Build a CRUD App with ASP.NET Core and Angular

avatar-oktadev.png Team Okta

A lot of applications today are built with an API on the backend, and then a single page application on the front end. This is a good approach because it allows you a ton of flexibility. For example, if you get a requirement to build a native mobile client later on: it’s easy, you already have the server side in place. Today you’ll use ASP.NET Core 2.0 on the server side, and Angular 5 on...

Read more

Simple Node Authentication

avatar-bkelley.jpg Braden Kelley

Authenticating users for Node.js/Express.js web apps can be difficult. You have to set up a database, define a user schema (or use something more flexible like NoSQL), write code to handle password hashing, etc. It’s annoying. Using Okta’s API service, however, you can easily register and log in users to your Node website using our OpenID Connect integration. Set Up Your Node Environment If you’re new to Node and don’t already have it installed, you’ll...

Read more

Build Server Side Authentication in Grails with OAuth 2.0 and Okta

avatar-moksamedia.jpg Andrew Hughes

What is Grails, what is Groovy, and why would we choose them over Spring Boot? In this post I’ll walk you through implementing server-side authentication in Grails using OAuth 2.0 and Okta. Before we dive in, however, I want to talk a little bit about why you’d be using Grails + Groovy in the first place, and how it can make your life easier in specific situations. Grails is an open source “convention over configuration”...

Read more

Use OpenID Connect for Authorization in Your ASP.NET MVC Framework 4.x App

avatar-leebrandt.jpg Lee Brandt

A common practice in web applications is to have a restricted area for registered users, and perhaps another for administrators. Whether this restricted access area is premium content, or simply the order history for your e-commerce site’s users, it’s important that it be properly secured. OpenID Connect (OIDC) makes it easy, but it can be tricky to set up in ASP.NET MVC framework. In this post, I’ll show you how to create groups and use...

Read more

WebAuthn: A Developer's Guide to What's on the Horizon

avatar-aaronpk.jpg Aaron Parecki

There’s been a lot of news lately about the new W3C Web Authentication API, also known as WebAuthn. Want to know what it’s all about? Let’s take a closer look. The Web Authentication API allows browsers to make use of hardware authenticators such as the Yubikey or a mobile phone’s biometrics, like a thumbprint reader or facial recognition. WebAuthn can be used with these technologies to enable two-factor authentication to websites, or even as the...

Read more

Add Auth to Your PWA with Okta and Stencil

avatar-leebrandt.jpg Lee Brandt

Progressive Web Applications (PWAs) are the newest technology on the web dev block and they’ve arrived just in time to solve a growing problem. Many companies are struggling to keep isolated development teams across their organization up-to-date when new features are released. Some companies are even trying to decide if it’s worth the cost to develop both a web app and a mobile application. Not surprisingly, it’s a headache most companies are looking to avoid....

Read more

How to Expand Your UX to a New Audience

avatar-adahl.jpg Alex Dahl

As your business grows, you’ll probably reach a point where you need to grow your audience as well. Not just acquire more customers in your target segment, but expand to more segments and new types of customers. How do you adapt your product to your new audience? How do you avoid a “least common denominator” solution that isn’t great for anyone? At Okta, we faced these questions when the Stormpath team joined the company last...

Read more

What is the OAuth 2.0 Authorization Code Grant Type?

avatar-aaronpk.jpg Aaron Parecki

The Authorization Code Grant Type is probably the most common of the OAuth 2.0 grant types that you’ll encounter. It is used by both web apps and native apps to get an access token after a user authorizes an app. This post is the first part of a series where we explore frequently used OAuth 2.0 grant types. If you want to back up a bit and learn more about OAuth 2.0 before we dive...

Read more

Secure Server-to-Server Communication with Spring Boot and OAuth 2.0

avatar-bdemers.jpg Brian Demers

Most OAuth 2.0 guides are focused around the context of a user, i.e., login to an application using Google, Github, Okta, etc., then do something on behalf of that user. While useful, these guides ignore server-to-server communication where there is no user and you only have one service connecting to another one. The OAuth 2 client credentials grant type is exclusively used for scenarios in which no user exists (CRON jobs, scheduled tasks, other data...

Read more