Posted on

Secure Communication with Token-based RSocket

RSocket provides a message-driven communication mechanism, by using the reactive streaming framework, and supports most of the protocols (TCP/WebSocket/HTTP 1.1&HTTP 2). Furthermore, it’s program language-agnostic interaction models (REQUEST_RESPONSE/REQUEST_FNF/REQUEST_STREAM/REQUEST_CHANNEL) cover most communication scenarios, from the Microservices, API Gateway, and Sidecar Proxy, to the Message Queue.

Considering security for the communication, it's easy to use TLS-based and Token-based solution in RSocket-based productions. RSocket can reuse the TLS over the TCP or WebSocket directly, but to demonstrate the RBAC feature vividly, in this article, we only talk about the token-based implementation.

Posted on

What Is a JWT Token?

A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret or a public/private key pair.

What Is the JSON Web Token Structure?

  • Header
  • Payload
  • Signature

Header

The header typically consists of two parts: the type of token, which is JWT, and the hashing algorithm that is used, such as HMAC SHA256 or RSA.

Posted on

Using RingCentral API in Google Apps Script

RingCentral
RingCentral

Google Apps Script is provided by Google to help developers to create and publish g-suit add-ons easily, and RingCentral provides cloud communication services such as SMS, Call, and Fax.

In this article, we show how to authorize and call the RingCentral API in Google Apps Script so we can easily integrate RingCentral service with Google Sheets, Docs, Slides, and Forms.

Posted on

All You Need to Know About User Session Security

What follows is a two-part series on session management  —  inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different session management practices, identify issues, and converge on a solution to these issues. Through it all, I hope to leave you with clarity on deciding how to manage user sessions (and auth tokens) for your application. In 20 minutes, we summarize all the important information it took us hundreds of hours to obtain and document.

This article will introduce session management, analyze commonly use session flaws, and demonstrate best practices. Part two will take a look at a new open-source flow that is secure and easy to integrate into existing systems. 

Posted on

Build a Simple Spring Boot App With Spring Data JPA and Postgres

Just about every application needs a way to save and update data, typically a resource server that is accessible via HTTP. Generally, this data must be secured. Within the Java ecosystem, Spring makes building secure resource servers for your data simple. When coupled with Okta for secure user management, you get professionally maintained OAuth 2.0 and JWT technologies easily integrated into Spring Boot via Spring Security.

In this tutorial, you’re going to build a resource server using Spring Boot and Spring Data JPA. On top of that, you’re going to implement a group-based authentication and authorization layer using OAuth 2.0.