Reactive APIs are a powerful way to handle and serve large amounts of data and large numbers of requests in a web application. They rely on a “server-side event” model in which the client (e.g. your browser) subscribes to “events” on the server, and the server “pushes” events to the client as they become available. For simple CRUD applications this is not very useful. However, in situations with millions of “subscribers” it can offer improved...

Read more

The client credentials grant is used when two servers need to communicate with each other outside the context of a user. This is a very common scenario—and yet, it’s often overlooked by tutorials and documentation online. In contrast, the authorization code grant type is more common, for when an application needs to authenticate a user and retrieve an authorization token, typically a JWT, that represents the user’s identity within the application and defines the resources...

Read more

Yesterday, Okta announced that we have finalized the acquisition of Auth0. You are probably looking at this blog post wondering what happens next for both companies. The post you are looking for, with a lot more details and information, is on the Auth0 blog. Please read it for more details and information, including ways to join us as we explore what the future holds. TL;DR: Over the next couple of weeks, the Okta and Auth0...

Read more

Elasticsearch is a popular datastore for all types of information. It is distributed for speed and scalability and can index many types of content which makes it highly searchable. It uses simple REST APIs for ease of access. Go has an official Elasticsearch library which makes it simple for Go developers to work with data stored in Elasticsearch programmatically. Today we’re going to take a look at how you can easily build a simple app...

Read more

A customer once asked me: “Hey – Can Okta integrate with Kong?” Spoiler alert: You totally can integrate Kong with Okta using its OpenID Connect plugin. Still stuck wondering what an API gateway even is? Here’s a metaphor that works for me: You know that sci-fi movie trope in which you have a centralized hub that “jumps” you to other places in the galaxy? In that kind of system all the screening and security happens...

Read more

NestJS is a node.js framework that boasts the ability to build efficient, reliable, and scalable applications. A NestJS application can serve as the backend for your SPA. In this tutorial, you will use React, one of the most popular javascript front-end libraries available to build your SPA, and then use NestJS for your server. To secure everything, you will level Okta’s simple and powerful single sign-on provider. You will learn how to authenticate a user...

Read more

Quarkus is a Kubernetes-native, Java framework for building high-performance web, serverless, and native apps. It uses Ahead of Time (AOT) compilation and aggressive optimizations like classpath scanning, configuration reloading, and application bootstrap pre-configuration during the build process. This results in impressive startup performance. In other words, a Quarkus app starts up super fast! Like Spring and Micronaut, Quarkus can take advantage of GraalVM to transform a JVM-based application into a native executable, improving the overall...

Read more

As more of our critical work and personal functions go online, the risk of data and security breaches continues to increase. In 2019, there were over 1400 data breaches reported that exposed nearly 165 million records, many of which included passwords and personal information. While security specialists bear much of the responsibility in ensuring their organizations are handling sensitive data properly, web developers at all levels must take part as well. By understanding fundamental concepts...

Read more

I’m happy to announce the release of a brand new OAuth cheat sheet published through DZone’s Refcardz, “OAuth Patterns and Anti-Patterns”. This five-page reference guide covers the latest in OAuth and clarifies some common misunderstandings of applying it to real world use cases. With a focus on OAuth 2.0, OpenID Connect, and best practices, you’ll quickly learn how to avoid some common mistakes and how to make your applications and APIs more secure. The “OAuth...

Read more

As game creators, we hold a fundamental responsibility to protect and secure any and all data that our players entrust to us. Historically, security in games has not been high on the priority list because games were enjoyed anonymously and offline. But with our society becoming ever more connected, demand for social gaming experiences and online gaming features has increased exponentially. This has led to the development of cloud-based gaming platforms, such as PlayFab, that...

Read more