This past Thursday Inversoft CTO Daniel DeGroff was a featured guest at a gathering of a progressive group of software security and development experts in Denver. The focus of the night was to discuss the intersection of software engineering and security and share current perspectives on the challenges, strategies and solutions in the industry today. Daniel’s unique experience gained while developing the Passport CIAM and CleanSpeak profanity filter provided participants with a solution provider’s view of the user access and monitoring challenges they face.
Storing user data in Passport is not difficult and can save data essential to a user’s experience. This article will walk you through the basic steps of storing and retrieving user data in Passport.
To get started, clone or download the Passport example template from GitHub. If you want to follow along with this how to, you’ll need to have node and npm installed on your machine. (It should work with older versions, but we used node v8.9.4 and npm 5.6.0 which are the current stable releases at the time of writing.)
We are into the second month of 365 Days of Passport and we are publishing a free whitepaper. We debated long and hard if we should gate this whitepaper and require you to fill out a form to get access. After much thought, we’ve decided to open this whitepaper to everyone (including the Google bot). If you like this new direction and want us to open all our content (old and new), let us know by emailing us at email@example.com.
It’s week 3 of 365 Days of Passport. Today, we are going geek on you. Let’s talk about JWTs (JSON Web Tokens).
JWTs are becoming more and more ubiquitous. CIAM providers everyone are pushing JWTs as the silver bullet for everything. JWTs are pretty cool, but let’s talk about some of the downsides of JWTs and other solutions you might consider.
The way I usually describe JWTs is that they are portable units of identity. That means they contain identity information as JSON and can be passed around to services and applications. Any service or application can verify a JWT itself. The service/application receiving a JWT doesn’t need to ask the identity provider that generated the JWT if it is valid. Once a JWT is verified, the service or application can use the data inside it to take action on behalf of the user.
Over the years, we’ve tried a number of different methods for letting developers get their hands on our products to try them out. During our 365 Days of Passport, we are going to try something new.
Our new evaluation system will let anyone create an account with us and immediately get access to the installable version of our products. You’ll be able to download any of our bundles (DEBs, RPMs or ZIPs), install on your dev box or on any server, and immediately start testing.
We also added another option to try our products. We created two sandbox servers in AWS, one for Passport and one for CleanSpeak. These sandboxes are open to the world and easy to log into. The username and password for our sandboxes will always be:
You will find the URL for the sandbox on your account page once you create an account. Once you log into the sandbox, you can edit the configuration, create API keys and start calling the APIs. We will periodically reset the sandbox servers, so don’t rely on your configuration and data always being there.
And finally, we still want to provide the ability to evaluate our products using one of our private-cloud servers. Since these servers do cost money for us to run, we’ve added a button to the account page for you to request a private-cloud server. Once we receive your request, someone from the Inversoft team will reach out to you and get your private-cloud server setup.
Keep in mind that Passport is single-tenant. That means that your user data is completed isolated from everyone else’s. That is why we start a separate server (or multiple servers) for each customer we host for.
We hope this new evaluation model will help you quickly get started with either of our products. If you have questions or feedback, don’t hesitate to send it our way by emailing firstname.lastname@example.org.