Posts by Randall Degges

Build An API Service in Node.js with Stormpath, Twilio and Stripe

Update 2/29/16: These code examples have been updated to reflect the 3.0 release of the express-stormpath integration. Building a full-fledged API service isn’t as hard as you may think. By taking advantage of some really useful API services and open source libraries, you can rapidly develop an API service in an incredibly short amount of …

OAuth is not Single Sign-On

Heads up… this article is old! For an updated version of this article, see What the Heck is OAuth? on the Okta developer blog. Update 5/12/2016: Building a token authentication with OAuth? JJWT is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever free and open-source (Apache License, Version …

Easy Unified Identity

Unified Identity is the holy grail of website authentication. Allowing your users to log into your website through any mechanism they want, while always having the same account details, provides a really smooth and convenient user experience. Unfortunately, unified identity can be tricky to implement properly! How many times have you logged into a website …

What the Heck is OAuth?

Heads up… this article is old! For an updated version of this article, see What the Heck is OAuth? on the Okta developer blog. Stormpath spends a lot of time building authentication services and libraries, we’re frequently asked by developers (new and experienced alike): “What the heck is OAuth?”. There’s a lot of confusion around …

Why HTTP is Sometimes Better than HTTPS

UPDATED April 2, 2015: This was an April Fools Joke. Read. Laugh. Learn. If you’re building web services, you should most definitely be using HTTPS. As a security company, we frequently get questions here at Stormpath from developers regarding security best practices. One of the most common questions we get is: Should I run my …

The Ultimate Guide to Mobile API Security

Heads up… this post is old! For updated (and expanded) information, check out our API Security ebook on the Okta developer site. Update 10/23/2016: Interested in securing Android and iOS apps? Be sure to check out our guide to Securing Android Applications as well as our guide to Securing iOS Applications. And… If you want to …

How to Manage API Authentication Lifecycle on Mobile Devices

If you didn’t catch it, in the last article I explained how to know to build and deploy a real mobile app that uses OAuth2 authentication for your private API service. In this article, I’m going to cover a tightly related topic: how to properly manage your OAuth2 API token lifecycle. Because things like token …

Updates to Stormpath Python Support

At Stormpath, we really love our Python users. Over the past year we’ve made: 19 new Python library releases. A brand new Flask library, and pushed over 18 separate releases there. A totally revamped Django library, along with 6 subsequent releases. In short, we’ve been working hard to not only improve our Python user experience, but …

Automatically Populate Intercom with User Data

We work with a lot of Startups SaaS companies, and they consistently run into a few challenges when it comes to managing their growing customer base: Its hard to know who your users are Its not always clear how they interact with your product For them to get the most value and have the best …

Making Python Authentication Fast

You know what’s really lame? Slow websites. Unfortunately, certain parts of the authentication process are supposed to be slow. This may seem counterintuitive, but slowness in the authentication process is a big part of being secure. This article talks about how authentication works in Python (not just hashing), and how you can make your site …