Integrator Free Plan available! Existing Okta Developer Edition orgs will be deactivated starting July 18, 2025. Sign up for the Integrator Free Plan to continue building and integrating. Learn more on the Okta Developer blog

Articles tagged oidc

How to Instantly Sign a User Out across All Your Apps

How to Instantly Sign a User Out across All Your Apps

Your enterprise customers expect you to safeguard them from common security incidents, especially when it comes to compromised user accounts. Perhaps a user has signed in from a known stolen device or another country outside the list of allowed IP zones. If a hacker is masquerading as one of your customer’s employees, potentially accessing sensitive company data, you must end their session and sign them out of your app immediately. Bottom line, if you build...

Read more

Add Step-up Authentication Using Angular and NestJS

Add Step-up Authentication Using Angular and NestJS

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. The applications you work on expect good authentication as a secure foundation. In the past, we treated authentication as binary. You are either authenticated...

Read more

Flexible Authentication Configurations in Angular Applications Using Okta

Flexible Authentication Configurations in Angular Applications Using Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Are you ready to hear about the ultimate flexibility in configuring authentication properties in the Okta Angular SDK? You’ll want to check out this...

Read more

Enterprise Maturity Workshop: Automate with no-code Okta Workflows

Enterprise Maturity Workshop: Automate with no-code Okta Workflows

This tutorial is part of the on-demand workshop series. In this workshop, you’ll enhance the base Todo application by creating an automated report using Okta’s no-code Workflows platform. Table of Contents What is Okta Workflows? Getting access to Okta Workflows Creating a flow Okta Workflows building blocks Setting up the Todo application Enhancing the Todo application with a new API Launching the API in a local tunnel Building the Todo Report flow Updating the flow...

Read more

Enterprise-Ready Workshop: Authenticate with OpenID Connect

Enterprise-Ready Workshop: Authenticate with OpenID Connect

This workshop is part of our Enterprise Readiness Workshop series. In this workshop, you will be wearing the hat of a SaaS developer who will up-level his/her app to allow users (from your big enterprise customers) to log on using their own company credentials without providing a password directly to your app. When any enterprise customer considers buying your software to enhance their employees’ productivity, their IT and security teams want to make sure employees...

Read more

How Authentication and Authorization Work for SPAs

How Authentication and Authorization Work for SPAs

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Adding authentication to public clients such as Single Page Applications (SPA) and JavaScript applications can be a source of confusion. Identity Providers like Okta...

Read more

Secure Secrets with Spring Cloud Config and Vault

Secure Secrets with Spring Cloud Config and Vault

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In 2013, GitHub released a search feature that allows users to scan code in all public repositories. A day after the release, however, they...

Read more

Introducing the New Okta Mobile SDKs

Introducing the New Okta Mobile SDKs

For years the Okta OIDC SDK was the primary tool mobile developers used to integrate their apps with Okta, but as with all things in life, entropy takes its toll. Over time, as platforms and languages change, or new features become available, a refactor is required. Today we’re proud to announce that the Okta Mobile SDKs for Swift and Kotlin are now available! Recent advances at Okta, such as support for Device Single Sign On...

Read more

Add Auth to Any App with OAuth2 Proxy

Add Auth to Any App with OAuth2 Proxy

Updating an application to use OAuth 2.0 doesn’t need to be complicated. Most of the time, your language or framework will already have an OAuth library. Sometimes, this isn’t the case, and you need to find an alternative. In this post, I’ll walk through setting up and using OAuth2 Proxy to secure your application without any code changes! OAuth2 Proxy is a reverse proxy that sits in front of your application and handles the complexities...

Read more

Boost Your Productivity Using Okta CLI with Fig

Boost Your Productivity Using Okta CLI with Fig

CLIs are great. I love the speed and productivity increases I get when using a CLI, but memorizing commands – especially when commands need arguments, options, flags, and so on – can be daunting. Luckily, there are tools available for CLI fans out there, and one tool I’ve been enjoying is Fig. Fig powers up your CLI productivity Fig adds autocompletion to supported terminals, which makes using CLIs so much easier. Using Git? You’ll see...

Read more

How to Secure Your Kubernetes Clusters With Best Practices

How to Secure Your Kubernetes Clusters With Best Practices

Kubernetes has become an unavoidable part of a software infrastructure these days. If you are an enterprise or medium/large company, chances are you are already running Kubernetes clusters for your workloads. If you are a DevOps engineer, there is a good chance you are maintaining either an on-prem Kubernetes cluster or a PaaS like Amazon EKS, Microsoft AKS, or GKE. But regardless of how you run your Kubernetes clusters, you need to make sure that...

