OAuth 2.0

Build a Secure Java Application with Apache Shiro and OAuth 2.0

This tutorial will show you how to build a secure Java application with Apache Shiro and OAuth 2.0.


Apache Shiro is a Java security framework that can perform authentication, authorization, session management, along with a host of other features for building secure applications. In this tutorial, you will build a simple Java REST application using JAX-RS. JAX-RS, like many Java APIs, is a set of interfaces, and you will need to pick an implementation

OpenID Connect Logout Options with Spring Boot

This tutorial demonstrates the logout options you have when developing Spring applications and helps you pick the right one for you!


On the Okta blog, we spend much of our time talking about logging in. That is because once you configure your application to log in, the log out just works. But there are a few things you should consider when you’re thinking about your app’s logout configuration. In this post, I’ll walk through examples of the two logout options you have with Spring Security: the “default” session clearing logout, and relying party initiated logout.

Secure Legacy Apps with Spring Cloud Gateway

This tutorial shows show you how to secure legacy applications with OAuth 2.0 and Spring Cloud Gateway.


One of the biggest challenges of adding OAuth 2.0 support to legacy applications is a lack of support in the underlying framework. Maybe it’s homegrown, or maybe it’s just old? Either way, migrating away from an old form-based login doesn’t need to be so painful. In this post, I’ll walk you through a low-code option using Spring Cloud Gateway and Okta.


If you have a JavaScript single-page application (SPA) that needs to securely access resources from a Spring Boot application, you likely want to use the OAuth 2.0 implicit flow! With this flow your client will send a bearer token with each request and your server side application will verify the token with an Identity Provider (IdP). This allows your resource server to trust that your client is authorized to make the request. In OAuth terms your SPA is the client and your Spring Boot…