oidc | The Blog Pros

May 10, 2022

Securely Authenticate to Google Cloud From GitHub

Recently, I designed a simple metrics-tracking system. A Python script queries different providers' APIs for metrics, e.g., Twitter, GitHub, etc. The idea is to run this script each day, store them in Google BigQuery, and provide an excellent data visualization in Google Data Studio. I'm a big fan of automation, so I'm using GitHub Actions.

Accessing Google Cloud With a Service Account

I query the different APIs with different Python libraries. All of them allow authenticating by passing a parameter. In general, it's a token. One can store the value in a GitHub secret, get it as an environment variable in the GitHub Action and use it in the code.

October 22, 2021

Token Based Security: Angular Applications, Part 3

Introduction

In the previous post of this series, we configured our Angular application as a client of IdnentityServer and completed the login/logout process.

However even though the user was logged in, the REST API calls were still not authorized:

October 8, 2021

Spring Cloud Gateway : Resource Server With Keycloak RBAC

In this article, we will be exploring how we can integrate a resource server with an API gateway that is integrated with Keycloak and that enables role-based access control (RBAC).

Introduction

In my previous article “Spring Cloud Gateway Keycloak OAuth2 OIDC Integration,” I have shown how we can integrate Keycloak with Spring Cloud Gateway. Now in this article, we will extend this further to integrate a resource server, such that a client (e.g browser) can access a resource only when he has the correct role to access the resource on the server. This is a continuation of the aforementioned article, so I recommend reading it.

September 30, 2021

Token-Based Security Part 6: Setting Up Identity-Server UI

Introduction

We have been discussing different parts of various Authentication/Authorization requirement scenarios. We also covered some theory and saw some demo code regarding OAUTH, OIDC, Identity Server, etc.

In the previous post, we learned how to configure IdentityServer, AllowedScope of a client application, and how to make a PasswordTokenRequest for the scopes to UserInfo Endpoint.

September 7, 2021

TokenBased Security, OAUTH, OIDC, IdentityServer – Part 4

Introduction

In the previous post of this series, we set up IdentityServer with some test users and client configurations. We then used the postman tool to get the access token with couple of different flows.

In this post, we will move forward and add a resource API to our solution. This will be simple .NET Core WebAPI application. This API will contains endpoints which different client applications will call. We will protect this API using IdentityServer.

September 1, 2021

Token-Based Security, OAuth, OIDC and IdentityServer4 – Part 3

Introduction

In the previous post in this series, we discussed token-based security, OAuth, and OIDC. We also configured IdentityServer4 with some configurations.

In this post, we will continue configuring IdentityServer4 and will also learn some of the client/server communication following OIDC flows.

August 18, 2021

OAuth 2.0 and OIDC Fundamentals for Authentication and Authorization

OAuth 2.0 is an industry standard for “delegated authorization” which is the ability to provide an application or client access to data or features offered by another app or service. OAuth 2.0 focuses on authorization and is not prescriptive about authentication. OpenID Connect (OIDC) adds a standards-based authentication layer on top of OAuth 2.0.

In this post, we will cover the fundamentals of OAuth 2.0 and OIDC for authentication and authorization. I will discuss two common flows, namely the Implicit Flow and the Authorization Code Flow.

April 3, 2020

Boost OAuth 2.0 and OpenID Connect Using Hooks

Developers know OAuth 2.0 and OpenID Connect (OIDC) are powerful tools for adding authentication and authorization to modern web apps.

Now you can make these standards do even more for you with Okta’s new inline hooks. This post will show you how to use inline hooks to path information into the tokens you get back from Okta through OIDC and OAuth.

March 25, 2020

Implementing MuleSoft as an OAuth Provider for Securing a Mule Application

Introduction

The OAuth2 Provider module allows a Mule runtime engine (Mule) app to be configured as an Authentication Manager in an OAuth2 dance. With this role, the application will be able to authenticate previously registered clients, grant tokens, validate tokens, or register and delete clients, all during the execution of a flow.

MuleSoft supports various third-party OAuth 2.0 providers, as listed below:

January 13, 2020

Add a Login Feature to a React Native Application

React Native is an open-source mobile application framework for developing native Android and iOS apps. React components translate to native platform components, as opposed to using JavaScript/HTML and a web view. making React Native is ready to use in your current iOS and Android apps.

