Posts by Robert Damphousse

The Support-Driven Startup

As a developer-focused product, many of our conversations with users start in our support channel, where anyone using Stormpath — whether or not they pay us — can ask questions about our API, or get help with an integration. For free. However, developer support is more than that. As a startup building a new market, …

Express-Stormpath 3.0 Release Announcement

Hello fellow Stormpath developers! Today I’m officially announcing the latest 3.0 release of our Express-Stormpath library, and I’m very excited about this one! Our Express.js integration has been a labor of love for everyone on the JavaScript team. We first launched this library in June of 2014, almost two years ago! In that time we’ve learned what you want …

JWT Authentication with AngularJS – Video and Tutorial

Lately I’ve been on the road, giving talks about web application security. JSON Web Tokens (JWTs) are the new hotness, and I’ve been trying to demystify them and explain how they can be used securely. In the latest iteration of this talk, I give some love to Angular and explain how I’ve solved authentication issues …

A Simple Web App With Node.js, Express, Bootstrap & Stormpath

Heads up… this article is old! For an updated version of this article, see Tutorial: Build a Basic CRUD App with Node.js on the Okta developer blog. Update Building for mobile not web? Check out our latest tutorial Build a REST API for Your Mobile Apps Using Node.js. Also, these code examples have been updated …

Recipe: The Best Darn HTTP Cookies

As we planned our burn-down to the holidays, our head of Marketing made some pretty big commitments to our growth plan. But what is a good growth plan without some technical fussery? So, here’s what I came up with as a response: All new API calls to Stormpath Thanksgiving week will result in a shipment …

Build a Fullstack Application with Angular.js, Express.js, and User Management in 15 minutes with Stormpath

Update 5/12/2016: We’re excited to announce the 3.0 release of our Express-Stormpath library! For the technical breakdown of authentication in Express, you should see the 3.0 Changelog and the 3.0 Upgrade Guide. When building full-stack JavaScript applications, it’s all too easy to defer the user authentication until some later date. With the power of frameworks like …

Angular’s XSRF: How It Works

When you research web application security you will come across Cross-Site Request Forgery (CSRF). This attack vector is taking advantage of cookies, but in a preventable way. In this post we’ll discuss what the attack is and how it can be prevented. We’ll also discuss Angular’s XSRF feature, which helps you prevent attack. It requires …

Express-Stormpath 2.0 – Redesigned For The Front-End

It’s been slightly more than a year since we released our Express integration, and in that time we’ve refined our approach toward web framework integrations. While Express was our first step in the framework space, we always had a big vision: enabling Stormpath to seamlessly work with all the great web frameworks that exist today. …

Create and Verify JWTs with Node.js

Heads up… this post is old! For an updated version of this article, see Create and Verify JWTs with Node. JWT, access token, token, OAuth token.. what does it all mean?? Properly known as “JSON Web Tokens”, JWTs are a fairly new player in the authentication space. Being the cool new thing, everyone is hip …

Build Secure User Interfaces Using JSON Web Tokens (JWTs)

Update 5/12/2016: JJWT is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever free and open-source (Apache License, Version 2.0), JJWT is simple to use and understand. We’d love to have you try it out, and let us know what you think! (And, if you’re a Node …