Read more

How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC

How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC

A Kubernetes (k8s) cluster comprises worker machines called nodes and a control plane consisting of the API server, scheduler, etcd, controller manager, and in the case of a PaaS (platform as a service), the cloud controller manager. The containers deployed to the cluster run in pods on the worker nodes. At the same time, the control plane takes care of scheduling, responding to requests, and managing the cluster. When you communicate with a Kubernetes cluster,...

Read more

The Things to Keep in Mind about Auth

The Things to Keep in Mind about Auth

There’s a lot of information out there about adding authentication to your app, which is helpful! But also overwhelming. It can be hard to find relevant and up-to-date information. Security best practices and technologies change, so refreshing your understanding and keeping up with current best practices is a good thing. Here are some notes I took while I reviewed my knowledge and applied my experience implementing auth. Prefer OAuth 2.0 and OpenID Connect If you’re...

Read more

Secure Access to AWS EKS Clusters for Admins

Secure Access to AWS EKS Clusters for Admins

In this tutorial, we will leverage OpenID Connect (OIDC) to allow our DevOps team to securely access their EKS clusters on AWS. We use Role Based Access Control (RBAC)] to enforce the least privilege required without the need to configure AWS IAM roles. 😎 We’ll highlight the steps to manually enable an OIDC provider on your EKS clusters. At the end of this tutorial, we’ll point to resources you can leverage to automate all those...

Read more

Learn How to Build a Single-Page App with Vue and Spring Boot

Learn How to Build a Single-Page App with Vue and Spring Boot

In this tutorial, you are going to create a single-page application (SPA) that uses a Spring Boot resource server and a Vue front-end client. You’ll see how to configure Spring Boot to use JSON Web Tokens (JWT) for authentication and authorization, with Okta as an OAuth 2.0 and OpenID Connect (OIDC) provider. You’ll also see how to bootstrap a Vue client app with the Vue CLI and how to secure it using the Okta Sign-In...

Read more

Session Clustering for OAuth 2.0 Applications

Session Clustering for OAuth 2.0 Applications

{% include integrator-org-warning.html %} A common OAuth 2.0 question we get: "How do I deal with OAuth in a load-balanced application?" The short answer: There’s nothing specific about session clustering for OAuth. The longer answer is—you likely still need to worry about cluster session management. This post will discuss how an OAuth login relates to your application’s session. And we’ll build a simple, secure, load-balanced application to demonstrate. Prerequisites Docker 20.10+ Java 11+, use SDKMAN...

Read more

Centralize Authentication at the Gateway with Apache APISIX and OpenID Connect

Centralize Authentication at the Gateway with Apache APISIX and OpenID Connect

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Apache APISIX is a dynamic, real-time, high-performance API gateway, providing rich traffic management. The project offers load balancing, dynamic upstream, canary release, circuit breaking,...

Read more

How to Prevent Reactive Java Applications from Stalling

How to Prevent Reactive Java Applications from Stalling

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Modern applications must work smoothly on high loads and with a high number of concurrent users. Traditional Java applications run blocking code and a...

Read more

What Apple's App Tracking Changes Mean for Developers

What Apple's App Tracking Changes Mean for Developers

You know how you will see an ad on Instagram for something that you just searched for hours earlier? This is in no small part due to a special API for iOS that allows app developers to track your behavior across apps, even those by different developers. Well, all of this is changing with the rollout of iOS 14.5, so let’s take a look at what exactly is changing and what this means for app...

Read more

Set Access Control Policies With Kong Konnect and Okta

Set Access Control Policies With Kong Konnect and Okta

In our last Kong and Okta tutorial, we will implement a basic access control policy based on Okta’s groups and planes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin. Parts 1, 2 and 3 covered: Implement client credentials for application authentication Authorization Code for user authentication Implement introspection flow for token validation Table of Contents How Access Control Works Configure...

Read more

Implement Introspection Flow With Kong Konnect and Okta

Implement Introspection Flow With Kong Konnect and Okta

In our third Kong and Okta tutorial, we’ll go through the introspection flow implementation. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin. Parts 1, 2 and 4 cover: Implement Client Credentials with Kong Konnect and Okta Authorization Code for user authentication Access control based on Okta’s groups and planes Table of Contents Konnect and Okta Integration Topology Introspection Flow Set...

