Engineering, security, and product updates
Deep dives into how we build a security-first identity provider. Post-quantum crypto, privacy engineering, and hard-won lessons from production.
Engineering posts
Building a DNS-Rebinding-Safe HTTP Client
Webhook delivery and SCIM provisioning both require outbound HTTP requests to user-supplied URLs. We built an SSRF-resistant HTTP client that validates resolved IPs after DNS lookup but before connection. This post covers the pitfalls of naive URL parsing and the dual-stack IPv4/IPv6 edge cases we caught.
SCIM 2.0 Multi-Tenant Isolation: Design Decisions
When multiple organizations share a UniAuth deployment, their SCIM group memberships must be strictly isolated. We discuss the schema design that gives each tenant its own namespace, the bearer-token-per-client auth model, and how bulk operations respect tenant boundaries without sacrificing throughput.
Stay in the loop
Get notified when we publish new posts about security, engineering, and product updates. No spam, unsubscribe any time.
We respect your privacy. Read our Privacy Policy.