Integrator Free Plan available! Existing Okta Developer Edition orgs will be deactivated starting July 18, 2025. Sign up for the Integrator Free Plan to continue building and integrating. Learn more on the Okta Developer blog

Articles tagged authentication

Add Step-up Authentication Using Angular and NestJS

Add Step-up Authentication Using Angular and NestJS

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. The applications you work on expect good authentication as a secure foundation. In the past, we treated authentication as binary. You are either authenticated...

Read more

We're Living in a Passwordless World

We're Living in a Passwordless World

Passwords? Bah! Who wants to remember all those letter, number, and special character combinations? Password managers and password manager browser extensions can help us, but what if we stopped using passwords entirely? What if we stopped using authentication factors, such as SMS one-time passwords (OTP), that pose risks where malicious actors can access sensitive authentication information (phishing)? What if authentication was so seamless that we could use built-in device hardware capabilities instead? Seamless, easy-to-use authentication...

Read more

How to Build a Secure React and Fastify API App

How to Build a Secure React and Fastify API App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. The National Aeronautics and Space Administration (NASA) is an independent agency of the US federal government, responsible for space exploration and research, with field...

Read more

Quick JavaScript Authentication with OktaDev Schematics

Quick JavaScript Authentication with OktaDev Schematics

Hello, My name is Matt Raible, and I am a developer advocate at Okta. In early 2019, I created OktaDev Schematics to simplify my life when doing Angular demos. But let me step back a bit first. I’ve worked at Okta for over five years; before that, I was an independent consultant for 20 years, mainly doing Java and web development for clients. I’ve learned a lot about OpenID Connect (OIDC) and Okta’s JavaScript SDKs...

Read more

Use Redux to Manage Authenticated State in a React App

Use Redux to Manage Authenticated State in a React App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. There are a myriad of state management options available for React. React provides the option of using the built-in Context for when you have...

Read more

Use the Okta CLI to Build Secure Python Apps

Use the Okta CLI to Build Secure Python Apps

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Okta is a customizable, secure solution that lets you add authentication and access management to your applications. Since this can be a complex topic,...

Read more

A Beginner's Guide to Application Security

A Beginner's Guide to Application Security

Over the past decade, and even more swiftly since the time of the COVID-19 pandemic, digital transformation of the workplace has primarily been driven by applications. Apps have become an integral part of everyday life for many organizations. Modern applications are complex. Their functionality frequently relies on APIs and third-party integrations, leading to an increased attack surface and more security vulnerabilities. A data breach or an attacker exploiting a security weakness can permanently damage your...

Read more

Building a WebAuthn Application with Java

Building a WebAuthn Application with Java

The Web Authentication (WebAuthn) specification, given official approval by the World Wide Web Consortium (W3C) and the FIDO Alliance in 2019, aims to strengthen online security by allowing users to sign in to sites with elements like biometrics and FIDO security keys. The WebAuthn API can replace or supplement less-secure passwords, which may be weak and are often shared. WebAuthn is supported by default in Firefox and Chrome browsers and can be used in Edge...

Read more

The Things to Keep in Mind about Auth

The Things to Keep in Mind about Auth

There’s a lot of information out there about adding authentication to your app, which is helpful! But also overwhelming. It can be hard to find relevant and up-to-date information. Security best practices and technologies change, so refreshing your understanding and keeping up with current best practices is a good thing. Here are some notes I took while I reviewed my knowledge and applied my experience implementing auth. Prefer OAuth 2.0 and OpenID Connect If you’re...

Read more

Developer Day 2021: Celebrating the Future of Identity

Developer Day 2021: Celebrating the Future of Identity

It’s been a big year for Okta and Auth0. Our two companies have officially joined forces over the past few months, and we are excited about the chance to shape the future of identity together. It’s great to celebrate our combined developer communities at the first Developer Day event. I look forward to exploring more ways we can collaborate with our Auth0 counterparts and far-flung global communities through future events and activities. On Tuesday, 8/24,...

Read more

Build and Secure an API in Python with FastAPI

Build and Secure an API in Python with FastAPI

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. As Python grows in popularity, the variety of high-quality frameworks available to developers has blossomed. In addition to steadfast options like Django and Flask,...

Read more

Use the Okta CLI to Quickly Build Secure Angular Apps

Use the Okta CLI to Quickly Build Secure Angular Apps

The Okta CLI is a new tool we’ve created here at Okta. It’s designed to streamline creating new Okta accounts, registering apps, and getting started. Wwwhhaaattt, you might say?! That’s right, it’s super awesome! To show you how easy it is, I created a screencast that shows you how to use it with Angular. To create the same app as the one shown in this video, you’ll need to run okta start angular --branch widget....

