked as spam.
\nYou can also easily find issues with the hacktoberfest label in order to know which repositories are seeking contributions. Or, you can simply click here to find all the issues needing contribution.
\nThat all being out of the way, here are the open source projects for which we’re seeking your valuable contributions:
\nLoginRadius CLI: We understand that developers love the simplicity and efficiency offered by CLI. So, we recently launched CLI for LoginRadius, which helps implement and manage LoginRadius CIAM faster than ever.
\nAs our CLI still has room for becoming great, we seek your contributions in any way possible to make it better and help developers become more productive.
\nAsync Blog: This is our open source blog created for developers by developers. If you’ve expertise in solving issues and fixing errors, please come forward and share your expertise with the world.
\nWe have a few issues created for this repository based on our research about what problems developers are currently facing and trying to solve them. Share your expertise, write a blog, and be a holding hand for developers in need!
\nPlease note that each project will have specific guidelines on how to contribute in general and raise pull requests. Also, each project will have issues listed that you can pick and work on.
\nIf you’re facing any issues with locally running a project or something else, please feel free to raise an issue for the project. Our team will help you out.
\nBy actively participating in Hacktoberfest, you make the open source community more sustainable, and, in turn, this makes you feel at home. Empowering one another is what best depicts the open source philosophy and is a reward in itself.
\nHowever, we want to make it more fun by sending cool t-shirts to all the accepted/eligible contributors. Just make sure to fill this form after you raise a pull request.
\nDon’t forget that your contributions to our projects also count towards your overall Hacktoberfest contributions calculated by DigitalOcean — and if you’re eligible, they’ll send you another t-shirt as well.
\nLet’s have fun with Hacktoberfest 2021!
\n![\"fun\"](\"https://media2.giphy.com/media/3oEjHKiDeYrKnjwGFq/giphy.gif\")
It is scientifically proven that helping others makes people happy. Probably no one knows this better than the developer community around the world, which continues to amaze by contributing extensively to free and open source software.
\nAnd there is freeCodeCamp community, a nonprofit started in 2014 by Quincy Larson. It has been helping thousands of aspiring developers learn web development and find their first software jobs. The community features a self-paced learning platform that helps learn various web technologies, including Bootstrap, D3, jQuery, and React, among many others.
\nBeing a nonprofit, freeCodeCamp entirely works based on charitable donations and contributions of developers to maintain its learning platform. In fact, it is so efficient that with every $5 in donation, it can provide more than 250 hours of learning. And it is so effective that some of its alumni work for marquee tech companies like Apple, Google, Microsoft, and Amazon, among others.
\nIn 2013, just a year before freeCodeCamp was established, we founded LoginRadius with a vision to secure every identity on this planet. From our early beginnings, we have developed LoginRadius CIAM to empower developers to build more secure applications and simplify the implementation of customer identity and access management on their production applications to save development and maintenance time. Today, burgeoning startups to Fortune 500 companies trust LoginRadius, and we're now collectively handling 1.17 billion user identities for our customers worldwide.
\nWe are as obsessed as freeCodeCamp to support and enable the developer community to do much more and make this world a better place. And we wanted to continuously help the freeCodeCamp community in any way possible.
\nToday, we are a proud sponsor of freeCodeCamp and supporting the community's developers.
\nSignup here if you're a developer from the freeCodeCamp community. And we'll offer $200 credits so you can leverage LoginRadius CIAM — beyond the free developer tier — to implement highly secure, user-centric customer identity and access management.
\nThis is indeed a moment of joy and pride for everyone at LoginRadius. We would like to extend our gratitude to freeCodeCamp for letting us be a part of its journey in strengthening the developer community.
\nBy the way, if you want to share your expertise with the developer community, please feel free to write for the LoginRadius Blog portal. We have an open for contributions policy so anyone around the world can contribute. Find more details on our public GitHub repo.
\n![\"Squad](\"https://media.giphy.com/media/xUPGcGJJMFeAPhqrfi/giphy.gif\")
The Consumer Identity and Access Management or _CIAM _platform is rapidly becoming a ‘must have’ for any business focused on delivering a personalized experience to consumers.
