Integrator Free Plan available! Existing Okta Developer Edition orgs will be deactivated starting July 18, 2025. Sign up for the Integrator Free Plan to continue building and integrating. Learn more on the Okta Developer blog

Articles tagged authorization

How to Build Secure Okta Node.js Integrations with DPoP

How to Build Secure Okta Node.js Integrations with DPoP

Integrating with Okta management API endpoints might be a good idea if you are trying to read or manage Okta resources programmatically. This blog demonstrates how to securely set up a node application to interact with Okta management API endpoints using a service app. Okta API management endpoints can be accessed using an access token issued by the Okta org authorization server with the appropriate scopes needed to make an API call. This can be...

Read more

Secure OAuth 2.0 Access Tokens with Proofs of Possession

Secure OAuth 2.0 Access Tokens with Proofs of Possession

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. In OAuth, a valid access token grants the caller access to resources and the ability to perform actions on the resources. This means the...

Read more

Elevate Access Token Security by Demonstrating Proof-of-Possession

Elevate Access Token Security by Demonstrating Proof-of-Possession

We use access tokens to request data and perform actions within our software systems. The client application sends a bearer token to the resource server. The resource server checks the validity of the access token before acting upon the HTTP request. What happens if the requesting party is malicious, steals your token, and makes a fraudulent API call? Would the resource server honor the HTTP request? If you use a bearer token, the answer is...

Read more

The Things to Keep in Mind about Auth

The Things to Keep in Mind about Auth

There’s a lot of information out there about adding authentication to your app, which is helpful! But also overwhelming. It can be hard to find relevant and up-to-date information. Security best practices and technologies change, so refreshing your understanding and keeping up with current best practices is a good thing. Here are some notes I took while I reviewed my knowledge and applied my experience implementing auth. Prefer OAuth 2.0 and OpenID Connect If you’re...

Read more

Developer Day 2021: Celebrating the Future of Identity

Developer Day 2021: Celebrating the Future of Identity

It’s been a big year for Okta and Auth0. Our two companies have officially joined forces over the past few months, and we are excited about the chance to shape the future of identity together. It’s great to celebrate our combined developer communities at the first Developer Day event. I look forward to exploring more ways we can collaborate with our Auth0 counterparts and far-flung global communities through future events and activities. On Tuesday, 8/24,...

Read more

Use Okta and Oso to Secure a FastAPI + SQLAlchemy App

Use Okta and Oso to Secure a FastAPI + SQLAlchemy App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. FastAPI is really fast and SQLAlchemy is really…SQL-y. But what good is a fast and SQL-y application if it isn’t secure? In this post,...

Read more

An Illustrated Guide to OAuth and OpenID Connect

An Illustrated Guide to OAuth and OpenID Connect

In the “stone age” days of the Internet, sharing information between services was easy. You simply gave your username and password for one service to another so they could login to your account and grab whatever information they wanted! Yikes! You should never be required to share your username and password, your credentials, to another service. There’s no guarantee that an organization will keep your credentials safe, or guarantee their service won’t access more of...

Read more

PHP Authorization with OAuth 2.0 and Okta

PHP Authorization with OAuth 2.0 and Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. User account management, authorization, and access control can be difficult to implement for many web developers. At the same time, they are critical cornerstones...

Read more

Implement the OAuth 2.0 Authorization Code with PKCE Flow

Implement the OAuth 2.0 Authorization Code with PKCE Flow

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Imagine two levers that are inversely connected. That is, as one goes up, the other goes down. One lever is User Experience and the...

Read more

Decode JWTs in C# for Authorization

Decode JWTs in C# for Authorization

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. There are two main steps in securing an application: authentication and authorization. Authentication is easy enough. A user enters a username and password (maybe...

Read more

Add Login to Your ASP.NET Core MVC App

Add Login to Your ASP.NET Core MVC App

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. One of the improvements in the latest version of ASP.NET Core (MVC ) is a new and simplified authentication integration. However, managing authentication on...

Read more

Policy-Based Authorization in ASP.NET Core

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. The authorization model in ASP.NET Core got a significant overhaul with the introduction of policy-based authorization. Authorization now uses requirements and handlers, which are...

Read more

User Authorization in ASP.NET Core with Okta

Note: In May 2025, the Okta Integrator Free Plan replaced Okta Developer Edition Accounts, and the Okta CLI was deprecated. We preserved this post for reference, but the instructions no longer work exactly as written. Replace the Okta CLI commands by manually configuring Okta following the instructions in our Developer Documentation. Authorization is the oft-forgotten piece of identity and access management. The fact is, almost every app needs more than just “are they signed in?”...

Read more

Meet the New Okta Identity Platform

I’m genuinely excited to announce that today, we’re officially re-launching the new and improved Okta Identity Platform. Everything has been molded to our vision, and we’re aiming to do something we could not before: build the world’s largest authentication-as-a-service platform for developers of all shapes and sizes. The new Okta Identity Platform is our attempt to make authentication and authorization problems a relic of the past. We want to provide beautiful developer libraries across every...

Read more

What the Heck is OAuth?

There’s a lot of confusion around what OAuth actually is. Some people think OAuth is a login flow (like when you sign into an application with Google Login), and some people think of OAuth as a “security thing”, and don’t really know much more than that. I’m going to show you what OAuth is, explain how it works, and hopefully leave you with a sense of how and where OAuth can benefit your application. What...

Read more