A More Definitive Guide to Mobile SSO

Lately I was a little frustrated with the lack of online resources which effectively describe how to effectively leverage session-based SSO on mobile platforms. Read more

Why You Should Prefer OAuth Scope Validation Over Audience Validation

I often receive the question of how OAuth token audience validation should work in environments where multiple OAuth clients are calling multiple resource services. Generally, the audience or aud claim in OAuth represents the application to which the OAuth token was issued. This can be handy as an additional layer of token validation for certain... Read more

The Summer of JavaScript

Day to day, I work on the modern Microsoft stack - .NET Core, MSSQL, Linux/Docker, and building out both cloud and security initiatives at my organization. I love my place on the backend side of things, and typically don’t stray far from that area. Ever so occasionally, it’s necessary to dip my toes into JS to finish some light frontend work. J... Read more