With mobile apps becoming ever-present in users' lives, following best security practices has become essential in protecting your users and your apps. Implementing security alone and from the ground up can be costly for your development team, create a less-than-ideal user experience, and be susceptible to design/implementation errors. The easiest path to strong security, and a positive user experience, is to turn to the experts. The Okta OIDC SDK can help with this in many...

Read more

It’s time to get jazzed about the future of the .NET ecosystem! It’s hard to believe that .NET only came out in 2002. There are so many versions of the framework, rapidly changing the places a C# developer could create and support. The entire ecosystem just turned 18, and it has been confusing at times with versioning. I fell in love with how powerful the platform was, but often, choosing to upgrade to the latest...

Read more

In this tutorial, you’ll learn how to create a Spring Cloud Stream application that interacts with a messaging service, such as RabbitMQ or Apache Kafka. You’re going to do this using functional, reactive code by utilizing Spring’s WebFlux and by taking advantage of Spring Cloud Stream’s functional binding model. You’ll create an application that contains a publisher, a processor, and a consumer. The app will use two topics to publish a stream of integers, process...

Read more

“If you can’t explain it to a six year old, you don’t understand it yourself.” — Albert Einstein “Aren’t we overthinking this?” — almost every developer at some point Like all things that become buzzwords, the Agile methodology has been distorted to represent a number of specious definitions. One definition in particular suggests that Agile removes all complexity from a project. Agile does remove some bureaucracy and “red tape”, freeing teams to produce deliverables faster....

Read more

If you have been doing .NET development professionally for any length of time, you are probably familiar with Entity Framework for data access. At the time of this post, both Entity Framework and Entity Framework Core have over 85 million downloads on Nuget so it is definitely a popular framework. People love Entity Framework because it abstracts the way you interact with the database to make development easier. The problem, though, is that you trade...

Read more

In this video you'll learn about the latest developments in the OAuth and OpenID Connect specs from Aaron Parecki, a regular contributor to the OAuth working group. The latest additions to the specs enable richer experiences and better security for applications using OAuth.

Read more

In this tutorial, you’re going to use Apache Kafka and Quarkus to create a secure, scalable web application. The application will use Kafka Streams and a small Kafka cluster to consume data from a server and push it to a client application as a real-time stream. You will secure the entire application. You will secure the Kafka cluster with SSL and SASL/JAAS password protection. Finally, you’ll secure the Quarkus client application using OAuth 2.0 &...

Read more

In this tutorial, we’ll configure Okta Advanced Server Access (aka ‘ASA’) so our DevOps team can securely access Virtual Machines (aka ‘VMs’) on Google Cloud Platform (aka ‘GCP’). We’ll also configure a service account so our Jenkins instance can connect to other VMs to run remote commands. This tutorial highlights the steps you should complete to manually deploy those servers on GCP and enroll them in ASA. At the end of this tutorial, we’ll point...

Read more

Let’s face it: developing good security is hard, unglamorous, and time-intensive. People tend to think about it as an afterthought instead of a priority. What if there were a way to make all your new projects more secure out of the box, and also make your company’s development processes easier and more repeatable in the process? Good news everyone, I have just the thing: .NET templates. You are going to love how much time and...

Read more

On the Okta blog, we spend much of our time talking about logging in. That is because once you configure your application to log in, the log out just works. But there are a few things you should consider when you’re thinking about your app’s logout configuration. In this post, I’ll walk through examples of the two logout options you have with Spring Security: the "default" session clearing logout, and relying party initiated logout. If...

Read more