Curity How-tos

Authentication Fallback

Thu, 05 Mar 2026 00:00:00 GMT

Modern digital services rely on strong, seamless authentication. However, even the most robust authentication systems can depend on external components and integrations. If one of these services becomes unavailable, users may be unable to authenticate and use a service. This…
Read the full how-to on curity.io

Upgrade Data Sources

Mon, 16 Feb 2026 00:00:00 GMT

The schema of the Curity Identity Server is relatively simple to understand and administer. Some newer product versions require schema upgrades. Starting in version 11.0 of the Curity Identity Server, the upgrade process integrates with the tool, which enables you to…
Read the full how-to on curity.io

Upgrade Best Practices

Sun, 15 Feb 2026 00:00:00 GMT

Curity releases upgrades and new versions of the Curity Identity Server on a regular basis. As much as possible, all upgrades are backwards compatible, though major releases may introduce occasional breaking changes. This tutorial lists the steps you should follow to ensure a…
Read the full how-to on curity.io

Integrate the Curity Identity Server with SPIFFE and SPIRE

Thu, 04 Dec 2025 00:00:00 GMT

The provides specifications for interoperable, strong identity documents for workloads. The is an implementation that you can deploy to a cloud native environment. When you deploy SPIRE…
Read the full how-to on curity.io

Harden OAuth Client Credentials with SPIFFE JWT SVIDs

Thu, 04 Dec 2025 00:00:00 GMT

The tutorial explains how to deploy a demo SPIRE environment. Administrators can register workloads with SPIRE and enable them to download JWT SVIDs (SPIFFE Verifiable Identity Documents). A workload can use its JWT SVID…
Read the full how-to on curity.io

Harden OAuth Client Credentials with SPIFFE X509 SVIDs

Thu, 04 Dec 2025 00:00:00 GMT

The Curity Identity Server can integrate with an and with . In those environments, workloads can use a for strong authentication. X509 SVIDs enable the use of mutual TLS between workloads in service…
Read the full how-to on curity.io

Integrate the Curity Identity Server with an Istio Service Mesh

Wed, 03 Dec 2025 00:00:00 GMT

A service mesh can extend the behaviors of a Kubernetes cluster, to provide additional ways to separate infrastructure concerns from application code. For example, a service mesh can override networking and route all requests via middleware like sidecars. The mesh can also issue…
Read the full how-to on curity.io

Harden OAuth Client Credentials in Kubernetes

Wed, 03 Dec 2025 00:00:00 GMT

Administrators can assign Kubernetes workloads distinct service accounts and also request that the Kubernetes control plane issues a service account token to a volume on each of the workload's pods. A pod can use the service account token as a workload credential, to…
Read the full how-to on curity.io

Customizing User Consent

Wed, 05 Nov 2025 00:00:00 GMT

The tutorial explains how to configure user consent for clients in the Curity Identity Server. The goal of user consent is to provide an understandable experience to users when they can grant a third-party access to resources. There could be many use cases for user…
Read the full how-to on curity.io

Integrating With Tyk Self-Managed Using the Phantom Token Pattern

Wed, 29 Oct 2025 00:00:00 GMT

Tyk Self-Managed offers a plethora of options when it comes to extending the capability of the API gateway. A powerful option is to use a so-called rich plugin. This approach allows the plugin to be written in any language that supports . The plugin is deployed as a separate…
Read the full how-to on curity.io

Integrating with Tyk Developer Portal

Tue, 30 Sep 2025 00:00:00 GMT

The Tyk API Gateway with its Tyk Enterprise Developer Portal supports Dynamic Client Registration (DCR). This is a very powerful functionality to enable integration with the Curity Identity Server.
Read the full how-to on curity.io

User Self-Service Portal

Tue, 26 Aug 2025 00:00:00 GMT

The Curity Identity Server provides like user accounts. Any frontend application can integrate with identity APIs to enable users to manage their identity settings. Often, organizations also want an out-of-the-box application rather than needing…
Read the full how-to on curity.io

Migrating from Microsoft Active Directory Federation Services

Fri, 15 Aug 2025 00:00:00 GMT

Many organizations have existing websites that base security on the from the Security Assertion Markup Language (SAML) 2.0 standard. Websites integrate with a SAML Identity Provider (IDP) and receive a SAML assertion that contains user attributes…
Read the full how-to on curity.io

