Secure your SPA with Spring Boot and OAuth

avatar-bdemers.jpg Brian Demers

If you have a JavaScript single-page application (SPA) that needs to securely access resources from a Spring Boot application, you likely want to use the OAuth 2.0 implicit flow! With this flow your client will send a bearer token with each request and your server side application will verify the token with an Identity Provider (IdP). This allows your resource server to trust that your client is authorized to make the request. In OAuth terms...

Read more

Play Zork, Learn OAuth

avatar-dogeared.jpg Micah Silverman

In the early ’80s, some of the best “video” games were text-based adventures. These games would print out descriptive text of your surroundings and you would interact with the game using simple, but natural language commands like: “go north” or “take sword”. Fast forward some 30 years and a specification for an authorization framework called OAuth 2.0 was published. This framework allows an application to receive a token from an external party (like Okta) that...

Read more

Use OpenID Connect Support with JHipster

avatar-matt_raible.jpg Matt Raible

Single sign-on (SSO) is a feature that most developers don’t care about when building one-off applications for clients or themselves. However, when developing apps for their company, which will be used by employees of their business, they often need to hook into an existing identity provider. It might be Active Directory (AD), LDAP, or a myriad of other systems. Okta provides SSO for many companies around the world and allows them to configure AD and...

Read more

Use OpenID Connect to Build a Simple Node.js Website

avatar-rdegges.jpg Randall Degges

If you’ve ever spent time trying to figure out the best way to handle user authentication for your Node app and been confused: you’re not alone. Over the last few years authentication practices have changed quite a bit. Today I’m going to show you how to use OpenID Connect to build an extremely simple Node.js website (using Express.js) that allows you to manage your users, log them in, and log them out. Back in the...

Read more

Build a Preact App with Authentication

avatar-leebrandt.jpg Lee Brandt

React is a fast, and lightweight library, which has led to fast adoption across the SPA (single-page app) ecosystem. Preact is an even lighter-and-faster alternative to React, weighing in at a measly 3kb! For less complex applications, it can be a great choice. In this tutorial, you’ll build a basic Preact application with a couple of pages and user authentication using the Okta Sign-In Widget. Bootstrap Your App With PreactCLI To get your project started,...

Read more

Add the Power of Webhooks to Your App with Okta's System Log

avatar-jf.jpg Joël Franusic

If you’ve used webhooks before, you probably understand the magical powers they boast. Do you want to build a sleep tracker for your dog? Get notified when it’s going to rain? Or maybe have new Eventbrite attendees automatically added to Salesforce? You can do all of those things with webhooks and services like Twilio, Zapier and Workato. To get webhooks with Okta, this post will show you how to use an underappreciated feature in Okta,...

Read more

Add Role-Based Access Control to Your App with Spring Security and Thymeleaf

avatar-dogeared.jpg Micah Silverman

User management functions are required by a wide variety of apps and APIs, and it’s a common use-case to partition access to parts of an application according to roles assigned to a user. This is the basis of role-based access control (RBAC). Okta manages these roles with groups. Users can belong to one or more groups. With the Okta Spring Security integration, these groups are automatically mapped to roles that can be called out in...

Read more

Why Are Webhooks Better Than Serverless Extensibility?

avatar-rdegges.jpg Randall Degges

When you’ve built a successful software-as-a-service product, you tend to run into interesting technical (and business) questions. My favorite question is: “How do we add more functionality to our platform faster?” It’s an interesting question because everyone wants to build features faster. In a perfect world, you’d be able to hire 100,000 engineers, split them into teams of four (with no managers!), and have each team own a feature: spec it out, build it, iterate...

Read more

A Developer's Guide To Docker - Docker Compose

avatar-leebrandt.jpg Lee Brandt

Good developers care as much about efficiency as they do about writing clean code. Containerization can add efficiency to both your workflow and your application, and has thus become all the rage among modern dev. And, as a good developer, you know that manually creating containers from images using docker run ... or even using the Dockerfile to create containers is less than ideal. How would you like to have one command that tells Docker...

Read more

NoSQL Options for Java Developers, Part II

avatar-matt_raible.jpg Matt Raible

Last month, I wrote about NoSQL Options for Java Developers. I analyzed the data available from a variety of sources (Indeed jobs, GitHub stars, Stack Overflow tags) to pick the top five options: MongoDB, Redis, Cassandra, Neo4j, and PostgreSQL. After writing this article, I shared it with a few experts I know in the Java and NoSQL communities and asked them the following questions: Do you agree with my choices of the top 5 NoSQL...

Read more