Read more

Apply Authorization Code Flow With Kong Konnect and Okta

Apply Authorization Code Flow With Kong Konnect and Okta

We’ll go through the authorization code flow applied to user authentication processes in our second Kong and Okta tutorial. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin. Parts 1, 3, and 4 cover: Implement Client Credentials with Kong Konnect and Okta Implement Introspection Flow With Kong Konnect and Okta Access control based on Okta’s groups and planes Table of Contents...

Read more

Implement Client Credentials with Kong Konnect and Okta

Implement Client Credentials with Kong Konnect and Okta

Using Kong’s OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: Connectivity Authentication Authorization The OIDC plugin enables Kong, as the API gateway, to communicate with Okta via the OAuth/OIDC flows. That way, your app teams don’t have to configure and diagnose authentication and authorization for each service individually. With these challenges solved, app teams have more time to build and innovate. Table of Contents Kong Konnect and...

Read more

OAuth Patterns and Anti-Patterns - a DZone Refcard

OAuth Patterns and Anti-Patterns - a DZone Refcard

I’m happy to announce the release of a brand new OAuth cheat sheet published through DZone’s Refcardz, “OAuth Patterns and Anti-Patterns”. This five-page reference guide covers the latest in OAuth and clarifies some common misunderstandings of applying it to real world use cases. With a focus on OAuth 2.0, OpenID Connect, and best practices, you’ll quickly learn how to avoid some common mistakes and how to make your applications and APIs more secure. The “OAuth...

Read more

Unity WebGL + PlayFab Authorization in 20 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. As game creators, we hold a fundamental responsibility to protect and secure any and all data that our players entrust to us. Historically, security...

Read more

Android Login Made Easy with OIDC

Android Login Made Easy with OIDC

{% include integrator-org-warning.html %} :toc: macro :page-liquid: :experimental: Having a dedicated part of a mobile app for authorized users is a must for a modern-day app. Users want to have a personalized experience with the apps they love. They expect to seamlessly use services on different devices and platforms. And, most of all, they want to be sure that their personal data is secure. Implementing a secure login process on Android can be challenging to...

Read more

One Identity Across Salesforce.com and Mulesoft

One Identity Across Salesforce.com and Mulesoft

Today, I’m going to show you how to plug Okta into a Force.com application (along with Mulesoft’s API gateway) using the OpenID Connect protocol (aka ‘OIDC’). By the end of this tutorial, your Force.com application will have user authentication backed by Okta and will be able to securely call your backend APIs through Mulesoft’s API gateway. Sound good? Let’s get to it! What’s Force.com? Force.com is Salesforce’s Platform-as-a-Service (aka ‘PaaS’) which allows you to develop...

Read more

Introducing the Okta CLI

Introducing the Okta CLI

Okta is an Identity Management Platform that takes all the hassle out of authentication and authorization. It’s feature-packed with everything from workforce integrations for G-Suite to the latest version of OAuth 2.0 as-a-service for developers writing their own APIs. It can sometimes be a daunting task for developers to get started with Okta because of how feature-rich it is. Introducing the Okta CLI - made by developers for developers. Using the CLI tool, you can...

Read more

Test in Production with Spring Security and Feature Flags

Test in Production with Spring Security and Feature Flags

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Okta is an Identity and Access Management platform. The TL;DR: you offload the responsibility for secure authentication and authorization to Okta so you can...

Read more

OAuth 2.0 Patterns with Spring Cloud Gateway

OAuth 2.0 Patterns with Spring Cloud Gateway

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post...

Read more

Node.js Login with Express and OIDC

Node.js Login with Express and OIDC

{% include integrator-org-warning.html %} :page-liquid: :experimental: Node.js just celebrated its 11th birthday on May 27! With the state of things nows, it’s pretty crazy to think back to the massive JavaScript Renaissance boost of 2009. In case you’re not aware, the JavaScript Renaissance began in around 2004 with Ajax, increased exponentially with jQuery in the mid-2000s, and then really took off with Node.js and a plethora of early JavaScript web frameworks; including Backbone.js, Ember.js, and...

Read more

Build an Android Application with Authentication

Build an Android Application with Authentication

{% include integrator-org-warning.html %} :toc: macro :page-liquid: :experimental: With mobile apps becoming ever-present in users' lives, following best security practices has become essential in protecting your users and your apps. Implementing security alone and from the ground up can be costly for your development team, create a less-than-ideal user experience, and be susceptible to design/implementation errors. The easiest path to strong security, and a positive user experience, is to turn to the experts. The Okta...

