The Okta CLI is a new tool we’ve created here at Okta. It’s designed to streamline the process of creating new Okta accounts, registering apps, and getting started. Wwwhhaaattt, you might say?! That’s right, it’s super awesome! To show you how much fun it is, I created a screencast that shows you how to use it. This video puts your settings in src/main/resources/application.properties. We’ve since changed the default behavior to use spring-dotenv. For those that...

Read more

React.js is one of the most popular front-end javascript frameworks today. For most of its life, React has connected to REST APIs to fetch or save data on a server. GraphQL is a query language that aims to replace REST APIs by providing consumers with a clear description of the data in the API. By combining these two technologies, you can quickly connect to an API with your React.js application. There are many packages available...

Read more

In this tutorial, you’re going to use Spring Boot and Spring Data to build a fully functioning web service with ridiculously little effort. You’re also going to use Okta to secure the web service using professional, standards-compliant OIDC JWT authentication. All of this will be bootstrapped by the Okta CLI. Before you get started on the actual application, however, let’s take a look at Spring Data for a moment. Table of Contents What is Spring...

Read more

GraphQL is a query language for APIs that provides a clear description of the data and allows clients to specify what data they need, Benefits of using GraphQL include: reduced overhead,improved performance, and reduced risk of potential errors as the API evolves. If the API enhances its functionality, existing clients won’t be affected unless they want to opt in to the new features. Clients can also obtain many resources with a single request. Typical REST...

Read more

Python has a number of different frameworks for building web applications. The choice of framework limits the choice of available web servers. Java also has a number of web frameworks but they are all based on the common servlet API which means that any framework can run on any web server which supports the servlet API. You’ve probably seen WSGI mentioned before, but you might not be exactly sure what it meant or did. In...

Read more

Next.js is a React framework that aims to provide the best development experience. It is feature rich, including hybrid static and server rendering, TypeScript support, built-in CSS support, API routers, and much more. TypeScript is an open-source language that is built on JavaScript that allows developers to use types. In this tutorial, you will learn how to use TypeScript with Next.js. Finally, you will secure your application with Okta Single Sign-On and the built-in functionality...

Read more

Here’s a thought exercise for you: How will we develop software in the near future? Below, I’ll lay out what I think that looks like. Some of the things in this post exist in some form already. And some things don’t exist… yet. To begin, I’m going to start with a short story about someone using this futuristic development environment: A Story Imagine Viola. She is a software developer at Sunnyvale Systems, a logistics company....

Read more

Building a web application involves a lot of moving pieces. You have a backend server handling API calls, a frontend application running business logic, and you need to somehow make sure both are in sync and secure. In this blog post, you’ll learn how to use Vaadin Fusion, Spring Boot, and Okta to create a full-stack web application with authentication. Specifically, you’ll learn how to: Create a Spring Boot-based Vaadin Fusion app Secure server endpoints...

Read more

Why do we need PKCE in OAuth? How does PKCE work? What’s the difference between the front channel and back channel? Can SPAs even use a back channel? These are just a few of the things we talked about during this sketch notes livestream! Developer advocates Lee Brandt and Aaron Parecki discuss PKCE, cross-site scripting, OAuth vs OpenID Connect and more, all while David Neal sketched notes live! Some of the other topics covered include...

Read more

With the increasing popularity of single-page apps and the growing API economy, JSON Web Tokens (JWTs) are becoming a very popular method for authenticating users. Rather than relying on the server to store the user’s state, JWTs encode information in a keyed payload stored on the client. JWTs are not inherently less secure than server-side session storage. But developers should understand the tradeoffs and know what to do if a JWT is compromised. You should...

Read more