Read more

Comparing Authentication in Laravel Versions 6, 7, and 8

Comparing Authentication in Laravel Versions 6, 7, and 8

Laravel is one of the most popular PHP frameworks in use today. Version 8 was released in September 2020, and while the bulk of the framework hasn’t changed, each of the three most recent versions have included updates to the authentication pattern. While Laravel 7 and 8 will both stop receiving updates in 2021, Laravel 6 is a long-term support version and will include security fixes until September 2022. So, if you’re upgrading or starting...

Read more

Welcome Nick Gamb

My name is Nick Gamb and I am excited to be joining the Okta Developer Advocacy team for the .NET community. Who Am I At heart, I am just an inquisitive nerd who has had a very fortunate career getting to do many different things. I love video games, computers, programming, hacking, security, DevOps, data, film, photography, sound design, editing -it’s a long list. For the brave and interested, the longer, but still condensed, version...

Read more

Node.js Login with Express and OIDC

Node.js Login with Express and OIDC

{% include integrator-org-warning.html %} :page-liquid: :experimental: Node.js just celebrated its 11th birthday on May 27! With the state of things nows, it’s pretty crazy to think back to the massive JavaScript Renaissance boost of 2009. In case you’re not aware, the JavaScript Renaissance began in around 2004 with Ajax, increased exponentially with jQuery in the mid-2000s, and then really took off with Node.js and a plethora of early JavaScript web frameworks; including Backbone.js, Ember.js, and...

Read more

Build an Android Application with Authentication

Build an Android Application with Authentication

{% include integrator-org-warning.html %} :toc: macro :page-liquid: :experimental: With mobile apps becoming ever-present in users' lives, following best security practices has become essential in protecting your users and your apps. Implementing security alone and from the ground up can be costly for your development team, create a less-than-ideal user experience, and be susceptible to design/implementation errors. The easiest path to strong security, and a positive user experience, is to turn to the experts. The Okta...

Read more

Build a CRUD Application with Kotlin and React

Build a CRUD Application with Kotlin and React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In this tutorial, you’re going to build a client and server application using React for the frontend and Kotlin with Spring Boot for the...

Read more

Get Started with Koa.js for Node Applications

Get Started with Koa.js for Node Applications

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Ever since JavaScript made its giant leap from frontend to backend more than 10 years ago, Express has been the go-to library for writing...

Read more

An Illustrated Guide to OAuth and OpenID Connect

An Illustrated Guide to OAuth and OpenID Connect

In the “stone age” days of the Internet, sharing information between services was easy. You simply gave your username and password for one service to another so they could login to your account and grab whatever information they wanted! Yikes! You should never be required to share your username and password, your credentials, to another service. There’s no guarantee that an organization will keep your credentials safe, or guarantee their service won’t access more of...

Read more

Painless Node.js Authentication

Painless Node.js Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. User authentication is a critical component of just about every web application. Unfortunately, while authentication is a core part of all websites, it can...

Read more

JWTs in React for Secure Authentication

JWTs in React for Secure Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Although authentication is a common requirement for web apps, it can be difficult to get it right, especially if you’re by yourself or part...

Read more

How to Develop a Quarkus App with Java and OIDC Authentication

How to Develop a Quarkus App with Java and OIDC Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Quarkus is a container-first Kubernetes Java framework designed to have a super-fast start-up time and low memory usage. The container-first strategy emphasizes packaging the...

Read more

Build a Simple Laravel App with Authentication

Build a Simple Laravel App with Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. PHP remains the single most popular language choice when creating the backend of a new web application. Within the PHP ecosystem, there are many...

Read more

Servlet Authentication with Java

Servlet Authentication with Java

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. It can be very satisfying to build an application “the hard way”, using few conveniences. This approach helps you understand core development principles and...

Read more

Tutorial: User Login and Registration in Ionic 4

Tutorial: User Login and Registration in Ionic 4

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Ionic allows you to develop PWAs and hybrid mobile apps. PWAs are web applications that run in a browser and allow for offline capabilities...

Read more

Alexa, Sign In Every Time: Voice-Only Authentication Verification in .NET

Alexa, Sign In Every Time: Voice-Only Authentication Verification in .NET

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Authentication for voice, specifically Amazon’s Alexa, has its limitations. The initial Account Linking process Amazon provides for identification works for many scenarios, but it...

Read more

Build Simple Authentication in Express in 15 Minutes

Build Simple Authentication in Express in 15 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Building web pages with user authentication can be a huge pain. You typically need to set up some sort of database to manage users...

