Engineering, security, and product updates
Deep dives into how we build a security-first identity provider. Post-quantum crypto, privacy engineering, and hard-won lessons from production.
Security posts
Introducing Post-Quantum Session Signatures
Every session token issued by UniAuth is now signed with ML-DSA-44, a FIPS 204 post-quantum digital signature algorithm. We explain why we moved early, how the performance budget stays under 2ms, and what this means for your users when large-scale quantum computers arrive.
How Pairwise Privacy Protects Your Users
UniAuth never exposes real user IDs to OAuth clients. Instead, each app receives a deterministic, app-specific HMAC identifier that prevents cross-service correlation. We walk through the cryptographic construction, the privacy guarantees, and why even we cannot reverse the mapping without the HMAC key.
Stay in the loop
Get notified when we publish new posts about security, engineering, and product updates. No spam, unsubscribe any time.
We respect your privacy. Read our Privacy Policy.