Articles tagged okta

Elevate Access Token Security by Demonstrating Proof-of-Possession

Elevate Access Token Security by Demonstrating Proof-of-Possession

We use access tokens to request data and perform actions within our software systems. The client application sends a bearer token to the resource server. The resource server checks the validity of the access token before acting upon the HTTP request. What happens if the requesting party is malicious, steals your token, and makes a fraudulent API call? Would the resource server honor the HTTP request? If you use a bearer token, the answer is...

Read more

Supporting Devs Through Advocacy

Supporting Devs Through Advocacy

Supporting developers is my modus operandi. I’ve been with Okta for three years, formerly as a Developer Support Engineer and now as a Developer Advocate. Before joining Okta, I graduated from Hackbright Academy, an all-women boot camp based in San Francisco. I learned to think like a programmer through coding in Python and Javascript. My full-stack capstone project was a web application that tracked sugar intake, inspired by the community health service volunteer work I...

Read more

How to Secure Your Kubernetes Clusters With Best Practices

How to Secure Your Kubernetes Clusters With Best Practices

Kubernetes has become an unavoidable part of a software infrastructure these days. If you are an enterprise or medium/large company, chances are you are already running Kubernetes clusters for your workloads. If you are a DevOps engineer, there is a good chance you are maintaining either an on-prem Kubernetes cluster or a PaaS like Amazon EKS, Microsoft AKS, or GKE. But regardless of how you run your Kubernetes clusters, you need to make sure that...

Read more

Getting to Know GooseClip: Interview with an Okta Hackathon Winner

Getting to Know GooseClip: Interview with an Okta Hackathon Winner

Okta Early Access Hackathon revisited In August, Okta’s developer relations team invited intrepid developers to participate in the virtual Okta Identity Engine Early Access Hackathon, and challenged them to build a working app with our limited availability new customer identity and access management (CIAM) platform. A month or so after, judges convened, winners were announced, and thousands of dollars in prizes were distributed. Kudos to hundreds of participants, and props to all involved. In October,...

Read more

How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC

How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC

A Kubernetes (k8s) cluster comprises worker machines called nodes and a control plane consisting of the API server, scheduler, etcd, controller manager, and in the case of a PaaS (platform as a service), the cloud controller manager. The containers deployed to the cluster run in pods on the worker nodes. At the same time, the control plane takes care of scheduling, responding to requests, and managing the cluster. When you communicate with a Kubernetes cluster,...

Read more

Kubernetes To The Cloud With AWS: Deploying a Node.js App to EKS

Kubernetes To The Cloud With AWS: Deploying a Node.js App to EKS

Since 2013 when it was released to the public, Docker has become an industry-standard tool for development teams to package applications into small executable containers. A year later, Kubernetes was released by Google to manage large amounts of containers, and provide features for high availability (HA) and auto-scaling. While Kubernetes adds many benefits to your container management, you might find the process of setting up Kubernetes within your on-premise infrastructure quite challenging, especially on the...

Read more

Oktanaut Tanay, Reporting for Duty

Oktanaut Tanay, Reporting for Duty

Greetings Oktaverse! I’m Tanay 🖖 I have been following Okta for many years, and I am very excited to finally join you all and get a chance to serve this wonderful community. First things first, here’s a picture of me so that you can recognize me and say hi the next time we meet. 👇 Who I am and what I’ve done so far I started my journey into the world of tech communities and...

Read more

Flying Into Okta

Flying Into Okta

“Just follow your heart and keep smiling.” – Kiki’s Delivery Service I’m embarking on a new adventure and entering the wide world of Developer Advocacy at Okta! Much like Kiki setting out on her journey, I’m full of enthusiasm and curiosity and am ready to fly. I’m thrilled to be here at Okta and looking forward to everything. Now, I just need to get a talking cat… “Smile. We have to make a good first...

Read more

Spreading Some Okta Love to the DevOps World

Spreading Some Okta Love to the DevOps World

Hello Oktaverse! So finally, I have landed at Okta on my second attempt 😉. I’m so excited about this new chapter in my career journey and can’t wait to see what’s in store. But first, introductions. Who am I I’m from the south of India, a village in Kerala to be specific, but I grew up in Chennai since my parents moved there looking for work when I was 12. I like to call myself...

Read more

Okta Developer Plan Changes

Okta Developer Plan Changes

An Update on Our Developer Offering As many of you may know, Okta completed the acquisition of Auth0 in May of 2021. We’ve since been busy, working out how our products will work together to help developers provide the best experiences for their users. If you joined us for Developer Day, you saw Okta and Auth0 showcase interesting projects happening at our companies and in our communities. In the months since the Auth0 acquisition, one...

