OIDC

Session Clustering for OAuth 2.0 Applications

Learn how sessions are used with OAuth 2.0 and build an example with HAproxy, Redis, and Spring Boot.

bdemers

A common OAuth 2.0 question we get: “How do I deal with OAuth in a load-balanced application?” The short answer: There’s nothing specific about session clustering for OAuth. The longer answer is—you likely still need to worry about cluster session management. This post will discuss how an OAuth login relates to your application’s session. And we’ll build a simple, secure, load-balanced application to demonstrate.

OpenID Connect Logout Options with Spring Boot

This tutorial demonstrates the logout options you have when developing Spring applications and helps you pick the right one for you!

bdemers

On the Okta blog, we spend much of our time talking about logging in. That is because once you configure your application to log in, the log out just works. But there are a few things you should consider when you’re thinking about your app’s logout configuration. In this post, I’ll walk through examples of the two logout options you have with Spring Security: the “default” session clearing logout, and relying party initiated logout.

Secure Legacy Apps with Spring Cloud Gateway

This tutorial shows show you how to secure legacy applications with OAuth 2.0 and Spring Cloud Gateway.

bdemers

One of the biggest challenges of adding OAuth 2.0 support to legacy applications is a lack of support in the underlying framework. Maybe it’s homegrown, or maybe it’s just old? Either way, migrating away from an old form-based login doesn’t need to be so painful. In this post, I’ll walk you through a low-code option using Spring Cloud Gateway and Okta.