Browser and mobile feature enhancements move fast. Often times, these technologies move faster than security standards designed to protect them can keep up. OAuth 2.0 offers the best and most mature standard for modern applications. However, there hasn’t been an official release of this standard since 2012. Eight years is a very long time in Internet technology years! That doesn’t mean that its contributors have been sitting idly by. There is active work on the...

Read more

One of the traditional approaches for communicating between microservices is through their REST APIs. However, as your system evolves and the number of microservices grows, communication becomes more complex, and the architecture might start resembling our old friend the spaghetti anti-pattern, with services depending on each other or tightly coupled, slowing down development teams. This model can exhibit low latency but only works if services are made highly available. To overcome this design disadvantage, new...

Read more

Usability is a key aspect to consider when creating a web application, and that means designing a clean, easy-to-understand user interface. Leveraging common design languages can help make that goal a reality with their recognizable components that many users will understand right away. However, unlike desktop apps where the operating system provides a set of uniform widgets, there has historically been no common design language to lean on for web app developers. That was until...

Read more

Who doesn’t love beer? When you drink a great beer you want to tell someone. You definitely want to be able to remind yourself of the great beers you’ve had. Enter Brewstr, a beer rating application that allows you to enter a beer you’re drinking and give it a rating. This way, you know what to get next time since there’s no way you’ll remember it later. React gives the ability to create a component...

Read more

As part of a security investigation, you may be tasked with determining whether a specific API action occurred throughout your cloud deployment within some distant date range. This would normally be straightforward to determine, by using either the provided CloudTrail querying console or a Security Information and Event Management platform (SIEM) which is set to consume these logs such as Splunk or Elasticsearch. For most data analysis solutions, the amount of data ingested or stored...

Read more

REST APIs are a big part of today’s Internet. Some of the everyday use cases of REST APIs are: driving the backend of single-page Web applications/mobile applications integrating different applications to exchange data and automate workflows providing the communication channel for the different parts of a complex service-oriented architecture connecting IoT devices. REST API security is essential because an API can expose powerful, mission-critical, and outright dangerous functionality over the Internet. For example, a fintech...

Read more

In this tutorial, you’re going to build a client and server application using React for the frontend and Kotlin with Spring Boot for the backend. You’ll first build the app unsecured before securing it using Okta. To secure the React frontend, you’ll use OAuth 2.0 login, and for the backend, you’ll use a JSON Web Token and Spring Boot’s resource server OAuth implementation. This tutorial covers a lot of ground. It also uses a lot...

Read more

If you haven’t heard, C# 8.0 ships with a new feature that allows you to add default implementations to interfaces. If you’re like me, you may be thinking, “Why? Why would I want to add implementations to interfaces? Isn’t that what abstract classes are for? Doesn’t that go against everything that interfaces stand for?” My immediate reaction to this new feature was visceral and negative,, but I decided to investigate closer and… I think I...

Read more

Developing services in Java, including REST APIs, wasn’t always easy or productive until Spring came along and changed the landscape. Many years have passed since then, and new frameworks have emerged in the community. One of these frameworks was Micronaut. It’s developed by OCI, the same company behind Grails, and their goal is to help developers create microservices and serverless applications. There is also Quarkus, another framework that gained popularity over the last year. Developed...

Read more

One of the biggest challenges of adding OAuth 2.0 support to legacy applications is a lack of support in the underlying framework. Maybe it’s homegrown, or maybe it’s just old? Either way, migrating away from an old form-based login doesn’t need to be so painful. In this post, I’ll walk you through a low-code option using Spring Cloud Gateway and Okta. You’ll learn how to setup Spring Cloud Gateway running as a stand-alone application that...

Read more