14 Feb 2016

feedPlanet Identity

Nat Sakimura: ビフテキの由来はビーフステーキじゃない?!

Facebookで、「トンテキの由来…あ、そういうことね! はいじゃあビフテキも…え!?」という記事が回ってきた。(httpsで見ると、以下の引用が表示されない ...

Copyright © 2016 @_Nat Zone All Rights Reserved.

14 Feb 2016 3:57pm GMT

12 Feb 2016

feedPlanet Identity

OpenID.net: Vote Early and Often!

More often than not OpenID Foundation members vote with their feet. Members typically signal their interest in a topic or work group by participating on a spectrum from "leader to lurker" on a mailing list discussion or in a work group's agenda setting. On important, rare occasions, real people have to cast real votes. Votes [...]

12 Feb 2016 5:40pm GMT

Nishant Kaushik - Oracle: That Time Enabling Two-Factor Authentication Made Me Feel Worse

I've been an account holder at a fairly prominent online brokerage for a while now. Been using it without hiccup for years. The movement in the stock market early in the year prompted me to log in to check on a few things (I know, I know. I swear I'm not that guy). While there, I decided...

The post That Time Enabling Two-Factor Authentication Made Me Feel Worse appeared first on Talking Identity | Nishant Kaushik's Look at the World of Identity Management.

12 Feb 2016 3:01pm GMT

Katasoft: Stormpath Laravel Event Firing Squad

At Stormpath, we want to make it as easy as possible to create your application. Our Laravel Integration is no exception.

Events give developers an important tool to hook into different parts of a package to run your own business logic. Events can dramatically simplify application development, particularly when adding user functionality to a webapp.

A recent update to the Stormpath Laravel integration adds events fired by the built-in Laravel event system which your Laravel app can listen for and handle however you like, and use them to hook into user features like registration, login, logout, and more.

Let's dive in to see how it works!

What Are Events?

An event in a programming language is a way to notify the developer of something that happened or is about to happen. This event can contain any kind of information, and a developer can program against that information.

One example of this is when a user signs up for your application. Without events, you must code everything related to the signup process. This can make your code very hard to maintain and very messy.

When you create a user signup event, you can trigger various sign-up related processes off that event. Things like sending an email to the user about signup, creating the user in the database, sending alerts to administration, and more.

Why Are Events Important?

There are many reasons why events are important. One of the main reasons is the single responsibility principle. Without events, your signup controller would be responsible for many different things during signup. When you fire an event, you can have handlers listen for them and handle what they need to. Doing so, allows you to not worry about what happens when a user signs up, but allows other parts of your application to handle it.

One of the other big advantages of using events is the flexibility of your code. When starting out with your application, there are some basics that you will want to include for a user registration. Later on, you may have some other business logic that you want to add to the process. With events, this is easy, you add a new process and attach it to the event. There is no need to go into the user registration code to add it there, cluttering up your controller.

What Events Stormpath Laravel Offers

At Stormpath, we want to give you the ability to have every aspect of the Laravel integration fire an event. Thanks to one of our community users of the Stormpath Laravel package, Kryten0807, we now offer events for every process.

The following events (and their corresponding classes) are triggered during Stormpath operations:

  • UserIsRegistering: A potential new user has completed the registration form and submitted it. The form data has passed validation. (cancellable)
  • UserHasRegistered: A new user has registered.
  • UserIsLoggingIn: A user has completed the login form and submitted it. The form data has passed the initial validation, but the user has not been authenticated yet. (cancellable)
  • UserHasLoggedIn: A user has successfully logged in.
  • UserIsLoggingOut: A user has visited the logout URL but has not been logged out yet. (cancellable)
  • UserHasLoggedOut: A user has successfully logged out.
  • UserHasRequestedPasswordReset: A user has completed the password reset form and the password reset email has been sent.
  • UserHasResetPassword: A user has successfully reset their password.

