Developers Guide to GPG and YubiKey

Tutorial: Set up a YubiKey for GPG and SSH!

bdemers

Setting up a new YubiKey as a second factor is easy—your browser walks you through the entire process. However, setting up a YubiKey to sign your Git commits and Secure Shell (SSH) authentication is a very different experience. In this post, I’ll walk through configuring a YubiKey and highlight some of the things I’ve learned along the way.

A Beginner's Guide to JWTs

What is a JWT? How are they used? Find out in this post!

bdemers

JSON Web Tokens (JWT) are used everywhere (even places they shouldn’t be). This post will cover the basics of what you need to know about JWT and the related specifications in the Javascript Object Signing and Encryption (JOSE) family.

JWT vs Opaque Access Tokens: Use Both With Spring Boot

Tutorial: Learn how to use JWT and opaque access with Spring Boot.

bdemers

The topic of validating an OAuth 2.0 access tokens comes up frequently on this blog. Often we talk about how to validate JSON Web Token (JWT) based access tokens; however, this is NOT part of the OAuth 2.0 specification. JWTs are so commonly used that Spring Security supported them before adding support for remotely validating tokens (which is part of the OAuth 2.0 specification.)