Integrate a SAML Website

Tue, 12 Aug 2025 00:00:00 GMT

Many existing websites use the from the Security Assertion Markup Language (SAML) 2.0 security standard, to manage user authentication and the initiation of a secured web session. Each website then acts as a SAML Service Provider and runs a flow to…
Read the full how-to on curity.io

Integrating with IBM API Connect using the Phantom Token Pattern

Thu, 07 Aug 2025 00:00:00 GMT

The IBM API Connect Gateway is a powerful API Gateway that is used to protect APIs and Microservices. It is possible to extend the capabilities of the gateway using many of the provided policies. Using a couple of these policies in conjunction with a Lambda Authorizer function…
Read the full how-to on curity.io

Verifiable Credentials in Wallets

Thu, 26 Jun 2025 00:00:00 GMT

Verifiable credentials are pieces of information that users can request and store in a wallet. Users can load a stored verifiable credential from the wallet to prove some assertions, e.g. their identities. There are two protocols under way for issuing and presenting verifiable…
Read the full how-to on curity.io

Non-Templatized Dynamic Client Registration

Mon, 02 Jun 2025 00:00:00 GMT

Non-Templatized Dynamic Client Registration This tutorial shows step by step how to enable Dynamic Client Registration with non-templatized clients in the Curity Identity Server. Before you continue, make sure you are familiar with how DCR works by reading
Read the full how-to on curity.io

NGINX Phantom Token Module

Wed, 07 May 2025 00:00:00 GMT

This tutorial explains how to integrate an NGINX module that introspects access tokens according to , producing a that can be forwarded to back-end APIs and web services. This module, when enabled, filters incoming requests, denying access to those which do…
Read the full how-to on curity.io

Advanced Login Customizations for HAAPI Mobile Apps

Thu, 17 Apr 2025 00:00:00 GMT

A mobile app that uses the HAAPI UI SDK can customize login screens in various ways. When getting started, use the basic customizations explained in the and tutorials, to implement themes and change static text. This tutorial explains how to implement more advanced…
Read the full how-to on curity.io

Implementing HAAPI Attestation Fallback

Thu, 10 Apr 2025 00:00:00 GMT

Intro When using the hypermedia authentication API (HAAPI), the mobile client proves its identity to the Curity Identity Server before allowing authentication to begin. In production environments this is done using mobile attestation techniques, to obtain a certificate that…
Read the full how-to on curity.io

Integrating with the Mulesoft Flex API Gateway

Tue, 08 Apr 2025 00:00:00 GMT

This article describes how to enable the by using a custom policy developed for the Mulesoft Flex API Gateway. The details of the is a useful read before diving fully into how to set up this integration. Prerequisites…
Read the full how-to on curity.io

Resource Owner Password Flow

Fri, 04 Apr 2025 00:00:00 GMT

What is ROPC? The Resource Owner Password Credential (ROPC) flow is one of the standard flows 1. Unlike some of the other standard flows, it is a very straightforward request and response. The client simply collects the user's credentials and makes a call to the…
Read the full how-to on curity.io

Data Management Overview

Mon, 31 Mar 2025 00:00:00 GMT

The Curity Identity Server uses both permanent and temporary identity data. During user authentication and token issuance the system reads and writes user accounts and credentials. It also stores temporary data related to user sessions and tokens. More generally, the Curity…
Read the full how-to on curity.io

Get Started with Identity Data

Fri, 28 Mar 2025 00:00:00 GMT

This tutorial shows how to get connected to data sources and understand the identity data schema of the Curity Identity Server. In addition, the content explains some initial design considerations that relate to user accounts and user identities in access tokens. Connect a…
Read the full how-to on curity.io

Get Connected to NoSQL Data Sources

Fri, 28 Mar 2025 00:00:00 GMT

This tutorial explains the basic steps to connect the Curity Identity Server to a NoSQL database, if, for example, you want to use managed database hosting from a cloud provider. The content describes some demo deployments. Once connected, you can plan your real database…
Read the full how-to on curity.io