Read more

Use Schematics with Vue and Add Authentication in 5 Minutes

Use Schematics with Vue and Add Authentication in 5 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Schematics is a tool from the Angular team that allows you to manipulate projects with code. You can create files, update existing files, and...

Read more

Angular Authentication with JWT

Angular Authentication with JWT

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. User registration and authentication are one of the features that almost no web application can do without. Authentication usually consists of a user entering...

Read more

Simple User Authentication in React

Simple User Authentication in React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In 2019, it’s quite easy to find React components for pretty much everything. For example, if you want to add user authentication to your...

Read more

Use Schematics with React and Add OpenID Connect Authentication in 5 Minutes

Use Schematics with React and Add OpenID Connect Authentication in 5 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Developers love to automate things. It’s what we do for a living for the most part. We create programs that take the tediousness out...

Read more

Add Social Login to Your JHipster App

Add Social Login to Your JHipster App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Social login is a great way to offer your customers a simple and secure authentication method. Why force them to create and forget yet...

Read more

Modern Token Authentication in Node with Express

Modern Token Authentication in Node with Express

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Token authentication is the hottest way to authenticate users to your web applications nowadays. There’s a lot of interest in token authentication because it...

Read more

Use Angular Schematics to Simplify Your Life

Use Angular Schematics to Simplify Your Life

{% include integrator-org-warning.html %} :toc: macro :page-liquid: When I first started to learn Angular (it was called Angular 2 at the time), I was appalled by the number of files you needed to create to get a basic "Hello, World" example working. As Angular matured, a lot of this pain went away thanks to Angular CLI. Angular CLI is a command-line tool that generates a basic Angular project for you. In its 7.0 release, it...

Read more

Welcome Micah Silverman

Welcome Micah Silverman

My name is Micah Silverman and I just joined the Developer Advocacy team at Okta. TL;DR - There are some easter eggs in this post. If you want to know what they’re all about - jump to the bottom. Funny thing is, I’ve been working for Okta for 2 years now, just on different teams. It was in the Sales Engineering and Education Services teams that I learned all the ins and outs of the...

Read more

Build Secure Login for Your Angular App

Build Secure Login for Your Angular App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Single page applications (SPAs) are becoming more and more popular. Their appeal is obvious. Fast loading times gives users the feeling of responsiveness even...

Read more

Data Persistence with Hibernate and Spring

Data Persistence with Hibernate and Spring

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post...

Read more

Build a Basic App with Spring Boot and JPA using PostgreSQL

Build a Basic App with Spring Boot and JPA using PostgreSQL

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Every non-trivial application needs a way to save and update data: a resource server that is accessible via HTTP. Generally, this data must be...

Read more

Navigating the ASP.NET Core Identity Landscape

Navigating the ASP.NET Core Identity Landscape

These days, users of web application expect a personalized, secure experience. They want to make sure that they can easily get to their own information, and that no one else can access it. Developers of these web applications want a simple way to manage users and be assured that they have secured their users’ information from prying eyes. For developers of web applications written in ASP.NET Core, there are several choices for managing user identities....

Read more

Configure .NET Authentication in OWIN

Configure .NET Authentication in OWIN

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. The Open Web Interface for .NET (OWIN) is a standard that defines the interface between a web application and a web server. Prior to...

Read more

Bootiful Development with Spring Boot and Vue

Bootiful Development with Spring Boot and Vue

Vue is a web framework that’s gotten a lot of attention lately because it’s lean and mean. Its baseline framework cost is around 40K and is known as a minimalistic web framework. With all of the recent attention on web performance and mobile-first, mobile-fast, it’s no surprise that Vue has become more and more popular. If you spent the time to learn AngularJS back in the day, chances are you’ll find an old friend in...

Read more

Use TypeScript to Build a Node API with Express

Use TypeScript to Build a Node API with Express

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Like it or not, JavaScript has been helping developers power the Internet since 1995. In that time, JavaScript usage has grown from small user...

Read more

Add Secure Authentication to your WordPress Site in 15 Minutes

Add Secure Authentication to your WordPress Site in 15 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Do you run a WordPress site and want to avoid managing a separate list of user accounts? Have you ever wanted to add two-factor...

Read more

Add Login to Your ASP.NET Core MVC App

Add Login to Your ASP.NET Core MVC App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. One of the improvements in the latest version of ASP.NET Core (MVC ) is a new and simplified authentication integration. However, managing authentication on...

Read more

Build a Simple Web App with Express, React and GraphQL

Build a Simple Web App with Express, React and GraphQL

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. GraphQL and React have both become quite popular in the last few years, and it’s safe to say they go together like avocado and...

