Stormpath has recently worked on token authentication features using JSON Web Tokens (JWT), and we have had many conversations about the security of these tokens and where to store them.
If you are curious about your options, this post is for you. We will cover the basics of JSON Web Tokens (JWT), cookies, HTML5 web storage (localStorage/sessionStorage), and basic information about cross-site scripting (XSS) and cross site request forgery (CSRF).
Let’s get started…
JSON Web Tokens (JWT): A Crash Course
The most implemented solutions for API authentication and authorization are the OAuth 2.0 and JWT specifications, which are fairly dense. Cliff’s Notes Time! Here’s what you need to know:Read more »
One of the biggest development trends over the last few years is a move towards architectures based on API services. While it’s increasingly common for new applications to start fresh with a services-friendly framework and functionality offloaded to API services, it’s much less common to rebuild traditional applications in a service-oriented architecture. It’s harder, there’s much more risk, as well as legacy mayhem to contend with. We applaud people who do it, and particularly the audacious people who do it for the love of Java development.Read more »
At Stormpath, we really love our Python users. Over the past year we’ve made:
- 19 new Python library releases.
- A brand new Flask library, and pushed over 18 separate releases there.
- A totally revamped Django library, along with 6 subsequent releases.
In short, we’ve been working hard to not only improve our Python user experience, but also improve the overall quality and feel of our libraries and integrations.
Many the suggestions for improvements and bug fixes – as well as solutions – come from our community.Read more »
A true Renaissance man, Pedro Baumann wears a number of professional hats: Web Developer, Linux SysAdmin, practicing Psychotherapist. But in his free time, the full stack developer plays in Flask.
“As a Flask developer, I’m always testing new technologies,” Pedro explained. “When I found out about Stormpath, I thought it was a great idea. In my personal projects, I had used OpenID login services, Facebook services, and sometimes built the user:passwords database myself, but I did not like it! I am not a security expert, nor a database guru, so Stormpath is the solution to offering a reliable user management system to our customers.“
Pedro tested Stormpath for a webapp to manage patients in his practice, and was impressed with the results. “I even skipped using a database at all and just added all the info I needed to the customData functionality Stormpath offers,” he said.Read more »
Every company needs engaged employees who live the brand. These true believers are more satisfied and productive, drive great customer experiences, and help reduce employee stress and turnover. In other words, they directly impact the bottom line.
Brand Integrity is an engagement company who is disrupting business as usual with the new rules of engagement. With their sustainable solutions, they are helping their clients in various industries to synchronize their brand’s values, culture, and reputation to create a reputable and compelling brand that employees, customers, partners, and the market understand and trust.
That boost starts with an advanced web application platform, backed by Stormpath’s API for authentication and User management.
Read more »
If you want to have a successful technology startup, you need more than just a great company culture, you specifically need a great engineering culture. A great culture gives you a tremendous advantage in recruiting top people, retaining those people, and subtly guiding their behavior to drive the business.
Contrary to the hype, culture is not about ping pong tables, softball leagues, and free lunches. Instead, culture is the set of implicit rules, guidelines, and values that a group of people guide themselves by. It’s the peer pressure that shapes behavior in powerful ways. And simply putting a bunch of core values on a wall somewhere isn’t enough. Culture is a living thing that requires ongoing care and feeding.
And while every culture should be different based on the team’s strategy, for engineering there are some common elements found in the very best teams.Read more »
If you’re confused about token-based authentication: this post is for you. We will cover access tokens, how they differ from session cookies, and why they make sense for single page applications (SPAs). This article is primarily written for those with an SPA backed by a REST API.
We’ll pay special attention to best practices for handling JWTs and security: successful token authentication system requires you to know the security details and possible tradeoffs.
Thankfully, we’ve wrapped up all the best-practice decisions into some libraries you can use: Stormpath Angularjs SDK to solve your Angularjs authentication challenges, and it’s back-end pair, the Stormpath Express SDK.Read more »
We work with a lot of Startups SaaS companies, and they consistently run into a few challenges when it comes to managing their growing customer base:
- Its hard to know who your users are
- Its not always clear how they interact with your product
- For them to get the most value and have the best experience, they need meaningful communication from your company.
There are no two tools better suited to manage the overall experience of your customers than Stormpath and Intercom. A mutual customer recently brought us a challenge – can we make it easy for Stormpath to integrate to Intercom?
Our new syncing tool, stormpath-intercom makes it incredibly easy to integrate both into any Node.js or Express app. The integration will automatically populate your Intercom setup with user data from Stormpath.Read more »
We just released a major upgrade of our Java SDK, which now includes Java Webapp (Servlet 3.0+) support with a ton of user automation. Just drop our Servlet plugin into your Java web application and boom – instant user management with little to no coding required.
This post is a quick tutorial to show you just how quickly you can build a Java web app with a complete set authentication and user management features and user interfaces.Read more »
Trialfire’s new visual editor for marketing analytics allows anyone to “pin” parts of a web page, such as a signup button, and send the event data automatically to multiple marketing/analytics systems: Google Analytics, Mixpanel, Kissmetrics, and more.
“You don’t have to be technical. You just connect your site and place your pins,” explains Max Kremer, Co-founder of Trialfire. Trialfire takes development out of the equation when it comes to setting up detailed click-tracking or analytics. “You can just click through your site and magically track whatever you want.”
Read more »