Blog
Security
/ 20 Apr, 2026Vercel April 2026 Security Incident: How a Compromised OAuth App Led to a Major Breach
On April 19, 2026, Vercel disclosed that attackers compromised an employee's Google Workspace account through a malicious OAuth 2.0 application originating from Context.ai, a third-party AI tool.
This post breaks down how the attack worked, what OAuth scopes were abused, and how organizations can detect and respond to these threats with and without SlashID.
Security
/ 20 Apr, 2026Vercel April 2026 Security Incident: How a Compromised OAuth App Led to a Major Breach
On April 19, 2026, Vercel disclosed that attackers compromised an employee's Google Workspace account through a malicious OAuth 2.0 application originating from Context.ai, a third-party AI tool.
This post breaks down how the attack worked, what OAuth scopes were abused, and how organizations can detect and respond to these threats with and without SlashID.
New Feature
/ 10 Jun, 2024Credential Tokenization: Protecting third-party API credentials
Stolen secrets and credentials are one of the most common ways for attackers to move laterally and maintain persistence in cloud environments.
In this blog post we introduce credential tokenization to protect secrets at runtime, introduce separation of duties, and reduce the credential rotation burden.
New Feature
/ 3 Jun, 2024Secure API and M2M Access with OAuth2 Client Credentials and SlashID's sidecar
The recent Hugging Face breach is yet another reminder that securing machine-to-machine communication and API access is essential today.
By leveraging OAuth2 Client Credentials, you can enhance security, enable fine-grained access control, simplify credential management, and benefit from a standards-based approach.
New Feature
/ 14 May, 2024Introducing Organization Attributes
With organization attributes, you can now easily store and manage tenant-level data directly on our platform.
New Feature
/ 24 Apr, 2024Introducing Anonymous Users: Balancing First-Party Data Collection and User Experience
With the deprecation of third-party cookies, first-party data has become crucial for websites to personalize user experiences.
SlashID introduces Anonymous Users, a feature that allows websites to collect user data without forcing users to register or log in, striking the perfect balance between data collection and user experience.
Product Releases
/ 2 Apr, 2024SlashID SDK for PHP and Laravel authentication
While very popular, PHP lacks modern identity and access management (IAM) capabilities. SlashID changes that with the release of our SDK for PHP and Laravel.
This is just the beginning; according to W3Tech PHP is used by over 76% of indexed websites. In the weeks to come, we aim to cover other popular frameworks such as Drupal and Symfony.
Deep Dives
/ 6 Mar, 2024Adding custom claims to identity tokens
Adding custom claims to JWTs allows you to share identity information without repeated queries to external data sources.
Read on to learn how to customize claims with SlashID's webhooks.
New Feature
/ 19 Feb, 2024SlashID: Building a globally distributed Identity Platform
We built the SlashID infrastructure so that your user data is globally distributed.
Our architecture helps applications using SlashID benefit from dramatically reduced latency, high availability and comply with data protection laws without fragmented identity silos or extra fees.
Deep Dives
/ 31 Jan, 2024Passkeys Adoption Trends: Survey from Large Deployments
In this comprehensive blog post, we delve into the publicly available data on large-scale passkeys rollouts, examining results, conversion rates, and implementation challenges as documented in engineering blogs by companies like Kayak and Yahoo Japan.
Security
/ 18 Jan, 2024Single Sign-On implementation: Safely retrieving the email claim
A number of security issues have been discovered recently caused by the reliance on the email claim when using OpenID Connect (OIDC) for SSO.
In this blog post we'll review some of the major OIDC providers to discuss how to retrieve the claim safely