\nThe entertainment industry is no different.
\nToday, TV is no longer just the occasional evening in front of the telly. Streaming services, catch-up services, and OTT platforms mean we can watch whenever we want.
\nThe Global Media and Entertainment (M&E) industry is made up primarily of five distinct sub-segments– including TV, film, video games, publishing, and music.
\nAs such, it is one of the largest industries in the world when it comes to both revenue and market share.
\nAs the M&E industry continues to develop, a wave of new services, technology, and distribution methods continue to create more opportunities and challenges for production companies.
\nIt is critical to minimize the risk of data breaches and fraud that compromise confidential user information and not forget adherence to data privacy regulations. The balance between functionality and user experience is what separates the good from the great.
\nIdentity sits at the core of media digitalization. While there are many instances, here are five of the most common areas where the LoginRadius CIAM platform can provide a solution.
\nA single sign-on provides users with a convenient way to log in to multiple applications and/or websites without having to enter their user credentials repeatedly. It allows you to centralize your consumer records in a single location so you can easily track, share, and access all their information.
\n![\"DS-Fed-IM\"](\"/32a4bf3e0ff903411bf29faa6cb751c0/DS-Fed-IM.webp\")
LoginRadius supports industry-standard SSO protocols like SAML, JWT, OAuth 2.0, OpenID Connect, and Web Services Federation.
\nThe LoginRadius Identity Platform provides a comprehensive set of consumer registration and authentication options, allowing you to strike the right balance between convenience and security. You can choose from a range of options, including:
\nGetting insights into your customers and their behavior patterns is vital to making sure you’re creating a personalized experience.
\nThe LoginRadius CIAM platform puts down the pieces of the puzzle of customer interactions and creates a holistic customer profile. We call it progressive user profiling.
\nWe don’t just identify who a person is. We identify who they are becoming. With this knowledge, you can create a 360-degree view of each individual to serve them content that builds long-term loyalty.
\nLoginRadius works through different applications, communicating with consumers and feeding a single image of them—regardless of which platform they're using.
\nWhy is this important? Because an identity layer and activity data across different systems will enable organizations to understand their consumers better and deliver personalized experiences.
\nThis means that marketing, sales, and support teams have real-time identity and behavior data to power customized interactions and control consent preferences through their systems.
\nRegulations such as GDPR and the new California Consumer Privacy Act require businesses to know where and how to remove consumer data upon request, regardless of the channel from which the request is made.
\nAs a result, having a central consumer identity store that prioritizes first-party declared profile data and can integrate with advanced consent management software becomes critical to your compliance strategy.
\nMoreover, in certain industries, such as entertainment, a CIAM platform is required to verify that users are who they claim they are, ensuring that the appropriate level of access is granted to the appropriate persons, fraudulent behavior is prevented, and identity data is collected with a high degree of certainty.
\nEvery industry has a different set of identity challenges and a unique approach to identity management. When it comes to media and entertainment, viewers love to move around a lot. Therefore, organizations need to understand a few things before embarking on the journey.
\nFor example, what goal they hope to achieve, how does a CIAM platform fits into the picture, and identify the right solution to get the job done. LoginRadius allows you to equip and support your viewers well so you can adapt to the new way of entertainment.
\n![\"book-a-demo-loginradius\"](\"/788a6a84e389edac18728007099fdc1d/Book-a-free-demo-request-1024x310.webp\")
With COVID-19 forcing businesses of all sizes to move to remote working and connect with consumers online, Okta plans to leverage Auth0's consumer identification product to fuel growth in the $55 billion identity industry that splits as $25B for customer identity and $30B for workforce identity.
\nWhat does this acquisition imply, and why is it relevant?
\nFor starters, this announcement reveals the dynamics of the historical and present-day scenario of the global consumer identity and access management (CIAM) market. Recent acquisition and investments show that a cloud-based customer identity platform to deliver secure digital experience and protect consumer privacy is gaining outrageous momentum.
