We built ngrok with a simple mission: to empower developers while keeping security teams happy. We strive to take ingress off developers’ plates with our platform, and that requires making security-focused features accessible and easy to use. Today, I'm proud to announce an important step in that direction: we're adding our security features — OAuth and Webhook validation — to our free plan.
OAuth 2.0 is a key security protocol of the internet. It is the de-facto standard that services like GitHub, Google, Meta, Twitch, and Microsoft use to share identities — together with OpenID Connect — and authorization with developer apps while protecting their users’ data and maintaining trust.
However, OAuth is very complex to implement, requiring a deep understanding of its principles, concepts, and security requirements to keep communications safe. Diligence and care are essential for a secure implementation, adding a time burden to developers.
We've integrated with the most popular OAuth providers — including Google, Microsoft, GitHub, LinkedIn — and implemented their integrations and best practices at our service edge, replacing the OAuth burden with one line: