At Stormpath, we want to make it as easy as possible to create your application. Our Laravel Integration is no exception.

Events give developers an important tool to hook into different parts of a package to run your own business logic. Events can dramatically simplify application development, particularly when adding user functionality to a webapp.

A recent update to the Stormpath Laravel integration adds events fired by the built-in Laravel event system which your Laravel app can listen for and handle however you like, and use them to hook into user features like registration, login, logout, and more.

Let’s dive in to see how it works!

Read more »

edward jiang

Hi! I’m Edward, and it’s with great pleasure that I’d like to announce that I’m joining the Stormpath team as a Developer Evangelist for iOS!

I’ve always been excited by technology and its potential to change the world. I spent my summers reading about the exponential growth of computing power, how it opened up entirely new markets for computing, and the entrepreneurs that made it happen. At that time, companies like Microsoft and Dell enabled ordinary individuals to access the power of computing, revolutionizing how we access information and communicate with each other.

When growing up, I’d run outside to check the mailbox, and return home with a handful of AOL CDs. To my young self those CDs represented the wonder of technology. While books and VHS tapes were big, bulky, and expensive to store and distribute, mailing CDs seemed like a much better distribution model.

As technology improved, downloads eliminated the CD, web apps eliminated the install process, and mobile apps enabled rich, personal experiences for everyone.

Read more »

Building forms has never really been any fun. But with the new custom forms feature that we’ve added to the Stormpath React SDK, it suddenly is. This custom forms functionality means you’ll have the ability to plug in your own markup to the forms for user login, registration and reset password without having to think about any of the logic behind them.

React developers can now simply style the form quickly, and Stormpath will take care of all the rest.

Read more »

Multi-tenant data management is core to the success of any Software as a Service application. With multi-tenancy, SaaS vendors can provide one version of their product to multiple customers instead of building a unique codebase for each one. However, giving your customer organizations a private partition of your SaaS application can be incredibly complicated to build and maintain.

Fortunately, Stormpath was designed for user management in SaaS applications. In this post, we’ll go over how to build secure customer partitions with Stormpath’s multi-tenant architecture out-of-the-box.

Simplified Multi-Tenant User Storage

Stormpath is a separate user system that allows you to connect multiple applications with a shared user base. This makes it really powerful for SaaS Applications, which is what Stormpath was designed for. Not only can you support multiple Customer Organizations within your data store, you can connect multiple applications. If you’re serving your customer a suite of products and services, you can handle their authentication seamlessly between those services, and partition their user data so that they are secure and separate from each other.

Read more »

Storing passwords securely is an ever-changing game. For the past few years (2013 –> 2015), Jean-Philippe Aumasson has been running a world-renowned Password Hashing Competition in which security researchers submit, validate, and vet the best password hashing algorithms.

Just recently, the competition wrapped up, naming Argon2 king of the hashing algorithms.

This is good news for any web developer out there: you can now use the Argon2 algorithm to more securely store your user’s passwords!

Today I’m going to show you how you can easily hash your user’s passwords using the Argon2 algorithm, and introduce you to some best practices.

Read more »

SAML PHP

Rolling out your own SAML integrations has always been hard. It’s a complex implementation that’s difficult to build securely and efficiently whether you’ve built it before or not. Here at Stormpath, we’ve rolled out a simple solution to enable SAML in your applications without custom code!

With only a few steps, you can integrate SAML into your PHP project. No matter which identity provider you are using, the code will remain the same. We can even help you with a no-code SAML experience with our ID Site integration. In this tutorial, we’ll walk you through how to enable SAML support for easy setup and usage of your favorite SAML provider with the Stormpath PHP SDK.

Read more »

Like many other mobile app developers, I was really sad to hear that Parse is shutting down. I use Parse quite heavily for some of my personal projects, and I appreciate how Parse enables mobile-first teams to build apps at lightning speed. They also did a phenomenal job at sunsetting their product.

As developers look to migrate off Parse to their own infrastructure, we’ve started to field some questions about how Stormpath is different to Parse, and how developers can leverage Stormpath in their apps.

Many developers see Parse as a useful way to prototype and ship an app quickly, but plan to migrate to their own backend as they gain traction. Parse starts to work against you as you scale. Because of the Parse shutdown, it’s time to evaluate if you should deploy a copy of Parse Server, evaluate another Backend as a Service (BaaS) provider, or migrate your backend off Parse.

Read more »

Here at Stormpath, we give developers easy access to user management features – including authentication, authorization, and password reset – via our REST API and language-specific SDKs. Our team of experts began with already-significant knowledge about REST+JSON API design. In the process of building the REST API, they learned even more. Our CTO, Les Hazelwood, gave a well-received presentation to a group of Java developers on REST+JSON API design best practices, which you can watch here:

We’ve also written posts on how best to secure your REST API, as well as linking and resource expansion in REST APIs. This post will give a high level summary of the key points that Les touches on in his talk – specifically the fundamentals of good REST+JSON API design.

Read more »

If you’re a developer who, like myself, loves Microservices for their flexibility and scalability then you’ve probably run into this challenge:

How can you easily scale your application while maintaining the security and efficiency of service-to-service communications?

Microservices consist of many independent processes communicating with each other over an API. The keyword there is many. All of these processes need to exchange information to perform complex tasks, and each communication exposes your application to vulnerabilities and latency.

In this post, I’m going to show you how to secure service-to-service communications using OAuth and JWTs. We’ll use a Spring Boot app consisting of two Stormpath-backed services. In this example, you authenticate to the first service, which calls the second service to get a response.

Then, we’ll speed things up by reducing the number of calls over the wire with a distributed cache. Caching FTW!

Read more »

Designing multi-tenant applications can be tricky. The previous sentence may have been an understatement.

The ability to quickly spin up a new instance of your application is a powerful business case, but getting there involves serious engineering. Partitioning user data (and making sure it stays partitioned) is critical. A common use case involves treating a subdomain of your application URL as a tenant identifier (the acme in acme.yourapplication.com). Incoming requests are then examined and connected to the correct data source based on the subdomain.

Designing for multi-tenancy involves modeling your data stores from the start with multiple tenants in mind. Data security should also be a major consideration. Anyone else have a headache yet?

Have no fear! Alongside support for token-based authentication, the latest release of our .NET SDK also includes full support for the Organization resource, which can make developing multi-tenant applications a lot simpler.

Read more »