In this tutorial, I’ll show you how to use React Native with Okta to implement a login feature in an app within ten minutes. For authorization, we’ll use OAuth 2.0, and for authentication, we’ll use OpenID Connect. Authentication allows us to verify who the user is, and authorization gives the user access to what they’re allowed to do. Okta makes authentication implementation super easy and even more so with React Native and Okta’s React Native SDK.

January 13, 2020

Build a Simple Netty Application With and Without Spring

As an asynchronous, non-blocking input/output (NIO) framework, Netty is used for the rapid development of maintaining highly scalable protocol servers and clients. Building low-level network servers and clients is relatively straightforward with Netty. Developers can work on the socket level (e.g. creating original communication protocols between clients and servers).

Blocking and non-blocking unified APIs, amenable threading model, and SSL/TLS are all supported by Netty. All requests run asynchronously on an individual thread with a non-blocking server. (The event loop shouldn’t be blocked by the function.) This contradicts operations performed in a blocking server model, which usually uses a separate thread to run each request. Without the need for switching or creating threads when the load increases, the non-blocking model decreases overhead and allows for faster development as traffic expands.

December 18, 2019December 24, 2019

Authorization Approach for Multiple Web API Providers

Azure Active Directory (Azure AD) is a popular enterprise identity service used by many organizations for enabling single sign-on for applications and protect their web APIs.

Version 2.0 of Microsoft Identity platform (aka Azure AD) is the latest and improved implementation of OpenId Connect (OIDC) based authentication and OAuth 2.0 authorization flows.

December 16, 2019

Implement OAuth 2.0 Easily with Spring Boot and Spring Security

In this tutorial, you’ll migrate Spring Boot with OAuth 2.0 support from version 1.5.x to 2.1.x. Spring Boot 2.1.x promotes OpenID Connect to a first-class citizen in the stack, making implementation more accessible than ever. We’ll start with integrating Okta’s OAuth service using Spring Boot 1.5.19 and Spring Security 4.2.x and then replicate the same motion using Spring Boot 2.1.3 and Spring Security 5.1. To make the process even simpler, we’ll minimize the code and configuration even further with Okta’s Spring Boot Starter with Spring Boot 2.1.3.

Three Minute Overview of OpenID Connect and OAuth 2.0

In the beginning, there were siloed web sites that didn’t talk to each other, and it was sad.

October 18, 2019October 21, 2019

Secure and Deploy Your Spring Boot App With AWS Elastic Beanstalk

Authentication and good user experience are crucial for all applications. Developers and companies need a quick way to verify and validate the requesters, without sacrificing the user experience. Seem like a lot of work, right? Luckily, we have tools like Spring Boot with Spring Security that allows developers to incorporate authentication within apps effectively.

In this post, we’ll use Spring Boot with OAuth 2.0 to build a “Hello World” app and deploy it through AWS Elastic Beanstalk. We’ll also use Okta as the OAuth provider.

October 16, 2019

Integrate SSO With Spring Boot and OAuth 2.0

Integrate SSO with Spring Boot and OAuth 2.0.

Single sign-on (SSO) is the standard nowadays, regardless of industry or company size. It might be strange to think that SSO used to only be available to enterprise companies that could afford it.

Today, with service providers like Okta and enabling technologies such as OpenID Connect (OIDC) and OAuth 2.0, developers can easily integrate SSO into their websites and apps

September 30, 2019

Monitor Your App’s Health With Spring Boot Actuator

Vegetables won't keep your app healthy.

Ever wanted to see the precise HTTP traffic going through your Spring Boot API? With the Spring Boot Actuator and some code, you can! Spring Boot Actuator manages and monitors the health of your app using HTTP endpoints. It also allows you to see everything that’s happening in the background of an OpenID Connect (OIDC) flow.

September 20, 2019

How to Use Ionic 4 for JHipster 6 to Build a Mobile App

Developers were using JHipster for designing mobile apps before 'hipster' was even, like, a thing

For all those who know me, you know how much I love Java, Spring Boot, JHipster, and Ionic.

JHipster is the best thing ever. It’s a popular, fully open-source app generator and platform where you can quickly build Java apps with JavaScript front-ends.

April 19, 2019

Use Java EE and OpenID Connect to Secure Your Java API

In the early 2000s, Java developers used servlets and EJBs to develop their server applications. Hibernate and Spring came along in 2002 and 2004. Both technologies had a huge impact on Java developers everywhere, showing them it was possible to write distributed, robust applications without EJBs.

Fast forward to 2018, and Java EE certainly doesn’t look like it used to! Now, it’s mostly POJOs and annotations and far simpler to use.