Read more

Build a Simple API Service with Express and GraphQL

Build a Simple API Service with Express and GraphQL

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. GraphQL has become an immensely popular alternative to REST APIs. The flexibility you get from using GraphQL makes it easier for developers to get...

Read more

Build a Web App with Spring Boot and Spring Security in 15 Minutes

Build a Web App with Spring Boot and Spring Security in 15 Minutes

Developers know that securing web apps can be a pain. Doing it right is tough. The worst part is that “right” is a moving target. Security protocols change. Vulnerabilities are found in dependencies and patches are released. Tons of often complex boilerplate code has to be generated. The software-as-service paradigm has proliferated over the last decade, and while I love reinventing the wheel as much as the next developer (because, clearly, I’m gonna write it...

Read more

Build a Desktop App with Electron and Authentication

Build a Desktop App with Electron and Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Electron is a framework for building cross-platform desktop applications with web technologies like JavaScript, HTML, and CSS. It was created for GitHub’s Atom editor...

Read more

Build a One-time Password Token for MFA with Okta

Build a One-time Password Token for MFA with Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Okta has a great multi-factor authentication (MFA) service that you can use right away with a free developer account. It provides additional security by...

Read more

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite...

Read more

Build a Simple REST API with Node and OAuth 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. JavaScript is used everywhere on the web - nearly every web page will include at least some JavaScript, and even if it doesn’t, your...

Read more

Build and Understand a Simple Node.js Website with User Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Building websites with user authentication and management (login, registration, password reset, etc.), can be a huge pain. As a developer there are a million...

Read more

Add Social Login to Your Spring Boot 2.0 App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. We’ve all seen social login. It’s the “Log in with Facebook” or “Log in with Twitter” buttons we see below every username and password...

Read more

Build a Health Tracking App with React, GraphQL, and User Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I think you’ll like the story I’m about to tell you. I’m going to show you how to build a GraphQL API with Vesper...

Read more

Build a Basic CRUD App with Node and React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. There are a lot of JavaScript frameworks out there today. It seems like I hear about a new one every month or so. They...

Read more

Use Multi-factor Authentication from the Command Line

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Multi-factor authentication is an important tool in your security arsenal. If your password is compromised, your account can still be protected by using high...

Read more

What Happens If Your JWT Is Stolen?

All of us know what happens if our user credentials (email and password) are discovered by an attacker: they can log into our account and wreak havoc. But a lot of modern applications are using JSON Web Tokens (JWTs) to manage user sessions—what happens if a JWT is compromised? Because more and more applications are using token-based authentication, this question is increasingly relevant to developers and critical to understand if you’re building any sort of...

Read more

How to Prevent Your Users from Using Breached Passwords

Not too long ago, the National Institute of Standards and Technology (NIST) officially recommended that user-provided passwords be checked against existing data breaches. Today I’m going to show you how you can easily add this functionality to any website you run using PassProtect, an open-source developer library we created specifically for this purpose. Why Check User Passwords? The new NIST recommendations mean that every time a user gives you a password, it’s your responsibility as...

Read more

Add Authentication to Any Web Page in 10 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. × Heads up... this blog post is old! For updated instructions on adding authentication using the Okta Sign-in Widget, see Embedded Okta Sign-In Widget...

Read more

Secure a Node API with OAuth 2.0 Client Credentials

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Securing server-to-server API services can be tricky. OAuth 2.0 is an excellent way to offload user authentication to another service, but what if there...

Read more

Add Authentication to Your Vanilla JavaScript App in 20 Minutes

Add Authentication to Your Vanilla JavaScript App in 20 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. “Sometimes nothing is good enough” is a phrase that software engineers don’t speak or hear often. In the fast-changing world of web development, there...

Read more

Simple Multi-Factor Authentication in Node

Simple Multi-Factor Authentication in Node

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. If you’re building a web application, chances are you’re going to want to serve different content depending on the user. Authenticating users can be...

Read more

Build Secure Node Authentication with Passport.js and OpenID Connect

Build Secure Node Authentication with Passport.js and OpenID Connect

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Building local or social login in Node can be simple with Passport.js. There are over 500 strategies already built that make it easy to...

Read more

Multi-Factor Authentication: 4 Challenges Faced by Developers

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Multi-factor authentication (MFA) is the most reliable way to ensure the security of your users’ PII (personally identifiable information), and with Okta it’s easier...

Read more

Simple Node Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Authenticating users for Node.js/Express.js web apps can be difficult. You have to set up a database, define a user schema (or use something more...

