Tutorial: Build a Basic CRUD App with Node.js

avatar-rdegges.jpg Randall Degges

Node.js is eating the world. Many of the largest companies are building more and more of their websites and API services with Node.js, and there’s no sign of a slowdown. I’ve been working with Node.js since 2012 and have been excited to see the community and tooling grow and evolve — there’s no better time to get started with Node.js development than right now. This tutorial will take you step-by-step through building a fully functional...

Read more

How to Securely Manage Users in Your Node App

avatar-bkelley.jpg Braden Kelley

If you’re building a non-trivial website, chances are you’ll want some way to keep track of users. This can be quite complex and require a good deal of infrastructure, but one of the most secure and scalable ways is also one of the easiest. Using an OAuth 2.0 provider allows you to offload these tasks to an external provider, making your life as a developer so much simpler. When using an OAuth provider, it’s simple...

Read more

Build a Photo Gallery PWA with React, Spring Boot, and JHipster

avatar-matt_raible.jpg Matt Raible

At its core, React is just a UI toolkit, ala GWT, but it has a very healthy ecosystem around it that provides everything you need to build a kick-ass progressive web app (PWA). PWAs are cool because if they’re done right, they can offer a native-like experience for your users, allowing them to install your app, and use it when it’s offline. But, “why React?” is what you’re probably asking yourself right now, right? Well,...

Read more

Use Multi-factor Authentication from the Command Line

avatar-dogeared.jpg Micah Silverman

Multi-factor authentication is an important tool in your security arsenal. If your password is compromised, your account can still be protected by using high quality second factors, such as Authy, Google Authenticator, or Okta Verify. In this tutorial, I’ll show you how to authenticate, enroll in multi-factor authentication with Okta Verify, and process push notifications – all from the command line using a bash shell script. Why would you ever want to do this? A)...

Read more

What Happens If Your JWT Is Stolen?

avatar-rdegges.jpg Randall Degges

All of us know what happens if our user credentials (email and password) are discovered by an attacker: they can log into our account and wreak havoc. But a lot of modern applications are using JSON Web Tokens (JWTs) to manage user sessions—what happens if a JWT is compromised? Because more and more applications are using token-based authentication, this question is increasingly relevant to developers and critical to understand if you’re building any sort of...

Read more

Deploy Your ASP.NET Core Application to Azure

avatar-leebrandt.jpg Lee Brandt

One of the scariest features of Visual Studio is without a doubt right-click to publish. There are very few instances in which you’d actually want to make use of this “feature” and so many more in which it’s a terrible idea. In this post I’ll walk you through the right way to secure and deploy your new ASP.NET Core app to Azure. My method might not be as fast as right clicking to publish, but...

Read more

Deploy Your Secure Spring Boot + Angular PWA as a Single Artifact

avatar-matt_raible.jpg Matt Raible

I’ve written several posts on this blog that show you how to develop an Angular SPA (single-page application) that talks to a Spring Boot API. In almost all of them, I’ve used OAuth 2.0’s implicit flow and built, tested, and deployed them as separate applications. IMHO, this is the way many applications (outside of the Java world) are built and deployed. What if you could combine the two applications for production, and still get all...

Read more

Tutorial: Build a Basic CRUD App with Symfony 4 and Vue

avatar-krasimir.jpg Krasimir Hristozov

If you’re a web developer in 2018, then you already know that the expectations are high and the tools are many. Users want progressive web applications and seamless experiences across every device. The focus is shifting from monolithic code to APIs built as microservices and consumed by multiple frontends, and finding our way through the ecosystem of ever-changing tools can be a daunting task even for the most experienced of us. If you’re looking for...

Read more

Secure Your Spring Boot Application with Multi-Factor Authentication

avatar-moksamedia.jpg Andrew Hughes

OAuth 2.0 has quickly become an industry standard for third party authentication for web applications. It’s a super secure strategy, when implemented properly, but getting it right can be hard. Fortunately, you don’t have to go it alone. Okta has done it for you. This is one place where it’s definitely not worth re-inventing the wheel. And further, with all of the cybersecurity attacks today, just using a password, even a hard password, is not...

Read more

How to Prevent Your Users from Using Breached Passwords

avatar-rdegges.jpg Randall Degges

Not too long ago, the National Institute of Standards and Technology (NIST) officially recommended that user-provided passwords be checked against existing data breaches. Today I’m going to show you how you can easily add this functionality to any website you run using PassProtect, an open-source developer library we created specifically for this purpose. Why Check User Passwords? The new NIST recommendations mean that every time a user gives you a password, it’s your responsibility as...

Read more