Read more

Join the Okta Identity Engine Early Access Hackathon 2021 Challenge

Join the Okta Identity Engine Early Access Hackathon 2021 Challenge

Amaze us! Build something unique and wonderful with early access to our new Okta Identity Engine Limited GA release. Here’s how you can get involved. You’re invited to participate in the Okta Identity Early Access Hackathon, which is happening now! Our virtual hackathon began on August 3 and will run till September 14, 2021. You still have more than a month to take the new Okta Identity Engine (OIE) out for a spin and share...

Read more

Auth0 Joins Forces with Okta

Auth0 Joins Forces with Okta

Yesterday, Okta announced that we have finalized the acquisition of Auth0. You are probably looking at this blog post wondering what happens next for both companies. The post you are looking for, with a lot more details and information, is on the Auth0 blog. Please read it for more details and information, including ways to join us as we explore what the future holds. TL;DR: Over the next couple of weeks, the Okta and Auth0...

Read more

The Ultimate Guide to Password Hashing in Okta

The Ultimate Guide to Password Hashing in Okta

As more of our critical work and personal functions go online, the risk of data and security breaches continues to increase. In 2019, there were over 1400 data breaches reported that exposed nearly 165 million records, many of which included passwords and personal information. While security specialists bear much of the responsibility in ensuring their organizations are handling sensitive data properly, web developers at all levels must take part as well. By understanding fundamental concepts...

Read more

Use Okta like a Rockstar

Use Okta like a Rockstar

Rockstar chrome extension is a third-party, Non-Okta Application (as defined in Okta’s Master Subscription Agreement). Okta is not involved in making this chrome extension available, and we have neither oversight nor input into its security features and functionality. For questions regarding this, or any other, Non-Okta Application(s) your organization uses in connection with the Okta Service, please contact the application provider directly for more information. Rockstar is a Chrome extension that adds features to the...

Read more

Spring Boot and Okta in 2 Minutes

Spring Boot and Okta in 2 Minutes

The Okta CLI is a new tool we’ve created here at Okta. It’s designed to streamline the process of creating new Okta accounts, registering apps, and getting started. Wwwhhaaattt, you might say?! That’s right, it’s super awesome! To show you how much fun it is, I created a screencast that shows you how to use it. This video puts your settings in src/main/resources/application.properties. We’ve since changed the default behavior to use spring-dotenv. For those that...

Read more

Easy Session Sharing in Spring Boot with Spring Session and MySQL

Easy Session Sharing in Spring Boot with Spring Session and MySQL

Session management in multi-node applications presents multiple challenges. When the architecture includes a load balancer, client requests might be routed to different servers each time, and the HTTP session might be lost. In this tutorial, I’ll walk you through the configuration of session sharing in a multi-node Spring Boot application. Prerequisites: Java 8+ Docker Docker Compose Table of Contents Session Persistence Session Sharing with Spring Session Learn More about Spring Session and OAuth 2.0 Session...

Read more

Migrate User Passwords with Okta's Password Hook

Migrate User Passwords with Okta's Password Hook

Okta is an identity platform focused on making authentication easy to build with minimal code. Our goal at Okta is to build a solution so flexible and easy to use, that you’ll never have to build authentication again. And while Okta can provide a lot of new functionality to your application, including multi-factor authentication (MFA) based on contextual policies, self-service password resets, and federation to enterprise identity providers and social media accounts, we’ve found that...

Read more

Using Okta Advanced Server Access & Terraform to Automate Identity & Infrastructure as Code

Using Okta Advanced Server Access & Terraform to Automate Identity & Infrastructure as Code

Many Okta customers who leverage Advanced Server Access to secure and automate identity across their dynamic infrastructure fleets use HashiCorp Terraform to declare and provision resources across AWS, GCP, and Azure. One customer built their own Terraform Provider as a wrapper to the Advanced Server Access API, which we recently had certified by the team at HashiCorp. You can read more about the announcement on the Okta blog. In this example, we’re going to showcase...

Read more

Configure Okta Advanced Server Access (ASA) for GCP + Jenkins Service Account

Configure Okta Advanced Server Access (ASA) for GCP + Jenkins Service Account

In this tutorial, we’ll configure Okta Advanced Server Access (aka ‘ASA’) so our DevOps team can securely access Virtual Machines (aka ‘VMs’) on Google Cloud Platform (aka ‘GCP’). We’ll also configure a service account so our Jenkins instance can connect to other VMs to run remote commands. This tutorial highlights the steps you should complete to manually deploy those servers on GCP and enroll them in ASA. At the end of this tutorial, we’ll point...

