Category: General

The Most Important Security Practice Everyone Forgot

UPDATE: This was an April Fools’ Day post. Everything I wrote about here is completely false. Security by obscurity is not security at all! Good security is transparent, well reviewed, and mathematically backed. Simply ‘hoping’ an attacker can’t find your weaknesses doesn’t make your code any more secure than it already is: if anything, it …

Express-Stormpath 3.0 Release Announcement

Hello fellow Stormpath developers! Today I’m officially announcing the latest 3.0 release of our Express-Stormpath library, and I’m very excited about this one! Our Express.js integration has been a labor of love for everyone on the JavaScript team. We first launched this library in June of 2014, almost two years ago! In that time we’ve learned what you want …

Hello, Stormpath!

Hi! I’m Edward, and it’s with great pleasure that I’d like to announce that I’m joining the Stormpath team as a Developer Evangelist for iOS! I’ve always been excited by technology and its potential to change the world. I spent my summers reading about the exponential growth of computing power, how it opened up entirely …

How to Create a Multi-Tenant User Model for SaaS Applications

Multi-tenant data management is core to the success of any Software as a Service application. With multi-tenancy, SaaS vendors can provide one version of their product to multiple customers instead of building a unique codebase for each one. However, giving your customer organizations a private partition of your SaaS application can be incredibly complicated to …

New! SAML Support for Your Customer Apps

Integrate with Popular SAML Identity Providers in Minutes. Today we launched support for the SAML standard for authentication and user management. Applications that use Stormpath for user management will now be able to use popular identity providers (IdPs) for Single Sign-On (SSO) capability. In other words, Stormpath-backed apps are now SAML service providers that work …

Where to Store your JWTs – Cookies vs HTML5 Web Storage

Update 5/12/2016: Building a Java application? JJWT is a Java library providing end-to-end JWT creation and verification, developed by our very own Les Hazlewood. Forever free and open-source (Apache License, Version 2.0), JJWT is simple to use and understand. It was designed with a builder-focused fluent interface hiding most of its complexity. We’d love to have …

Building Secure APIs with Express.js

Today, I’m going to walk you through everything you need to know in order to build a secure API service with Express.js and Stormpath. Specifically, I’ll walk you through building a simple Express.js API, and then locking it down via HTTP Basic Authentication, and OAuth2 Client Credentials authentication. These two authentication protocols allow you to …

Recipe: The Best Darn HTTP Cookies

As we planned our burn-down to the holidays, our head of Marketing made some pretty big commitments to our growth plan. But what is a good growth plan without some technical fussery? So, here’s what I came up with as a response: All new API calls to Stormpath Thanksgiving week will result in a shipment …

The Easy Way To Manage Your OAuth 2.0 Access Tokens

At Stormpath, we spend a lot of time designing features to help developers build applications using best practices for authentication, authorization, and user data security. Now, Stormpath makes it easy for developers to generate OAuth 2.0 access tokens. This new feature gives your applications a way to authorize requests for other applications and micro-services that …

Express-Stormpath 2.0 – Redesigned For The Front-End

It’s been slightly more than a year since we released our Express integration, and in that time we’ve refined our approach toward web framework integrations. While Express was our first step in the framework space, we always had a big vision: enabling Stormpath to seamlessly work with all the great web frameworks that exist today. …