Read more

What's New with OAuth and OpenID Connect?

What's New with OAuth and OpenID Connect?

In this video you'll learn about the latest developments in the OAuth and OpenID Connect specs from Aaron Parecki, a regular contributor to the OAuth working group. The latest additions to the specs enable richer experiences and better security for applications using OAuth.

Read more

OpenID Connect Logout Options with Spring Boot

OpenID Connect Logout Options with Spring Boot

On the Okta blog, we spend much of our time talking about logging in. That is because once you configure your application to log in, the log out just works. But there are a few things you should consider when you’re thinking about your app’s logout configuration. In this post, I’ll walk through examples of the two logout options you have with Spring Security: the "default" session clearing logout, and relying party initiated logout. If...

Read more

Build Single Sign-on in Java

Build Single Sign-on in Java

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In modern app development, you quite frequently have a single resource server that provides data to multiple client applications. These applications may share a...

Read more

Build a CRUD Application with Kotlin and React

Build a CRUD Application with Kotlin and React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In this tutorial, you’re going to build a client and server application using React for the frontend and Kotlin with Spring Boot for the...

Read more

Secure Legacy Apps with Spring Cloud Gateway

Secure Legacy Apps with Spring Cloud Gateway

One of the biggest challenges of adding OAuth 2.0 support to legacy applications is a lack of support in the underlying framework. Maybe it’s homegrown, or maybe it’s just old? Either way, migrating away from an old form-based login doesn’t need to be so painful. In this post, I’ll walk you through a low-code option using Spring Cloud Gateway and Okta. You’ll learn how to setup Spring Cloud Gateway running as a stand-alone application that...

Read more

Add Docker to Your Spring Boot Application

Add Docker to Your Spring Boot Application

{% include integrator-org-warning.html %} :toc: macro :page-liquid: :experimental: Docker enables you to deploy a server environment in containers. A container is a standardized unit of software that assembles code, runtime, dependencies, settings, and initialization in a single package that you can run reliably from one computing environment to another. Deploying your app as a Docker container is not hard, and can alleviate a lot of problems that you may encounter when moving your app around...

Read more

Use Okta Token Hooks to Supercharge OpenID Connect

Use Okta Token Hooks to Supercharge OpenID Connect

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. OpenID Connect (OIDC) and OAuth 2.0 are already recognized as powerful tools for incorporating authentication and authorization into modern web applications. Okta has enhanced...

Read more

Kotlin: A Beginner's Guide and Tutorial

Kotlin: A Beginner's Guide and Tutorial

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Kotlin is a modern, statically typed language within the JVM. Kotlin is a cross-platform, multi-purpose, free and open-source language developed by JetBrains under the...

Read more

Deploy Your Spring Boot App the Right Way

Deploy Your Spring Boot App the Right Way

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Spring Boot is an awesome solution to speed up the development cycle of your app. Have an idea and want to transform it into...

Read more

A Quick Guide to Java on Netty

A Quick Guide to Java on Netty

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Netty is a non-blocking input/output (NIO) framework that makes it relatively simple to develop low-level network servers and clients. Netty provides an incredible amount...

Read more

ASP.NET Core 3.0 MVC Secure Authentication

ASP.NET Core 3.0 MVC Secure Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. On September 23rd, Microsoft announced the third major release of its .NET Core framework. This new release boasts better performance, support for Windows Desktop...

Read more

Create a React Native App with Login in 10 Minutes

Create a React Native App with Login in 10 Minutes

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. React Native is a mobile app development framework that allows you to use React to build native iOS and Android mobile apps. Instead of...

Read more

An Illustrated Guide to OAuth and OpenID Connect

An Illustrated Guide to OAuth and OpenID Connect

In the “stone age” days of the Internet, sharing information between services was easy. You simply gave your username and password for one service to another so they could login to your account and grab whatever information they wanted! Yikes! You should never be required to share your username and password, your credentials, to another service. There’s no guarantee that an organization will keep your credentials safe, or guarantee their service won’t access more of...

Read more

Painless Node.js Authentication

Painless Node.js Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. User authentication is a critical component of just about every web application. Unfortunately, while authentication is a core part of all websites, it can...