Read more

Managing Multiple Okta Instances with Terraform Cloud

Managing Multiple Okta Instances with Terraform Cloud

Congratulations, you’ve chosen to use Okta to solve your identity problems. Welcome to the happy sunny utopia of a managed identity solution! But wait! How do you manage your environments? Your applications all have separate production, staging, and development environments. How do you manage that in Okta without writing a ton of custom scripts? In this post, you’ll learn how to manage multiple Okta instances using Terraform and our Okta Terraform Provider. I’ll walk you...

Read more

Okta Developer Office Hours Q&A - September 2019 Edition

Okta Developer Office Hours Q&A - September 2019 Edition

On September 19, 2019, we held our first Okta Developer office hours. Our goal was to host a live Q&A with developers that use Okta. Over 150 developers attended! We streamed the session live on YouTube, so you can watch it below if you like. We received around 60 questions during our live-stream and did not get a chance to answer them all. After close examination, we determined that many questions overlapped and ended up...

Read more

The Top 5 DevOps Automation Tools .NET Developers Should Know

The Top 5 DevOps Automation Tools .NET Developers Should Know

Not too long ago, deployments were done by hand - manually pushed to a physical server somewhere in a building your company owned. The software engineering world has come a long way since then, and we have more options than ever get our code and data live, automatically. Here are a few tools every C#/.NET developer should know that can help with that process, vetted by some of the best software leaders in the business....

Read more

Alexa, Sign In Every Time: Voice-Only Authentication Verification in .NET

Alexa, Sign In Every Time: Voice-Only Authentication Verification in .NET

Authentication for voice, specifically Amazon’s Alexa, has its limitations. The initial Account Linking process Amazon provides for identification works for many scenarios, but it is only done once (signing into the skill via the Alexa mobile app or website), and all subsequent sessions with the skill are linked - no log-in screen presented again. I’ve often been asked what the options are for verifying every time a user engages with an Alexa skill. For example;...

Read more

Angular 8 + Spring Boot 2.2: Build a CRUD App Today!

Angular 8 + Spring Boot 2.2: Build a CRUD App Today!

If you’ve been a Java developer for more than 15 years, you probably remember when there were a plethora of Java web frameworks. It started with Struts and WebWork. Then Tapestry, Wicket, and JSF came along and championed the idea of component-based frameworks. Spring MVC was released in 2004 (in the same month as Flex 1.0 and JSF 1.0) and became the de-facto standard in Java web frameworks over the next six years. Then along...

Read more

Use Firebase with Your ASP.NET MVC App

Use Firebase with Your ASP.NET MVC App

Working with databases hosted online has become easier over recent years. The emergence of Database as a Service (DaaS) specifically makes quick integrations much easier. It is important to keep application user data separate from personally identifiable information, especially in this day and age. When using a third party auth provider like Okta, user information like a name or email address can be stored by that provider directly in their system, benefitting from their oversight...

Read more

Tutorial: Build Universal Applications with Nuxt.js

Tutorial: Build Universal Applications with Nuxt.js

Reducing the time between a user clicking your application and the content being displayed is vital. Optimized images? Check! Minified CSS? Check! Minified JS? Check! But if your application is a single page app (or SPA) there is a large bundle of JavaScript that must reach the user before the site can be rendered. Universal applications address this problem by executing as much as possible on your server and sending only the finished page to...

Read more

User Account Linking in Alexa with ASP.NET Web API

User Account Linking in Alexa with ASP.NET Web API

REST APIs are often written for enterprise-level companies as a way of allowing a client-side application to access core business logic. For many companies, simply extending their existing API by adding an endpoint for Alexa integration is the best way to manage that flow. For this example, you will use an existing Web API project on ASP.NET 4.7 and demonstrate how to link existing users to the Alexa skill the first time they access it,...

Read more

Build a CRUD App with ASP.NET MVC and Entity Framework

Build a CRUD App with ASP.NET MVC and Entity Framework

Interested in building a secure ASP.NET MVC website that allows users to handle their own data with ease? Let’s walk through creating a basic application that allows the creation, reading, updating, and deletion of data (CRUD) with Entity Framework by your users while managing them easily with Okta. For a fun example, we will create a web application that lists upcoming rocket launches for space enthusiasts! You will have everything you need to get up...

Read more

Go for liftoff at Okta!

