As your business grows, you’ll probably reach a point where you need to grow your audience as well. Not just acquire more customers in your target segment, but expand to more segments and new types of customers. How do you adapt your product to your new audience? How do you avoid a “least common denominator” solution that isn’t great for anyone? At Okta, we faced these questions when the Stormpath team joined the company last...

Read more

The Authorization Code Grant Type is probably the most common of the OAuth 2.0 grant types that you’ll encounter. It is used by both web apps and native apps to get an access token after a user authorizes an app. This post is the first part of a series where we explore frequently used OAuth 2.0 grant types. If you want to back up a bit and learn more about OAuth 2.0 before we dive...

Read more

Most OAuth 2.0 guides are focused around the context of a user, i.e., login to an application using Google, GitHub, Okta, etc., then do something on behalf of that user. While useful, these guides ignore server-to-server communication where there is no user and you only have one service connecting to another one. The OAuth 2 client credentials grant type is exclusively used for scenarios in which no user exists (CRON jobs, scheduled tasks, other data...

Read more

Ever heard of the twelve-factor app? Earlier this week I was scrolling through one of my favorite websites, Hacker News, and stumbled across the twelve-factor app for the first time. While I didn’t have time to read the official twelve-factor website, I wanted to take some time to share my thoughts about building twelve-factor apps, why they’re important, and what you need to know about them. Writing secure web applications can be really difficult! My...

Read more

My name is Aaron Parecki, and last week I joined Okta on the Developer Advocacy team. I’ve been working with Okta since 2016 when we published the online version of my book, OAuth 2.0 Simplified, on oauth.com. In 2017, I worked with the team again on producing the print version, which we released at Okta’s conference in Las Vegas last fall. In 2016, Okta was focused on the enterprise IT market, providing a much-needed single-sign-on...

Read more

Token authentication has been a popular topic for the past few years, especially as mobile and JavaScript apps have continued to gain mindshare. Widespread adoption of token-based standards like OAuth 2.0 and OpenID Connect have introduced even more developers to tokens, but the best practices aren’t always clear. I spend a lot of time in the ASP.NET Core world and have been working with the framework since the pre-1.0 days. ASP.NET Core 2.0 has great...

Read more

Dropwizard is recognized as the pioneer in turn-key Java API frameworks, and rivals Spring Boot for ease of adoption. Whether you’re interested in trying it out for the first time, or already have a mature platform built on top of Dropwizard, you can add secure authentication to your site in a matter of minutes. By combining Dropwizard’s production-ready essential libraries and Okta’s identity platform, you can construct a fully secured internet-facing web service with little...

Read more

“Productivity is all about efficiency and planning.” – Mahdi Yusuf, Iterate 2018 Like most developers, I love getting shit done. My best days are when I feel like I’ve been massively productive. When the Stormpath team joined Okta in February 2018, it was a tough transition at first. I’d started to get into the flow of writing blog posts about Stormpath’s SDKs and had a bunch queued up. But Okta didn’t have SDKs like Stormpath,...

Read more

With Okta and OpenID Connect (OIDC) you can easily integrate authentication into a React Native application and never have to build it yourself again. OIDC allows you to authenticate directly against the Okta API, and this article shows you how to do just that in a React Native application. Today you’ll see how to log a user into your React Native application using an OIDC redirect via the AppAuth library. React Native is a pretty...

Read more

A couple weeks ago (Tuesday, Feb. 27) we officially ran the very first Iterate Developer Conference. Not only did we have a ton of fun throwing a developer conference, but it was also a huge success and succeeded in hitting all of our goals. In this post I’ll recap the Iterate experience from start to finish, including some interesting things I learned along the way. If you weren’t lucky enough to attend Iterate, don’t worry...

Read more