my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Aaron Parecki – Why Do We Really Need OAuth Anyway? @ beyond tellerrand Düsseldorf 2021

At this year's beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications: Aaron Parecki - Why Do We Really Need OAuth Anyway? - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Aaron also provides a guide to building an OAuth 2.0 server and a video course titled "The Nuts and Bolts of OAuth 2.0". Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more

OAuth 2.0 Authentication with Jira – A Spring Boot Example Application

When dealing with the specifics of authentication techniques and protocols such as OAuth the devil often is in the detail. While the OAuth 2.0 protocol generally is easy to grasp and simple to use implementation details for specific authentication providers can easily have you hit a snag fairly quickly. Documentation and examples sometimes are outdated or scattered across several - sometimes contradictory documents. Additionally, examples for the authentication provider you want to use might not have been written with your framework of ... Read more