T-minus 3… 2… 1… I’m blasting my way into the Developer Relations world like Alice discovering Wonderland and its fantastic cast of characters. I am so curious, and excited, and all of the feels that come with coming to Okta! Officially stepping into the Developer Avocado (er… pardon me, Advocate) role and bringing the love of .NET, voice and IOT to the party. Who is this Lady Nerd? Well, for starters I am obsessed with...

Read more

JSON Web Tokens (JWTs) allow you to implement stateless authentication (without the use of server-side sessions). JWTs are digitally signed with a secret key and can contain various information about the user: identity, role, permissions, etc in JSON format. This information is simply encoded and not encrypted. However, because of the digital signature, the payload cannot be modified without access to the secret key. JWTs are a relatively hot topic as they are widely used...

Read more

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Java developers typically encounter the need to store data on a regular basis. If you’ve been developing for more than 15 years, you probably...

Read more

During the last two years, everybody started talking about Progressive Web Applications, or PWAs for short. But what is this new type of application, and how can it make your life as an Angular developer better? To understand what PWAs are all about, and how you can build them in Angular, let’s consider the following scenario. You are out and about in an area with little or no network reception. You are using a cool...

Read more

I’ve been a professional developer advocate for a little over two years. I started out at Stormpath, and six months later, I leapt at the opportunity to do the same thing at Okta. I say "professional" because even though I’ve been a technical speaker since 2004, I never got paid for it. During my first year (2017) at Okta, I traveled and spoke a lot. A lot being more than I’d ever traveled and spoken...

Read more

If you’re reading this post, there’s a good chance that you’re a web developer who’s very interested in web security. You’ve probably heard about OAuth or OpenID Connect (OIDC) before. You may have even used them at some point in your career. But here’s the thing: almost nobody actually cares about OAuth or OIDC. Not you, not me, and not even other developers in the security industry. To understand why nobody cares about these two...

Read more

For the last several years, JavaScript has been evolving on a steady cadence with new language features. If you’re curious to see what’s in store for the next version of JavaScript, this post is for you! Before we talk about the latest features, it’s important to understand how new ideas become part of the JavaScript language. The Process for New JavaScript Language Features In a nutshell, the language specification that drives JavaScript is called ECMAScript....

Read more

It’s pretty common for mobile apps to access backend API services to fetch data. It’s also pretty common for APIs to require secret keys in order to access them. So how do you securely include API keys in a mobile app? Well, the short answer is you don’t. The long answer is the rest of this blog post. Let’s take a look at two ways it’s possible to hack secret API keys out of mobile...

Read more

There has been a lot of confusion lately about Java and its available SDKs (Software Development Kits). You might’ve heard the Java SDK called the JDK. They’re one and the same. Java SE (Standard Edition) is a specification that’s governed by the JCP (Java Community Process). This process decides what goes into (or gets removed from the JDK). Anyone can implement the Java specification. If they pass the TCK (Test Compatibility Kit), they’re considered a...

Read more

Everyone knows that JavaScript is eating the world. The problem is, there are lots of developers responsible for building software with JavaScript without a particularly deep knowledge of the language. It is easy to learn the basics and be productive, but newer programmers have a tendency to misuse some of JavaScript. Asynchronous JavaScript is particularly misunderstood. In this post, I will show you the most common ways to make asynchronous JavaScript calls and when to...

Read more