Read more

How to Develop a Quarkus App with Java and OIDC Authentication

How to Develop a Quarkus App with Java and OIDC Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Quarkus is a container-first Kubernetes Java framework designed to have a super-fast start-up time and low memory usage. The container-first strategy emphasizes packaging the...

Read more

Build a NodeJS App with TypeScript

Build a NodeJS App with TypeScript

As dynamically typed languages became prominent during the last decade, typeless (or should I say lawless?) programming became the norm for the backend as well as the frontend. Many people believe the simplicity of “just writing” code is efficient for providing a proof of concept or prototyping applications. However, as those applications grow, the typeless code used to build them often becomes incredibly convoluted and more difficult (some would say impossible) to manage. In the...

Read more

5 Minute Serverless Functions in Azure without an IDE

5 Minute Serverless Functions in Azure without an IDE

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Microsoft Azure makes it incredibly easy to get a basic API/microservice up and running quickly! If you are unfamiliar with building serverless architecture in...

Read more

Easy Spring Boot Deployment with AWS Elastic Beanstalk

Easy Spring Boot Deployment with AWS Elastic Beanstalk

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Nearly all applications rely on authentication. Developers, and the companies that employ them, want to confirm who is making the request and are they...

Read more

Monitor Your Java Apps with Spring Boot Actuator

Monitor Your Java Apps with Spring Boot Actuator

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Have you worked with Spring Boot Actuator yet? It’s an immensely helpful library that helps you monitor app health and interactions with the app...

Read more

Build Mobile Apps with Angular, Ionic 4, and Spring Boot

Build Mobile Apps with Angular, Ionic 4, and Spring Boot

{% include integrator-org-warning.html %} {% include integrator-org-warning.html %} :page-liquid: :toc: macro I’m a big fan of Ionic. I started using it several years ago when it was based on AngularJS. As a developer, I really liked it because I knew Angular. I found didn’t have to learn much more to be a productive developer with Ionic. What is Ionic? I’m glad you asked! Ionic is an open source project that allows you to build mobile...

Read more

Tutorial: User Login and Registration in Ionic 4

Tutorial: User Login and Registration in Ionic 4

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Ionic allows you to develop PWAs and hybrid mobile apps. PWAs are web applications that run in a browser and allow for offline capabilities...

Read more

What the Heck is Sign In with Apple?

What the Heck is Sign In with Apple?

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. This week at Apple’s developer conference WWDC, Apple announced a new feature, “Sign In with Apple” enabling users to sign in to apps using...

Read more

A Quick Guide to Spring Boot Login Options

A Quick Guide to Spring Boot Login Options

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In this post, you’re going to work through various options for implementing a login feature using Spring Boot 2.1. You’ll start with the most...

Read more

Angular 8 + Spring Boot 2.2: Build a CRUD App Today!

Angular 8 + Spring Boot 2.2: Build a CRUD App Today!

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. If you’ve been a Java developer for more than 15 years, you probably remember when there were a plethora of Java web frameworks. It...

Read more

Easy Single Sign-On with Spring Boot and OAuth 2.0

Easy Single Sign-On with Spring Boot and OAuth 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Single sign-on used to be the “Holy Grail” of enterprise size companies and was usually only available companies that could afford it. Nowadays, we...

Read more

Migrate Your Spring Boot App to the Latest and Greatest Spring Security and OAuth 2.0

Migrate Your Spring Boot App to the Latest and Greatest Spring Security and OAuth 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Spring Boot 1.5.x made it easier than ever before to integrate Spring Security with OAuth 2.0 into your application. Spring Boot 2.1.x dials it...

Read more

Devnexus 2019: Join the <dev/>olution

Devnexus 2019: Join the <dev/>olution

Hello, Developers! Have you ever been to the wonderful conference known as Devnexus? I attended for the first time two years ago and had a blast! It’s well organized, affordable, and has a diverse and fun crowd. This year, Okta is sponsoring Devnexus and we have a number of speakers sharing their wisdom. I thought it’d be fun to write a blog post that highlights my team members and what they’ll be talking about. If...

Read more

Nobody Cares About OAuth or OpenID Connect

Nobody Cares About OAuth or OpenID Connect

If you’re reading this post, there’s a good chance that you’re a web developer who’s very interested in web security. You’ve probably heard about OAuth or OpenID Connect (OIDC) before. You may have even used them at some point in your career. But here’s the thing: almost nobody actually cares about OAuth or OIDC. Not you, not me, and not even other developers in the security industry. To understand why nobody cares about these two...