T-minus 3… 2… 1… I’m blasting my way into the Developer Relations world like Alice discovering Wonderland and its fantastic cast of characters. I am so curious, and excited, and all of the feels that come with coming to Okta! Officially stepping into the Developer Avocado (er… pardon me, Advocate) role and bringing the love of .NET, voice and IOT to the party. Who is this Lady Nerd? Well, for starters I am obsessed with...

Read more

Hey, Okta! Where's the Bacon?

I am so excited to announce I have joined Okta’s developer relations team as a Senior Developer Advocate! My focus is on all the JavaScripts: Node.js, Vue, React, and a bazillion other things! My Origin Story My first taste of programming was BASIC on the TRS-80. In the 90’s, I wrote a lot of DOS and Windows applications using Pascal and Visual Basic. Around 1998, I made the jump to building Web applications using “classic”...

Read more

Secure Your ASP.NET Web Forms Application with OpenID Connect and Okta

We talk a lot about ASP.NET Core on this blog, but the .NET ecosystem is much much more than just Core. Microsoft is still updating and supporting .NET Framework, and will continue to do so for the foreseeable future. The same is the case with Web Forms, which even got some new features recently. In this post, we’ll take a look at how to easily secure existing ASP.NET Web Forms with via an external provider...

Read more

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Build a Basic CRUD App with Angular 7.0 and Spring Boot 2.1

Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite projects. I’m here to help! Spring Boot and Angular are two of my favorite projects, so I figured I’d write y’all a guide to show you how to build and secure a basic app using their latest and greatest releases. In Spring Boot, the most significant change in 2.0 is its...

Read more

Create a Basic Android App without an IDE

Virtually every Android tutorial uses Android Studio to create and develop an app. This isn’t great for learning since you don’t see how things work, namely The components that make up an Android Studio project How builds are setup and configured What parts comprise the source Software development is about files and in this tutorial we’re going to go through every file in a basic Android project – first by examining what Android Studio outputs...

Read more

Build a Video Chat Service with JavaScript, WebRTC, and Okta

As recently as seven short years ago, building video applications on the web was a massive pain. Remember the days of using Flash and proprietary codecs (which often required licensing)? Yuck. In the last few years, video chat technology has dramatically improved and Flash is no longer required. Today, the video chat landscape is much simpler thanks to WebRTC: an open source project built and maintained by Google, Mozilla, Opera, and others. WebRTC allows you...

Read more

Add Auth to Your PWA with Okta and Stencil

Progressive Web Applications (PWAs) are the newest technology on the web dev block and they’ve arrived just in time to solve a growing problem. Many companies are struggling to keep isolated development teams across their organization up-to-date when new features are released. Some companies are even trying to decide if it’s worth the cost to develop both a web app and a mobile application. Not surprisingly, it’s a headache most companies are looking to avoid....

Read more

How to Expand Your UX to a New Audience

As your business grows, you’ll probably reach a point where you need to grow your audience as well. Not just acquire more customers in your target segment, but expand to more segments and new types of customers. How do you adapt your product to your new audience? How do you avoid a “least common denominator” solution that isn’t great for anyone? At Okta, we faced these questions when the Stormpath team joined the company last...

Read more

Build a React Native Application and Authenticate with OAuth 2.0

Build a React Native Application and Authenticate with OAuth 2.0

With Okta and OpenID Connect (OIDC) you can easily integrate authentication into a React Native application and never have to build it yourself again. OIDC allows you to authenticate directly against the Okta API, and this article shows you how to do just that in a React Native application. Today you’ll see how to log a user into your React Native application using an OIDC redirect via the AppAuth library. React Native is a pretty...

Read more

Build Your Own Invoicing Service with Node, Coinbase, Bitcoin, and Okta

I got into Bitcoin back in 2011. Since then, I’ve been a fan of cryptocurrencies and have always had an interest in them. I’ve also built several Bitcoin projects over the years (an information website, an ecommerce site, and several others) to help promote the usage of the cryptocurrency (while having some fun). The idea of being able to send and receive money almost instantly from anywhere in the world with no middleman is really...

Read more

Protect Your Cryptocurrency Wealth Tracking PWA with Okta

Cryptocurrencies are all the rage. Over the last year, the value of Bitcoin alone has risen 1,603%, driving more and more people to wonder if they’re missing out on the “next big thing.” Because of the massive influx of money into cryptocurrencies like Bitcoin, Ethereum, Monero, and Ripple — blockchain technology (which is the foundation of all cryptocurrency) has become an area of intense technical study. At its core, blockchain technology does nothing more than...