All of the above are the class names for the event and they live in the Stormpath\Laravel\Events namespace

Listening For Stormpath Laravel Events

Continuing with the examples from above of registering a user, lets say you have some business logic that needs to run before a user account is created. To do this, we offer the UserIsRegistering event. This event will be triggered before a user is created at Stormpath allowing you to run your business logic and stopping the registration if needed. You will first need to register a listener for this event:

1
2
3
4
5
protected $listen = [
    'Stormpath\Laravel\Events\UserIsRegistering' => [
        'App\Listeners\HandleNewUserIsRegistering',
    ],
];

This can be placed in your EventServiceProvidrer file of your Laravel install. For more information about events and registering them, please visit the Laravel Documentation.

The file App\Listeners\handleNewUserIsRegistering is a class in your application which handles the event when it is fired. The listener class is defined according to the Laravel documentation on defining listeners.

Terminating Event Actions

There may be times when it is necessary to halt processing based on some processing you are doing in your listener. To do this, simply return false from the handle method of your listener. Note that this will only have an effect for the events that are marked as "cancellable" in the table above.

For example, maybe you want to prevent a user from registering if their first name is "Bob". Your handler should look like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
public function handle(UserIsRegistering $event)
{
    // get the form data that the user has submitted
    //
    $data = $event->getData();

    // check the givenName field
    //
    if ($data['givenName']=='Bob') {
        return false;
    }

    // the name is not Bob, so just carry on...
}

This will abort the registration request. When this is done, a Stormpath\Laravel\Exceptions\ActionAbortedException will be thrown. In the example above, you might catch that exception & redirect the user to a page that says "No Bobs Allowed!"

Try It Out

With the addition of the events in the Stormpath Laravel package, we have opened up a whole new way to work with the package, making it a much more flexible system that is also easier for you to work with.

For full documentation on the events that are used, visit our documentation page.

Let us know what you think of this addition. We love your feedback. You can contact us at support@stormpath.com or hit us up on Twitter @goStormpath.

Like what you see? Follow @goStormpath to keep up with the latest releases.

12 Feb 2016 8:00am GMT

Mike Jones - Microsoft: Authentication Method Reference Values spec incorporating adoption feedback

This draft of the Authentication Method Reference Values specification incorporates OAuth working group feedback from the call for adoption. The primary change was to remove the "amr_values" request parameter, so that "amr" values can still be returned as part of an authentication result, but cannot be explicitly requested. Also, noted that OAuth 2.0 is inadequate […]

12 Feb 2016 5:58am GMT

11 Feb 2016

feedPlanet Identity

Kantara Initiative: Colin Wallis appointed Executive Director

On behalf of the Directors of Kantara Inc., I am delighted to announce the appointment of Colin Wallis as the organization's new Executive Director. Colin has been an active participant in the organization since its inception, as part of his role representing his federal employer and his country on federated identity and identity assurance. Colin […]

11 Feb 2016 11:59pm GMT

Matthew Gertner - AllPeers: Should You Repair or Replace Your Windshield? Find Out

When most people notice that there windshield has a chip or a crack, they choose to ignore it. Chips and cracks are often not unsightly enough to cause concern. However, they can be a major concern when it comes to safety. Damage to windshields can result in an accident as they can impair the driver's vision. They may pop out in a collision and cause harm to the driver or passengers. Windshields are also important for providing structural support to the car's roof. A damaged windshield can result in the collapse of the roof. Causes of windshield damage Windshield damage…

The post Should You Repair or Replace Your Windshield? Find Out appeared first on All Peers.

11 Feb 2016 8:51pm GMT

Nat Sakimura: ショパン風ハッピーバースデー

音楽における旋律の比重の低さというのは、以前から何度も取り上げていますが、これを聞いてもそうですよねぇ。ハッピーバースデーをショパン風に。 どうぞ。 因みに、ピ ...

Copyright © 2016 @_Nat Zone All Rights Reserved.

11 Feb 2016 11:50am GMT

Katasoft: Hello, Stormpath!

edward jiang

Hi! I'm Edward, and it's with great pleasure that I'd like to announce that I'm joining the Stormpath team as a Developer Evangelist for iOS!

