Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
In the previous post in this series, we discussed token-based security, OAuth, and OIDC. We also configured IdentityServer4 with some configurations.
In this post, we will continue configuring IdentityServer4 and will also learn some of the client/server communication following OIDC flows.
Security is one of those things you shouldn't play around with yourself, unless you know what you're doing. This is the reason products such as Identity Server has gained such momentum and popularity. However, Identity Server is extremely difficult to configure correctly, and OIDC is also arguably a "hack" on top of OAuth2. JWT on the other hand, is dead simple to understand, and was created explicitly to authenticate and authorise users, contrary to OAuth that was originally created for an entirely different purpose. Hence, JWT is just as secure as OpenID Connect, only a gazillion times easier to understand and implement.
In the following video I demonstrate how to create your own JWT server using Magic in 1 second. Notice, Magic is a commercial product, and you need to pay a small fee to use it in a production environment - But compared to the number of hours you'd have to spend rolling your own Enterprise Single Sign On solution using JWT, I'm confident in that the license costs are small in comparison.
Developers know OAuth 2.0 and OpenID Connect (OIDC) are powerful tools for adding authentication and authorization to modern web apps.
Now you can make these standards do even more for you with Okta’s new inline hooks. This post will show you how to use inline hooks to path information into the tokens you get back from Okta through OIDC and OAuth.
If you’re confused by how OAuth 2.0 and OpenID Connect (OIDC) work together, please see What the Heck is OAuth? In short, OIDC is a thin layer on top of OAuth 2.0 that adds identity.
The Java world has been very busy lately, especially with all the major Java versions releasing every six months. This honestly can be a lot to keep up with. I was using Java 8 until I was introduced to Spring Boot 2.1.
Hi, Spring fans! This week, I’m excited to welcome Sree Tummidi, a senior product manager working at the intersection of application security and platform at Pivotal. We talked about security, Spring Security, cloud platforms, OAuth, OIDC and OIDC Connect, SAML, and, of course, the Cloud Foundry UAA, and tons more.
Twitter: @sreetummidi
UAA