Read more

Bootiful Development with Spring Boot and React

React has been getting a lot of positive press in the last couple years, making it an appealing frontend option for Java developers! Once you learn how it works, it makes a lot of sense and can be fun to develop with. Not only that, but it’s wicked fast! If you’ve been following me, or if you’ve read this blog for a bit, you might remember my Bootiful Development with Spring Boot and Angular tutorial....

Read more

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Build a Basic CRUD App with Angular 5.0 and Spring Boot 2.0

Technology moves fast these days. It can be challenging to keep up with the latest trends as well as new releases of your favorite projects. I’m here to help! Spring Boot and Angular are two of my favorite projects, so I figured I’d write y’all a guide to show you how to build and secure a basic app using their latest and greatest releases. In Spring Boot, the most significant change in 2.0 is its...

Read more

The Okta Developer Console: All New, All You

× Heads up... this blog post is old! This blog post was written in 2017. It is out of date. Okta no longer provides a developer-centric admin console. Instead, all administrators use the same admin console for configuring Okta. Hello Okta Blogosphere! Another Stormpath transplant here! As you know, the Okta developer experience team has been working hard to make it easier for YOU to work hard… on integrating your applications with Okta. We recently...

Read more

Build a Secure Notes Application with Kotlin, TypeScript, and Okta

I love my job as a developer advocate at Okta. I get to learn a lot, write interesting blog posts and create example apps with cool technologies like Kotlin, TypeScript, Spring Boot, and Angular, which I’m about to demo. When it comes to writing Hello World apps with authentication, I can whip one out in a few minutes. That isn’t because I’m a particularly good programmer, it’s because the languages, frameworks, tools, and platforms available...

Read more

Build an Ionic App with User Authentication

With Okta and OpenID Connect (OIDC) you can easily integrate authentication into an Ionic application, and never have to build it yourself again. OIDC allows you to authenticate directly against the Okta API, and this article shows you how to do just that in an Ionic application. I’ll demo how to log in with OIDC redirect, using Okta’s Auth SDK as well as how to use OAuth with Cordova’s in-app browser; user registration is omitted...

Read more

What is Developer Relations at Okta?

Okta is investing heavily into making developers successful by creating great developer experiences through updated SDKs and integrations as well as new pricing and packaging. These updates are intended to give developers everything they need to build modern, secure applications. But equally important is how Okta speaks to developers. How we engage with the community and build our reputation with a wide range of developers. At the heart of that effort, is our Developer Relations...

Read more

What the Heck is OAuth?

There’s a lot of confusion around what OAuth actually is. Some people think OAuth is a login flow (like when you sign into an application with Google Login), and some people think of OAuth as a “security thing”, and don’t really know much more than that. I’m going to show you what OAuth is, explain how it works, and hopefully leave you with a sense of how and where OAuth can benefit your application. What...

Read more

Angular Authentication with OpenID Connect and Okta in 20 Minutes

Angular (formerly called Angular 2.0) is quickly becoming one of the most powerful ways to build a modern single-page app. A core strength is Angular’s focus on building reusable components, which help you decouple the various concerns in your application. Take authentication, for example: it can be painful to build, but once you wrap it in a component, the authentication logic can be reused throughout your application. The Angular CLI makes it easy to scaffold...

Read more

Build a React Application with User Authentication in 15 Minutes

React has quickly become one of the most favored front-end web frameworks, and is second only to plain old HTML5, according to JAXenter. So it’s no surprise that developers are learning it, and employers are asking for it. In this tutorial, you’ll start with a very simple React app with a couple of pages and some routing built in, and add authentication using Okta’s Sign-In Widget. The Sign-In Widget is an embeddable Javascript widget that...

Read more

Build an Angular App with Okta's Sign-In Widget in 15 Minutes

AngularJS reigned as king of JavaScript MVC frameworks for several years. However, when the Angular team announced they would not provide backwards compatibility for their next version, there was a bit of a stir in its community, giving opportunities for frameworks like React and Vue.js to flourish. Fast forward a few years and both Angular 2 and Angular 4 have been released. Many developers are trying its TypeScript and finding the experience a pleasant one....

Read more

Get Started with Spring Boot, OAuth 2.0, and Okta

If you’re building a Spring Boot application, you’ll eventually need to add user authentication. You can do this with OAuth 2.0 (henceforth: OAuth). OAuth is a standard that applications can use to provide client applications with “secure delegated access”. It works over HTTP and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. Very simply, OAuth is a protocol that supports authorization workflows. It gives you a way to ensure that a...

Read more