Read more

Angular 7: What's New and Noteworthy + OIDC Goodness

Angular 7: What's New and Noteworthy + OIDC Goodness

Angular 7 was released earlier this quarter and I’m pumped about a few of its features. If you’ve been following Angular since Angular 2, you know that upgrading can sometimes be a pain. There was no Angular 3, but upgrading to Angular 4 wasn’t too bad, aside from a bunch of changes in Angular’s testing infrastructure. Angular 4 to Angular 5 was painless, and 5 to 6 only required changes to classes that used RxJS....

Read more

Bootiful Development with Spring Boot and Vue

Bootiful Development with Spring Boot and Vue

Vue is a web framework that’s gotten a lot of attention lately because it’s lean and mean. Its baseline framework cost is around 40K and is known as a minimalistic web framework. With all of the recent attention on web performance and mobile-first, mobile-fast, it’s no surprise that Vue has become more and more popular. If you spent the time to learn AngularJS back in the day, chances are you’ll find an old friend in...

Read more

Spring Boot 2.1: Outstanding OIDC, OAuth 2.0, and Reactive API Support

Spring Boot 2.1: Outstanding OIDC, OAuth 2.0, and Reactive API Support

Spring Boot 2.1 was recently released, eight months after the huge launch of Spring Boot 2.0. The reason I’m most excited about Spring Boot 2.1 to me is its improved performance and OpenID Connect (OIDC) support from Spring Security 5.1. The combination of Spring Boot and Spring Security has provided excellent OAuth 2.0 support for years, and making OIDC a first-class citizen simplifies its configuration quite a bit. For those that aren’t aware, OIDC is...

Read more

Build a Web App with Spring Boot and Spring Security in 15 Minutes

Build a Web App with Spring Boot and Spring Security in 15 Minutes

Developers know that securing web apps can be a pain. Doing it right is tough. The worst part is that “right” is a moving target. Security protocols change. Vulnerabilities are found in dependencies and patches are released. Tons of often complex boilerplate code has to be generated. The software-as-service paradigm has proliferated over the last decade, and while I love reinventing the wheel as much as the next developer (because, clearly, I’m gonna write it...

Read more

Full Stack Reactive with Spring WebFlux, WebSockets, and React

Full Stack Reactive with Spring WebFlux, WebSockets, and React

Spring WebFlux can be used to create a REST API with streaming data. Spring WebFlux can also be integrated with WebSockets to provide notifications that clients can listen to. Combining the two is a powerful way to provide real-time data streaming to JavaScript or mobile clients. Add React to the mix and you have an excellent foundation for a full-stack reactive architecture. React is a UI toolkit (similar to GWT) that lets you build components...

Read more

Build Reactive APIs with Spring WebFlux

Build Reactive APIs with Spring WebFlux

Spring Boot 2.0 was a long-awaited release from the good folks at Pivotal. One of its new features is reactive web programming support with Spring WebFlux. Spring WebFlux is a web framework that’s built on top of Project Reactor, to give you asynchronous I/O, and allow your application to perform better. If you’re familiar with Spring MVC and building REST APIs, you’ll enjoy Spring WebFlux. There’s just a few basic concepts that are different. Once...

Read more

Build a Desktop App with Electron and Authentication

Build a Desktop App with Electron and Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Electron is a framework for building cross-platform desktop applications with web technologies like JavaScript, HTML, and CSS. It was created for GitHub’s Atom editor...

Read more

Build a Java REST API with Java EE and OIDC

Build a Java REST API with Java EE and OIDC

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Java EE allows you to build Java REST APIs quickly and easily with JAX-RS and JPA. Java EE is an umbrella standards specification that...

Read more

Build a Basic CRUD App in Android with Kotlin

Build a Basic CRUD App in Android with Kotlin

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Kotlin was recently given official Android support status by Google, but it remains difficult to understand for many developers. The best way to start...

Read more

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite...

Read more

Add Social Login to Your Spring Boot 2.0 App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. We’ve all seen social login. It’s the “Log in with Facebook” or “Log in with Twitter” buttons we see below every username and password...

Read more

Build a Simple CRUD App with Flask and Python

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Today I’m going to walk you through building a simple Flask web app (a blog) complete with user management (login, registration, etc.), database models,...

Read more

Flask Tutorial: Simple User Registration and Login

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Flask is my favorite Python web framework. It’s minimal, it’s fast, and most of all: it’s fun. I love almost everything about Flask development,...

