In the latest Forrester Wave™: Customer Identity and Access Management report (Oct, 2020), WSO2 Identity Server was recognized as a Strong Performer, among the 13 most significant CIAM vendors Forrester picked.


Source Code Maintenance

WSO2 Identity Server maintains the source code and all the scripts that are used to build the product in GitHub repositories, under two GitHub organizations: wso2 and wso2-extensions. These two GitHub organizations carry code and scripts related to all WSO2 products, with hundreds of repositories.

The Git repositories used by WSO2 products are of two categories:

  • Feature repositories: A feature repository consists of the source code relevant to a particular component. Each WSO2 product is built using combinations of these feature repositories. Therefore, if you want to do modifications to a particular function in a product, you need to clone…


When it comes to the Identity and Access management domain, open standards have become foundational. If you look at any of the existing IAM vendors they preach about open standards and their compatibility a lot. Since open standards are a commodity no one can get a competitive advantage just by implementing open standards. So all the vendors are in a continuous race to contribute new standards or implementing those standards.

On the other hand customers, have to plan for the divorce even before the marriage, due to an inner fear called “vendor lock-in”. In the evaluation phase, we evaluate the…


https://g.foolcdn.com/image/?url=https%3A%2F%2Fg.foolcdn.com%2Feditorial%2Fimages%2F480754%2Fblockchain-iot-security-identity
https://g.foolcdn.com/image/?url=https%3A%2F%2Fg.foolcdn.com%2Feditorial%2Fimages%2F480754%2Fblockchain-iot-security-identity
[Image credit goes to]

APIs are key components in any Digital Transformation journey. APIs are enabling organizations to create new business models, connect with partners and customers while providing a seamless experience by linking systems and services together. In this API economy, all modern architecture concepts deeply rely on APIs.

Access delegation is the primary security requirement in an API ecosystem where someone else will access an API on your behalf and you need to delegate the corresponding access rights to the application or service. Providing end users’ credentials or the usage of an API key is not a recommended approach anymore. OAuth 2.0…


APIs are a key component in any digital transformation journey, enabling organizations to create new business models, connect with partners and customers, and provide a seamless experience by linking systems and services together. In our contemporary API economy, all modern architecture concepts rely on APIs heavily.

Hackers are a common presence in any digital industry and in the API economy, hackers are paying close attention to API ecosystems. OAuth 2.0 and OIDC were the default security practices used to secure APIs. With the increase in data, the severity of the data exposed via APIs, and higher usage of APIs, opportunities…


In the KuppingerCole Identity API Platforms Leadership Compass 2019 report published on August 30, 2019, named Forgerock, Ping Identity, WSO2 (WSO2 Identity Server), Okta and Auth0 as overall leaders. The report’s findings were based on an evaluation of 13 software vendors that KuppingerCole has identified as the most significant Identity API Platform providers. Companies identified as overall leaders were recognized for demonstrating leadership in three areas: product, innovation, and market. Here it will summarize this comprehensive research and discuss why you should care about it.

APIs are key components in any Digital Transformation journey. APIs are enabling organizations to create…


[Image credit goes to dheerajsoni.com]

OAuth 2.0 is the industry standard for access delegation. If someone asked about OAuth 2.0, naturally it will bring in to your mind that there is an access token which is similar to your valet key, allow to access your protected resource on behalf of you.

Further, I believe you have already read, The OAuth 2.0 Authorization Framework [RFC 6749] specification which defines the OAuth 2.0 specific roles (Resource owner, Authorization server, Client, etc.), basic grant types to provide the authorization grant and basic recommendations. With this specification, it has built the base of this overall authorization framework, yet there…


Who wouldn’t want to connect with consumers who are using 1.4 billion devices into their business?

Image from Apple.com

In WWDC 2019, Apple announced, “Sign In with Apple” the new identity provider feature which is going to be mandatory for all App Store apps soon. In consumer IAM perspective this is a great opportunity for enterprise to seamlessly connect with world wide users who currently using 1.4 billion apple devices. …


It’s been more than 30 years since the open source was initiated and now it has become the biggest theme in technology. Some of the highlights in 2018 that emphasize this fact are: Red Hat is being acquired by IBM for $32 billion; Microsoft completed its $7.5 billion GitHub acquisition; MuleSoft was acquired after going public for $6.5 billion; MongoDB is now worth north of $4 billion. This is only a portion of the list and it’s clear that open source adoptions are on its highest and open source software are winning the overall software market.

But, been working in…


In my previous article “Say Hello to OAuth 2.0” I discussed about concepts and main actors behind OAuth 2.0 framework. Idea of this article is to get familiar remaining bits and pieces, mainly this article It’ll discuss different flows (grant types) that can be used to get an access token and recommendation on choosing grant types.

Quick Refresher — OAuth 2.0 Concepts

Resource owner

An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user.

Resource server

The server hosting the protected resources, capable of accepting and…

Ishara Karunarathna

Director Of Engineering @WSO2 [WSO2 Identity Server]

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store