\nHere are some of the notable events in CIAM in recent times:
\nThere were no pure-play CIAM vendors a decade ago and big players such as IBM, Oracle, Microsoft tried to extend their Employee IAM offering to customer identity use cases (which did not work). However, the newer players like Auth0, Gigya, ForgeRock, and LoginRadius have more recently driven innovation and accelerated adoption of Customer IAM technology. There's no doubt that identity is taking over as a strategic imperative for winning big in the digital economy.
\nWhy are businesses investing like never before?
\nWith massive penetration of smartphones, Internet and cloud, the world has gone digital and consumers expect everything online. Especially in this pandemic period, consumers have become increasingly reliant on online purchases.
\nBrands have no choice but to build frictionless and secure digital experience for their customers while protecting their privacy. Consumers expect to access most of the services via a variety of devices and web applications, prompting businesses to invest in advanced technology that prevents cybercriminals from gaining access to sensitive information. Among security requirements include global compliances like the GDPR and CCPA. Customer IAM is emerging as foundational technology.
\nEven analysts firms like Forrester, Gartner and KuppingerCole reported about this new and exciting category, where LoginRadius has been emerging as a leading vendor, time and again. In the recent Forrester Wave on CIAM, LoginRadius’ technology was ranked #1 above Auth0 and Okta.
\nWhat does the future look like?
\nCurrent CIAM players represent the tip of the iceberg of $25B revenue opportunity in Customer IAM space. My estimate is that less than 1.5% of this revenue opportunity is tapped so far. More importantly, the total addressable market is growing exponentially as the world gets digitized.
\nThis is an exciting phase of the IAM space particularly for the new category, Customer IAM (CIAM).
\nI see three key trends emerging in coming years:
\nI’m excited for all the CIAM players.
\nTogether, let's build a world which is more secure, where privacy is protected and where consumers have delighted digital experience.
\n
E-commerce business is growing day by day as it saves time and cost for people traveling to meet or perform businesses in person. More people are conducting business online by creating accounts using email or phone verification. This has posed a challenge for everyone to identify the persons who we are claiming online. Online hackers have used false Identity to deceive or defraud someone else. Hence, Electronic Identity ( eID) provides a way for businesses to verify a person's identity online and reduce the chances of Identity Fraud.
\nElectronic identity is an electronic card or device with a unique identity number issued by either a government agency or some banks. A consumer needs to go to the government agency or some banks and show valid identity documents. After the document verification, an Electronic Identity is issued to the consumer. Examples of e-IDs are Danish NemID, Swedish BankID, and Dutch DigiD.
\nMost service providers such as financial institutions and insurance firms provide services online and are recognizing an opportunity in implementing eID due to strict Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
\neIDs are used to authenticate consumers online across multiple platforms and services. eIDs also allow the consumers to sign documents online, and the companies can trust the signature as the electronic identity is issued by the government or banks based on physical identity documents. This is fast, convenient, and secure for the consumers as they are saved from completing registration forms for multiple services. Hence, this increases the conversion for the businesses.
\nLoginRadius supports all the major industry federated SSO methods. Hence, you can integrate eID authentication with LoginRadius using some third application like Criipto, which supports the industry-standard SSO methods. Criipto allows the integration of an eID with the LoginRadius application using JWT SSO Login flow. Jason Web Token ( JWT) is a signed token that transfers the information from one service to another securely.
\nPlease see the following steps to register your LoginRadius app in your Criipto account.
\nAdd the following information:\n![\"criipto](\"/3791e451e2ca605de23570e590ae2e39/criipto-config1.webp\")
![\"criipto](\"/d7a33776d082102bdca579cd9b35966f/criipto-config2.webp\")
![\"JWT](\"/08f84d337d1d3fc37302043e1e940987/LR-JWT-Config1.webp\")
![\"JWT](\"/b49eb762379da71ae766c76ec1a26497/LR-JWT-Config2.webp\")
Complete the following details in the JWT provider
\nData Mapping:
\nThis guide uses LoginRadius API for authenticating React apps. It provides React developers with a more straightforward way to add user authentication to react apps. To handle a lot of authentication implementation information, LoginRadius offers a high-level API. Using security best practices, now you can protect your response apps while writing less code.