Read more

Tutorial: Build a Basic CRUD App with Node.js

Tutorial: Build a Basic CRUD App with Node.js

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Node.js is eating the world. Many of the largest companies are building more and more of their websites and API services with Node.js, and...

Read more

Build a Photo Gallery PWA with React, Spring Boot, and JHipster

Build a Photo Gallery PWA with React, Spring Boot, and JHipster

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. At its core, React is just a UI toolkit, ala GWT, but it has a very healthy ecosystem around it that provides everything you...

Read more

Secure Your Spring Boot Application with Multi-Factor Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. OAuth 2.0 has quickly become an industry standard for third party authentication for web applications. It’s a super secure strategy, when implemented properly, but...

Read more

Build a Basic CRUD Application with Grails and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Grails and Groovy can be a great alternative to Spring Boot, in some specific use cases. In this post, we’ll start with that basic...

Read more

Build Secure Node Authentication with Passport.js and OpenID Connect

Build Secure Node Authentication with Passport.js and OpenID Connect

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Building local or social login in Node can be simple with Passport.js. There are over 500 strategies already built that make it easy to...

Read more

Build Server Side Authentication in Grails with OAuth 2.0 and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. What is Grails, what is Groovy, and why would we choose them over Spring Boot? In this post I’ll walk you through implementing server-side...

Read more

Use OpenID Connect for Authorization in Your ASP.NET MVC Framework 4.x App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. A common practice in web applications is to have a restricted area for registered users, and perhaps another for administrators. Whether this restricted access...

Read more

Token Authentication in ASP.NET Core 2.0 - A Complete Guide

Token Authentication in ASP.NET Core 2.0 - A Complete Guide

Token authentication has been a popular topic for the past few years, especially as mobile and JavaScript apps have continued to gain mindshare. Widespread adoption of token-based standards like OAuth 2.0 and OpenID Connect have introduced even more developers to tokens, but the best practices aren’t always clear. I spend a lot of time in the ASP.NET Core world and have been working with the framework since the pre-1.0 days. ASP.NET Core 2.0 has great...

Read more

Build a React Native Application and Authenticate with OAuth 2.0

Build a React Native Application and Authenticate with OAuth 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. With Okta and OpenID Connect (OIDC) you can easily integrate authentication into a React Native application and never have to build it yourself again....

Read more

Develop a Microservices Architecture with OAuth 2.0 and JHipster

Develop a Microservices Architecture with OAuth 2.0 and JHipster

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. JHipster is a development platform to generate, develop, and deploy Spring Boot + Angular web applications and Spring microservices. It supports using many types...

Read more

Build a Basic CRUD App with Vue.js and Node

Build a Basic CRUD App with Vue.js and Node

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I’ve danced the JavaScript framework shuffle for years starting with jQuery, then on to Angular. After being frustrated with Angular’s complexity, I found React...

Read more

Build User Registration with Node, React, and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Today’s internet users expect a personalized experience. Developers must learn to develop websites that provide that personalized experience while keeping their user’s information private....

Read more

Build a Secure To-Do App with Vue, ASP.NET Core, and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I love lists. I keep everything I need to do (too many things, usually) in a big to-do list, and the list helps keep...

Read more

Use Ionic for JHipster to Create Mobile Apps with OIDC Authentication

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. We 💙 Ionic, JHipster, and Java here at Okta. Ionic is a framework for building native mobile apps using web technologies. Technically, this is...

Read more

Protect Your Cryptocurrency Wealth Tracking PWA with Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Cryptocurrencies are all the rage. Over the last year, the value of Bitcoin alone has risen 1,603%, driving more and more people to wonder...

Read more

Get Started with Spring Security 5.0 and OIDC

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. I first encountered...

Read more

Bootiful Development with Spring Boot and React

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. React has been getting a lot of positive press in the last couple years, making it an appealing frontend option for Java developers! Once...

Read more

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite...

Read more

Build an iOS App with Secure Authentication in 20 Minutes

What does it take to build a successful mobile application in today’s ever-changing market? There are (what seems like an infinite) number of design, build, and test cycles performed, just to release your app into the hands of a user. In essence: while Users.love != true { Product.design() Product.rebuild() } Once completed, the real challenge begins – retaining those users. Mostly that means getting users to log in to your app easily, and then never...

