Security Assertion Markup Language, more commonly known as SAML, is an open standard for exchanging authentication and authorization data between parties. Most commonly these parties are an Identity Provider and a Service Provider. The primary use case for SAML has typically been to provide single sign-on (SSO) for users to applications within an enterprise/workforce environment. Up until the past few years, SAML was considered the industry standard—and proven workhorse—for passing an authenticated user into applications...

Read more

In this post, I’m going to show you how to set up a light that will turn on when you’re in a Zoom call. The color of the light will show your mute status, red will indicate that you’re muted, and green if you are not muted. Because Zoom doesn’t provide a native interface for determining mute status, I will instead use a tool called Hammerspoon to accomplish this. Note: Unlike most software for macOS,...

Read more

If you are familiar with any sort of real-time communications over the internet such as GoToMeeting, Google Meet, or Discord then chances are you have used WebRTC. WebRTC is an open framework for handling real-time communications. It supports video, voice, or any data between peers. WebRTC is supported by Google, Apple, Microsoft, Mozilla, and many others. In this tutorial, you will learn how to build a web application that allows a user to broadcast their...

Read more

In this tutorial, you will build your very own Nano Blogging Service (nabl for short) using a modern JVM stack. This includes using the Kotlin programming language, the Ktor web framework, and securing it with Okta. Users can log in or sign up, post updates, and browse specific or global chronological feed without advertisements. The blogging service displays posts from the selected user or everyone in the chronological feed. Kotlin is often considered a “better...

Read more

With Laravel 8’s release in September 2020, the popular PHP framework continues to offer new features and improvements. After version 5, Laravel moved to semantic versioning and the more frequent releases have meant smaller changes between each one. That said, there are still several exciting updates in this version of the framework. While Laravel will continue to offer security fixes for version 7 until early 2021, no more bug fixes will be released after October...

Read more

Spring Boot is a ubiquitous and well-supported suite of tools for developing web applications in Java. Database authentication, in which credentials identifying authorized users are stored in a database accessible by the application, is maybe the most common and straightforward method of authenticating users. SAML is a well-supported open standard for handling authentication between identity providers and service providers. Configuring SAML authentication in Spring Security is a common topic, and examples are easy to come...

Read more

Fastify is just as the name implies, fast. Not just in terms of development speed—its low overhead means the server is fast as well. When writing APIs, speed on both sides is paramount. Fastify is a web framework for Node.js that was designed for efficiency. Fastify is fully extensible with hooks, plugins, and decorators. It is schema-based, meaning you can define your response and request objects in your routes and have Fastify do the data...

Read more

Table of Contents Get Started with Okta Register for an Okta Org Create an OIDC App in your Okta Org Configure the OIDC App to Return Groups Get Started with Spring Boot Integrate with Okta Create a Basic Thymeleaf Template Get Started with Feature Flags Create the Treatment in Split Integrate the Treatment with Spring Security Make Your New Functionality Generally Available How to Repeat the Beta / Release Cycle Learn More About Building Secure...

Read more

When I began programming (in the ’80s), computers weren’t equipped with a network card by default. The internet was almost unknown and modems were slow and noisy. The software was installed from stacks of flexible floppy disks. Today, computing resources are virtual. The internet is vital and there is an URL for everything. We live in the *aaS (* as a Service) era, where if you want something, there is likely one or more something...

Read more

Running REST APIs with AWS Lambda and AWS API Gateway has recently become a very popular option. Although AWS provides its own mechanisms to add an authentication and authorization layer to these APIs, you may want to use your Okta centralized user database and credentials instead. Today we’ll talk about how you can use Okta as the authentication and authorization layer of your REST API hosted in AWS Lambda, validating Okta access tokens using a...

Read more