Identity management for mobile and web applications poses a major challenge for companies looking for scalability, availability, and security in their system. The problem is that it’s extremely expensive and time consuming to build and manage this system yourself.

With Spring Boot and Spring Security, you can integrate identity management with Stormpath in as little as 4 files. This screencast gets you up to speed with Stormpath’s identity management features, the benefits of using Stormpath at the code level, and how to get started with Spring Boot.

Read more »

Exciting things are happening in .NET Land! The Stormpath .NET SDK is quickly marching towards a full, feature-rich ASP.NET integration. Big thanks to all the folks who have reached out over email and on Github to let us know what features you are looking for in this library!

In this release, we’ve fixed some bugs and added two crucial pieces: ID Site for single sign-on support and a client-side caching layer. As usual, there are a few other goodies thrown in too!

Read more »

Stormpath HTTP Cookies

As we planned our burn-down to the holidays, our head of Marketing made some pretty big commitments to our growth plan. But what is a good growth plan without some technical fussery? So, here’s what I came up with as a response:

All new API calls to Stormpath Thanksgiving week will result in a shipment of free, freshly home-baked cookies to the holder of the Stormpath tenant!

So, In the spirit of the holidays and web developers everywhere, we’ve decided to put cookies at the center of your Thanksgiving week. I’ll cover how to use http cookies securely in your web application, and if you try out the Stormpath API for the first time this week, you’ll get some free Stormpath cookies, straight from Claire’s kitchen. Woot!

Read more »

When building full-stack JavaScript applications, it’s all too easy to defer the user authentication until some later date. With the power of frameworks like Angular.js and Express.js, you can “just get going” with your core application functionality, without really needing to invest effort in figuring out the “user login part”.

But if you’ve worked this way, you’ve likely discovered that adding in user authentication can be a real pain once your development picks up and the deadline suddenly turns into tomorrow :)

In this post, I’ll show you how we can include user authentication up front, as part of your boilerplate. We’ll be using Stormpath as our authentication service, and you’ll be up and running in 15 minutes – *promise*.

Read more »

Stormpath PHP

A little over 3 years ago, Stormpath introduced PHP support for User Management and the response from the PHP community has been overwhelming and so supportive. Thank you! Since then, we have been working very hard on the PHP SDK to make it your go-to service for User Identity.

Today, we are happy announce that a stable version of the PHP SDK is being released to General Availability. Begone Beta Tag!

This release includes many changes: we removed the dependency on PEAR and now support installation using Packagist. Composer and Packagist gives us nice autoloader options, both of which uses the PHP Standards Recommendations (PSR). The PHP SDK has been updated to use PSR-4 autoloading from the deprecated PSR-0.

Read more »

As a .NET developer, I’ve spent most of my time coding on Windows machines. It’s only logical: Visual Studio is the richest development experience for building C# and VB.NET applications, and it only runs on Windows…right?

When I joined Stormpath to work on our open-source .NET authentication library, I was handed a MacBook Pro and given an interesting challenge: can a Mac be an awesome .NET development platform?

To my surprise, the answer is yes! I’ll share how I turned a MacBook Pro into the ultimate Visual Studio development machine.

Read more »

When you research web application security you will come across Cross-Site Request Forgery (CSRF). This attack vector is taking advantage of cookies, but in a preventable way. In this post we’ll discuss what the attack is and how it can be prevented. We’ll also discuss Angular’s XSRF feature, which helps you prevent attack. It requires cooperation from your server, and we’ll explain what you need to do.

Note: Angular uses the acronym XSRF, but this is synonymous with CSRF.

What is Cross-Site Request Forgery (CSRF)?

Read more »

UPDATE: We recently released a revision to our Stormpath Spring Security integration. You no longer have to inherit from a special Stormpath security configurer adapter. Instead, you apply a Stormpath DSL (domain specific language). Look below to see how easy this is.

Here at Stormpath, we Spring Boot. It makes it so easy and fun to build rich Java webapps.

We’re very excited for our latest Java SDK release which includes a major overhaul to our Spring Security and Spring Boot support.

If you’ve built a web app before, you know that all the “user stuff” is a royal pain. Stormpath gives developers all that “user stuff” out-of-the-box so you can get on with what you really care about – your app! By the time you’re done with this tutorial ( < 15 minutes, I promise), you’ll have a fully-working Spring Boot webapp that protects user access to restricted paths with Spring Security and is backed by Stormpath.

We’ll focus on our Spring Boot integration to roll out a simple Spring Boot web application, with a complete user registration and login system, with these features:

  • Login and Registration pages
  • Password reset workflows
  • Restricting access according to Group membership
  • The ability to easily enable other Stormpath features in our Java library (API authentication, SSO, social login, and more)
Read more »


Building command line programs has been a long time passion of mine. There’s something magical about making a simple, intuitive, and composable CLI. There’s also nothing more beautiful than chaining together a series of CLI programs to solve a complex problem quickly.

Here at Stormpath, we’ve built our entire product CLI in Python to create / manage / edit users for your applications, and have been really happy with the result.

Most of this is thanks to the wonderful docopt library, which provides automatic CLI argument parsing and makes building complicated CLIs incredibly simple. And the best part? It works across more than 20 different programming languages! This means that even if you’re building a new CLI app in Go, Rust, or something in between, chances are you can use docopt, too!

If you want to know how to structure your next CLI-based app to minimize complexity and maximize awesomeness, keep reading. Read more »

I am sure every PHP developer has struggled with storing user information on a server to identify the source of a request. Since HTTP is a stateless system, this has been the only way to tell who a user is. Until now! We’ve built Token Authentication directly into the PHP SDK for your applications.

Token based authentication in the PHP SDK removes the need to store information on the server, and allows you to keep tokens secure on the Client. Using Stormpath to generate and verify these tokens for you, access to your web application can be restricted at any time by removing a token from an account.

Read more »