Read more

Add Authentication to Play Framework with OIDC and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I’ve fallen in love with Play Framework in the past, but then found a more attractive framework in Spring Boot. I fell in love...

Read more

Play Zork, Learn OAuth

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In the early ’80s, some of the best “video” games were text-based adventures. These games would print out descriptive text of your surroundings and...

Read more

Use OpenID Connect Support with JHipster

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Single sign-on (SSO) is a feature that most developers don’t care about when building one-off applications for clients or themselves. However, when developing apps...

Read more

Use OpenID Connect to Build a Simple Node.js Website

Use OpenID Connect to Build a Simple Node.js Website

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. If you’ve ever spent time trying to figure out the best way to handle user authentication for your Node app and been confused: you’re...

Read more

Add Role-Based Access Control to Your App with Spring Security and Thymeleaf

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. User management functions are required by a wide variety of apps and APIs, and it’s a common use-case to partition access to parts of...

Read more

The Lazy Developer's Guide to Authentication with Vue.js

The Lazy Developer's Guide to Authentication with Vue.js

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. I’ll happily admit that like many of you, I’m a lazy developer. I tend to look for solutions someone else has already built before...

Read more

Build an Ionic App with User Authentication

With Okta and OpenID Connect (OIDC) you can easily integrate authentication into an Ionic application, and never have to build it yourself again. OIDC allows you to authenticate directly against the Okta API, and this article shows you how to do just that in an Ionic application. I’ll demo how to log in with OIDC redirect, using Okta’s Auth SDK as well as how to use OAuth with Cordova’s in-app browser; user registration is omitted...

Read more

What's in a Token? – An OpenID Connect Primer, Part 3 of 3

In the previous two installments of this OpenID Connect (OIDC) series, we dug deep into the OIDC flow types and saw OIDC in action using a playground found at: https://okta-oidc-fun.herokuapp.com/. In this third and final installment, we’ll look at what’s encoded into the various types of tokens and how to control what gets put in them. JWTs, have the benefit of being able to carry information in them. With this information available to your app...

Read more

OIDC in Action – An OpenID Connect Primer, Part 2 of 3

In the first installment of this OpenID Connect (OIDC) series, we looked at some OIDC basics, its history, and the various flow types, scopes, and tokens involved. In this post, we’ll dive into the mechanics of OIDC and see the various flows in action. The token(s) you get back from an OIDC flow and the contents of the /userinfo endpoint are a function of the flow type and scopes requested. You can see this live...

Read more

Identity, Claims, & Tokens – An OpenID Connect Primer, Part 1 of 3

In the beginning, there were proprietary approaches to working with external identity providers for authentication and authorization. Then came SAML (Security Assertion Markup Language) – an open standard using XML as its message exchange type. Then, there was OAuth and OAuth 2.0 – also open as well as being a modern, RESTful approach to authorization using JSON as its medium. And now, the holy grail of “secure delegated access” OpenID Connect (henceforth OIDC), which runs...

Read more

OpenID Connect for User Authentication in ASP.NET Core

In the age of the “personalized web experience”, authentication and user management is a given, and it’s easier than ever to tap into third-party authentication providers like Facebook, Twitter, and Google. And it’s not just the wild, wild web that needs it. Businesses need ways to secure their APIs, and identify users logged into their apps. OpenID Connect is a protocol for authenticating users. It is a specification by the OpenID Foundation describing the best...

Read more

What the Heck is OAuth?

There’s a lot of confusion around what OAuth actually is. Some people think OAuth is a login flow (like when you sign into an application with Google Login), and some people think of OAuth as a “security thing”, and don’t really know much more than that. I’m going to show you what OAuth is, explain how it works, and hopefully leave you with a sense of how and where OAuth can benefit your application. What...

Read more

Add Authentication to Your Angular PWA

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. You’re developing a Progressive Web Application (PWA), and your service worker and web app manifest are working swimmingly. You’ve even taken the time to...

Read more

Angular Authentication with OpenID Connect and Okta in 20 Minutes

Angular (formerly called Angular 2.0) is quickly becoming one of the most powerful ways to build a modern single-page app. A core strength is Angular’s focus on building reusable components, which help you decouple the various concerns in your application. Take authentication, for example: it can be painful to build, but once you wrap it in a component, the authentication logic can be reused throughout your application. The Angular CLI makes it easy to scaffold...

Read more

Demystifying OAuth

It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can’t go far without running into the popular authorization framework for REST/APIs and social authentication. During Oktane15, Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing...

Read more