\nThis article focuses on helping developers learn how to integrate user authentication in the React application. Practice the following security principles to improve authentication on React applications:
\nIn the React application, we can easily and quickly add authentication by using LoginRadius. If you already have a customized login/registration page ready, then I'll guide you to the next step of adding authentication in react apps.
\nA new application was created for you when you signed up for LoginRadius. From here, you get some essential information.
\n<script type="text/javascript" src="https://auth.lrcontent.com/v2/LoginRadiusV2.js"></script>We will use an API framework to call LoginRadius APIs for authentication. Create a new file LoginPage.js, and add the following code.
\n import React, { useState } from "react";\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n };\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n const LoginButton = () => {\n const loginButtonHandler = () => {\n loginradius.api.login({emailid: emailValue,\n password: passwordValue},\n (successResponse)=>{\n //Here you will get the access Token of \n \n \n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n });\n }\n const [emailValue, updateEmailValue] = useState("");\n const [passwordValue, updatePasswordValue] = useState("");\n return (\n <React.Fragment>\n <input type="text" value={emailValue} onChange={(e)=>{updateEmailValue(e.target.value)}} placeholder={"email"}/>\n <input type="password" value={passwordValue} onChange={(e)=>{updatePasswordValue(e.target.value)}} placeholder={"Password"} />\n <button onClick={() => loginButtonHandler()}>Log In</button>\n </React.Fragment>\n );\n };\n export default LoginButton;In the above code, you will see the lrConfig object, which has apikey that you will get from the LoginRadius account. After calling loginradius.api.login, you will get the response in which you will get the access Token. Through this access token, you can get the user profile.
Create LogoutPage.js file and add following code:
\n import React, { useState } from "react";\n\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n };\n\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n\n const LogoutButton = () => {\n const token = '************'; // Access Token that you got after login\n const logoutButtonHandler = () => {\n //Note: Call invalidate token api to invalidate the token.**\n loginradius.api.invalidateToken(\n token,\n (successResponse)=>{\n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n }\n );\n }\n return (\n <React.Fragment>\n <button onClick={() => logoutButtonHandler()}>Logout</button>\n </React.Fragment>\n );\n };\n export default LogoutButton;In the above code, we have called invalidated token api, which expires your access token.
\nCreate SignupPage.js file and add the following code:
\n import React, { useState } from "react";\n const lrconfig = {\n apiKey: "*************************", //LoginRadius API key\n sott: "***************************" //Secure Token for signup functionality\n };\n const loginradius = {};\n if (window.LoginRadiusV2) {\n loginradius = new window.LoginRadiusV2(lrconfig);\n loginradius.api.init(lrconfig);\n }\n const SignupButton = () => {\n const signupButtonHandler = () => {\n loginradius.api.registration({\n email: [{ type: "Primary", value: emailValue }],\n password: passwordValue\n },\n (successResponse)=>{\n //Here you will get the response after registration\n console.log(successResponse);\n },\n (errors) => {\n console.log(errors);\n });\n }\n const [emailValue, updateEmailValue] = useState("");\n const [passwordValue, updatePasswordValue] = useState("");\n return (\n <React.Fragment>\n <input type="text" value={emailValue} onChange={(e)=>{updateEmailValue(e.target.value)}} placeholder={"email"}/>\n <input type="password" value={passwordValue} onChange={(e)=>{updatePasswordValue(e.target.value)}} placeholder={"Password"} />\n <button onClick={() => signupButtonHandler()}>Log In</button>\n </React.Fragment>\n );\n };\n export default SignupButton;In the above code, You will get a success/error response after calling the registration api.
\nThe most common authentication use case for a React application gets covered in this tutorial: quick login and logout. However, LoginRadius is an expandable and versatile platform that can help you accomplish much more. In this guide, We have used the LoginRadius API Framework. If you want to incorporate our hosted page into your application, follow this documentation.