Read more

Build a React Native Application and Authenticate with OAuth 2.0

Build a React Native Application and Authenticate with OAuth 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. With Okta and OpenID Connect (OIDC) you can easily integrate authentication into a React Native application and never have to build it yourself again....

Read more

Set Up and Enforce Multi-Factor Authentication with the Okta API

So, you’re building a custom app and you need to include support for multi-factor authentication (MFA). Did you know that Okta’s API can support multi-step MFA workflows? The diagram below shows the primary authentication flows with MFA enrollment and enforcement enabled. Okta has a push-based verification app called Okta Verify. It’s available on the Google Play and Apple App stores. Okta Verify is similar to Google Authenticator, except it adds the additional feature of supporting...

Read more

Protect Your Cryptocurrency Wealth Tracking PWA with Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Cryptocurrencies are all the rage. Over the last year, the value of Bitcoin alone has risen 1,603%, driving more and more people to wonder...

Read more

Bootiful Development with Spring Boot and React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. React has been getting a lot of positive press in the last couple years, making it an appealing frontend option for Java developers! Once...

Read more

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite...

Read more

Build an iOS App with Secure Authentication in 20 Minutes

What does it take to build a successful mobile application in today’s ever-changing market? There are (what seems like an infinite) number of design, build, and test cycles performed, just to release your app into the hands of a user. In essence: while Users.love != true { Product.design() Product.rebuild() } Once completed, the real challenge begins – retaining those users. Mostly that means getting users to log in to your app easily, and then never...

Read more

Add Single Sign-On to Your Spring Boot Web App in 15 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Need a secure web server right now? With Spring Boot and Okta, you can spin up an enterprise-quality REST server with complete user identity...

Read more

Add Authentication to Play Framework with OIDC and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I’ve fallen in love with Play Framework in the past, but then found a more attractive framework in Spring Boot. I fell in love...

Read more

Build a Secure Notes Application with Kotlin, TypeScript, and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I love my job as a developer advocate at Okta. I get to learn a lot, write interesting blog posts and create example apps...

Read more

The Lazy Developer's Guide to Authentication with Vue.js

The Lazy Developer's Guide to Authentication with Vue.js

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I’ll happily admit that like many of you, I’m a lazy developer. I tend to look for solutions someone else has already built before...

Read more

Meet the New Okta Identity Platform

I’m genuinely excited to announce that today, we’re officially re-launching the new and improved Okta Identity Platform. Everything has been molded to our vision, and we’re aiming to do something we could not before: build the world’s largest authentication-as-a-service platform for developers of all shapes and sizes. The new Okta Identity Platform is our attempt to make authentication and authorization problems a relic of the past. We want to provide beautiful developer libraries across every...

Read more

Build an Ionic App with User Authentication

With Okta and OpenID Connect (OIDC) you can easily integrate authentication into an Ionic application, and never have to build it yourself again. OIDC allows you to authenticate directly against the Okta API, and this article shows you how to do just that in an Ionic application. I’ll demo how to log in with OIDC redirect, using Okta’s Auth SDK as well as how to use OAuth with Cordova’s in-app browser; user registration is omitted...

Read more

Why JWTs Suck as Session Tokens

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. JSON Web Tokens (JWTs) are so hot right now. They’re all the rage in web development: Trendy? ✓ Secure? ✓ Scalable? ✓ Compact? ✓...

Read more

Protecting a Spring Boot App with Apache Shiro

My favorite thing about Apache Shiro is how easy it makes handling authorization. You can use a role-based access control (RBAC) model of assigning roles to users and then permissions to roles. This makes dealing with the inevitable requirements change simple. Your code does not change, just the permissions associated with the roles. In this post I want to demonstrate just how simple it is, using a Spring Boot application and walking through how I’d...

Read more

OpenID Connect for User Authentication in ASP.NET Core

In the age of the “personalized web experience”, authentication and user management is a given, and it’s easier than ever to tap into third-party authentication providers like Facebook, Twitter, and Google. And it’s not just the wild, wild web that needs it. Businesses need ways to secure their APIs, and identify users logged into their apps. OpenID Connect is a protocol for authenticating users. It is a specification by the OpenID Foundation describing the best...

Read more

Angular Authentication with OpenID Connect and Okta in 20 Minutes

Angular (formerly called Angular 2.0) is quickly becoming one of the most powerful ways to build a modern single-page app. A core strength is Angular’s focus on building reusable components, which help you decouple the various concerns in your application. Take authentication, for example: it can be painful to build, but once you wrap it in a component, the authentication logic can be reused throughout your application. The Angular CLI makes it easy to scaffold...

Read more