\nLet me know what you think of this tutorial in the comments below. Thanks for reading :)
\n","frontmatter":{"date":"December 10, 2020","updated_date":null,"title":"A Guide To React User Authentication with LoginRadius","tags":["Authentication","LoginRadius","React"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/a877f5fa04ac6dd24b63bb101cc8302d/58556/authentication-main.webp","srcSet":"/static/a877f5fa04ac6dd24b63bb101cc8302d/61e93/authentication-main.webp 200w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/1f5c5/authentication-main.webp 400w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/58556/authentication-main.webp 800w,\n/static/a877f5fa04ac6dd24b63bb101cc8302d/99238/authentication-main.webp 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Versha Gupta","github":"vershagupta","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/loginradius-opensource-repos-for-hacktoberfest-2020/"},"html":"Just 1 week left in hacktoberfest 2020 and being part of it, we at LoginRadius are all set with lots of our projects going open source this year.
\n\n\nTo get LoginRadius swags see our Hacktoberfest Launch Blog. We have around 500 swags for our open source contributors.
\n
Here is a list of our open source projects available on Github for hacktoberfest 2020
\n![\"loginradius-hacktoberfest\"](\"/02fcd3f81a4a4130403e1ae6713b83f8/lr-open-source.webp\")
LoginRadius Engineering Portal
\nCascade
\n\n\n","frontmatter":{"date":"September 25, 2020","updated_date":null,"title":"LoginRadius Open Source For Hacktoberfest 2020","tags":["hacktoberfest","open-source","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5873015873015872,"src":"/static/9a2056972f92077b2af8b32ecc2fcbdd/58556/hacktober-fest-banner.webp","srcSet":"/static/9a2056972f92077b2af8b32ecc2fcbdd/61e93/hacktober-fest-banner.webp 200w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/1f5c5/hacktober-fest-banner.webp 400w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/58556/hacktober-fest-banner.webp 800w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/e30b5/hacktober-fest-banner.webp 1000w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Hridayesh Sharma","github":"vyasriday","avatar":null}}}},{"node":{"fields":{"slug":"/engineering/loginradius-supports-hacktoberfest-2020/"},"html":"Check the open issues on each of the projects as well as Pull Request before creating a new one. Happy Coding!\nStay tuned for more updates from LoginRadius and don't forget to check our Hacktoberfest Page to get around 500 swags from LoginRadius.
\n
It's hard to imagine a world without open source these days. Open source powers the biggest organizations of today's world. Open-source software like Linux runs most of today's servers and also powers the Android Operating System.
\nHacktoberfest is a month-long celebration of open-source software in October month run by DigitalOcean in partnership with GitHub and DEV. Hacktoberfest is open to everyone in our global community!
\nFrom Official Website:
\n\n\nHacktoberfest is open to everyone in our global community. Whether you’re new to development, a student, long-time contributor, event host, or company of any size, you can help drive the growth of open source and make positive contributions to an ever-growing community. All backgrounds and skill levels are encouraged to complete the challenge.
\n
The purpose of this month-long celebration is to get people started in open source and give back to the open-source community.
\nIt is the easiest way to get into open source for people who have never contributed to open-source community or find it difficult to contribute.
\nAnyone can contribute to hacktoberfest by registering at hacktoberfest website anytime between 1st October to 31st October.
\nDuring this time, anyone who wishes to be part of this month-long fest needs to open four quality pull requests on any of the open-source projects on Github.
\nFinding projects can be a bit challenging. It can be the tools you are already using, or different tools can be used to find the issues based on various labels. Tools like issuehub are really helpful for the same.
\nThis year LoginRadius is going to be part of Hacktoberfest by open-sourcing a lot of its projects and accepting contributions on them including its Engineering Blog.
\nLike I said, this year LoginRadius will be part of hacktoberfest and yes, we are here with some cool swags. We have got around 500 t-shirts for people contributing to our open source repositories. We will soon share details on how to get LoginRadius swags as well as our open source repositories on our Blog.
\nStay tuned and don’t forget to mention your open-source projects for us to contribute.
\n","frontmatter":{"date":"September 18, 2020","updated_date":null,"title":"LoginRadius Supports Hacktoberfest 2020","tags":["hacktoberfest","open-source","LoginRadius"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5873015873015872,"src":"/static/9a2056972f92077b2af8b32ecc2fcbdd/58556/hacktober-fest-banner.webp","srcSet":"/static/9a2056972f92077b2af8b32ecc2fcbdd/61e93/hacktober-fest-banner.webp 200w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/1f5c5/hacktober-fest-banner.webp 400w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/58556/hacktober-fest-banner.webp 800w,\n/static/9a2056972f92077b2af8b32ecc2fcbdd/e30b5/hacktober-fest-banner.webp 1000w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Hridayesh Sharma","github":"vyasriday","avatar":null}}}},{"node":{"fields":{"slug":"/identity/announcing-new-look-of-loginradius/"},"html":"LoginRadius is happy to announce that we have a new logo now.
\nYes! We loved the old one, but we decided to upgrade it as part of our ever-evolving branding metrics. After all, progress is impossible without change.
\nSo, here’s our new look.
\n![\"LoginRadius](\"/4d9e15e17d42c355ead62634f20c5608/loginradius-logo-horizontal-full-colour-on-white-1024x211.webp\"){kind=logo}
As a leader in cloud-based Customer Identity and Access Management (CIAM) solution that the following two core principles are reflected in the branding:
\nPutting users at the center
\nOur platform is all about consumer-brand relationships and to strengthen the relationship we believe we need to put the consumer at the center. So, everything we design and develop, we keep the very end-users i.e. your consumers at the centre.
\nOur first priority is to benefit them -- giving them peace of mind by protecting their data, account and privacy; and offering them a delightful experience.
\nSecurity is the foundation of our business
\nSecurity is not a feature but the foundation of our business. Protecting consumers’ data, account and privacy is the most important function of our business and platform. We and our customers never compromise on security. Period.
\nOver the years, LoginRadius has exponentially grown from a simple social login provider to an industry-leading customer identity and access management (CIAM) platform.
\nTherefore, it is important that we align our designing goals to reflect how we serve our customers, what our milestones are and most importantly, symbolize our future on what more do we intend to achieve.
\nKeeping designing and user experience at the core of innovation, our creative thinkers came up with a logo that is crisp, smart, minimalistic and feels connected.
\nNeedless to say, they got exactly what we intended to project out to the world – user-centric CIAM platform with a strong security foundation.
\nFirst, we would like to take a moment to highlight the retirement of our current logo. After all, it had been serving the spirit of LoginRadius since our inception.
\nFast-forward to the present day, the new logo marks a crucial milestone towards representing our brand-building process.
\n![\"LoginRadius](\"/16753b4de5d78741baf37b75afe3b390/logo-1024x991.webp\"){kind=logo}
Letting go of our core designing heritage was never our objective. Our color palette is the testimony of what we have been for our customers and promotes authenticity in every form.
\n![](\"/45425ade83137235c58f51ddcfe288d9/logo-2-1024x589.webp\"){kind=logo}
The new logo is an attempt at modernizing our brand and helping it connect more with our customers.
\nAmidst the huge chunk of workload that rebranding brings along, we are super thrilled to share this news and would like to take a moment to thank our loyal customer base. Do share your comments about the change.
\n![](\"/d98399eb71bd29d9efc50cedf469c114/CTA-Graphics-for-Blogs-V03.01-05-2-1024x310.webp\")
COVID-19 is a global epidemic that demands decisive and robust action.
\nFollowing the announcement by the World Health Organization (WHO) to address the coronavirus (COVID-19) threat as a pandemic, organizations across the globe are looking to their Business Continuity Management (BCM) plan to make sure they are covered.
\nFor LoginRadius, as a SaaS-based customer identity platform, planning ahead to counter any disruption has always been an essential aspect of its resilience program.
\nConsequently, we have put our contingency plan to action to fight the current and future risks to our business, and our customers' businesses, due to the COVID-19 outbreak.
\nAs the developing situation changes with respect to world health outlook, we have outlined three key areas to ensure our readiness towards workplace mitigation. They include:
\nThereafter, we are prepared to react accordingly to ensure business continuity. Here’s what our plan looks like:
\nEmployee Health and Safety
\nWe are mindful of our employees and are up to date on the officially mandated actions related to hygiene and safety at our workstations. Likewise, we have rolled out the following policies:
\nService Operations
\nAs an automated, fully cloud-based software solution redundantly hosted on industry-leading infrastructure providers like Amazon Web Services and Microsoft Azure, the LoginRadius platform is inherently insulated from the business and commercial impacts of the virus.
\nThis includes impacts from regional staffing and manpower shortages or disruptions in global supply chains.
\nWe have been working for several weeks with impromptu and scheduled drills to help ensure that operations run without disruption in the eventuality of an outbreak or other critical event which may impact our organization.
\nBusiness Operations
\nSimilarly, we have rolled out remote working policies for all LoginRadius team members. Employees can work offsite as they would on-premises, guaranteeing no disruption to business operations, including our customer-facing sales, customer success, support, and account management teams.
\nWe place the highest value on the partnerships that we've established with our customers and stakeholders. Rest assured, we are committed to ensuring uninterrupted success, even in times of hardship and challenges.
\nIn the end, we wish our customers health, security, and good fortune.
\n![](\"/d98399eb71bd29d9efc50cedf469c114/CTA-Graphics-for-Blogs-V03.01-05-3-1024x310.webp\")
LoginRadius is one of 415 identity companies selected from a pool of over 2,000 to be featured in the report.
\nVANCOUVER, BC – December 2, 2019 – LoginRadius, a leader in cloud-based customer identity and access management (CIAM) solutions, is pleased to announce that
\nOne World Identity (OWI) has named LoginRadius as a leader in customer identity and access management (CIAM) in its 2019 Identity Industry Landscape.
\nOWI is a leading market intelligence and strategy firm focused on identity, trust, and the data economy. Its annual Identity Landscape provides a comprehensive and holistic view of leading companies in the identity space. This includes an unparalleled overview of how digital identity applications are evolving, as well as how companies and markets are shaping the next generation of digital identity.
\n“Since 2017, the number of identity companies has more than quadrupled, from 500 companies to over 2,000,” said Travis Jarae, CEO and Founder of OWI. “With the wave of data breaches and privacy scandals, there is a rapid expansion of identity products and solutions.
\nThe OWI team interacts with identity companies every day, from startups to enterprise. We’re proud to share the Identity Landscape each year to distill how new companies, products, and solutions are shaping the future of identity.”
\n“LoginRadius is honoured to be one of the 415 identity companies selected from a pool of over 2,000 companies in the industry,”. “We are committed to empowering businesses to safely secure their customers’ identities while complying with existing and future regulations and delivering a unified digital experience
\n![\"modern-ciam\"](\"/96b65dafa8f2f84ceb9815f9722b0e82/modern-ciam.webp\")
The OWI Identity Landscape is a tool to help companies keep track of market growth and trends and understand the strategic importance of digital identity moving into 2020 and beyond. OWI will be releasing a more detailed research report delving into the details of each market segment and how companies within the industry overlap and intersect in upcoming months.
\nDownload a complimentary copy of OWI’s 2019 Industry Landscape at www.oneworldidentity.com/landscape.
\nAbout OWI
\nOWI is a market intelligence and strategy firm focused on identity, trust, and the data economy. Through advisory services, events and research, OWI helps a wide range of public and privately held companies, investors and governments stay ahead of market trends, so they can build sustainable, forward-looking products and strategies. OWI was founded in 2015 and is the host of the KNOW Identity Conference that takes place in Vegas April 5-8, 2020.
\nAbout LoginRadius
\nLoginRadius is a leading cloud-based customer identity and access management (CIAM) solution securing more than one billion user identities worldwide.
\nThe LoginRadius Identity Platform empowers business and government organizations to manage customer identities securely, deliver a unified digital experience, and comply with all major privacy regulations such as the EU’s General Data Protection Regulation (GDPR).
\n![\"book-a-demo-loginradius\"](\"/1bebf239d110701b9b534d7eb481a5ac/BD-Plexicon1-1024x310-1.webp\")