I've always been excited by technology and its potential to change the world. I spent my summers reading about the exponential growth of computing power, how it opened up entirely new markets for computing, and the entrepreneurs that made it happen. At that time, companies like Microsoft and Dell enabled ordinary individuals to access the power of computing, revolutionizing how we access information and communicate with each other.

When growing up, I'd run outside to check the mailbox, and return home with a handful of AOL CDs. To my young self those CDs represented the wonder of technology. While books and VHS tapes were big, bulky, and expensive to store and distribute, mailing CDs seemed like a much better distribution model.

As technology improved, downloads eliminated the CD, web apps eliminated the install process, and mobile apps enabled rich, personal experiences for everyone.

Why Mobile Is Important

While surprising to many, mobile traffic already exceeds desktop traffic on the internet, and will continue to grow as users find the convenience and richer experiences better than a web interface in a desktop environment. Uber spawned hundreds of similar "on-demand" startups after pioneering its ride hailing service, and permanently increased the speed and transparency consumers expect from service companies. Venmo allowed individuals to send money in a way that was faster and safer than cash, and ultimately was acquired by PayPal to jumpstart its business in the mobile sphere. Mobile is a huge opportunity for many businesses to redefine themselves, and the ones that truly understand mobile will be the ones that continue to grow.

Even with these increased opportunities, mobile is a challenging platform to develop for, because it's limiting in many ways. Smaller screen sizes limit the amount of information apps can present to users, while users will only give an app several minutes of their time before deleting it from their phone. Nobody sits down with a user manual and 30 minutes to learn how to use an app.

App developers need to invest in great onboarding experiences, because if a user deletes their app, every dollar spent on building and marketing the app is wasted. Account creation and logins need to be carefully crafted so they don't interrupt the user flow.

What I'll Be Doing

Stormpath does a great job at helping backend developers build authentication and authorization in their APIs and websites, but we've traditionally let backend developers work directly with mobile developers to develop the login flow. I'm the first person on the Stormpath team dedicated to thinking about how we can make our product better for mobile, and I'll be working with our team to make sure that we help our customers build great mobile experiences.

I'll start out by working with our customers and release an iOS SDK for our existing integrations, and continue improving it by making it as easy as possible for developers to add authentication to their apps, with pre-built ViewControllers, TouchID support, and more. The Stormpath iOS SDK will be the easiest way to plug in secure and scalable authentication into your apps.

After that, I'll continue to advocate for and find ways to make the core Stormpath product more friendly for companies that want to build mobile-first.

In addition, you'll start to see me at meetups, conferences, as well as on the Stormpath blog talking about how you can leverage mobile more effectively! If you're in the Bay Area, I'm also always happy to meet up and talk about mobile trends and the future =]

I'm excited to be part of the Stormpath team, and can't wait to help create awesome mobile experiences everywhere! Want to chat? Just send an email: edward@stormpath.com, or on Twitter @EdwardStarcraft.

11 Feb 2016 9:09am GMT

Julian Bond: Yesterday's nature excitement was seeing a pair of Goldcrests in Hertford's Pinetum. They were feeding...

Yesterday's nature excitement was seeing a pair of Goldcrests in Hertford's Pinetum. They were feeding on midges and insects on a pile of Douglas Fir branches I was clearing. That came from the top of an old but weird shaped tree that had broken off in the high winds of a few days ago.

The Pinetum is looking good and the display of snow drops is looking perfect. They have an open day this Sunday with guided walks and cream teas.

https://en.wikipedia.org/wiki/Goldcrest
http://www.clintonbakerpinetum.org.uk/
Goldcrest - Wikipedia, the free encyclopedia »

[from: Google+ Posts]

11 Feb 2016 8:59am GMT

10 Feb 2016

feedPlanet Identity

ForgeRock: The Importance of Trust

Recently, Accenture released their much anticipated Technology Vision 2016. Identifying what Accenture considers to be the critical trends shaping the market for the next three to five years, the report is a great resource for any organization with a digital strategy that's looking to maintain their competitive edge in the digital era. Out of the…

The post The Importance of Trust appeared first on ForgeRock.com.

10 Feb 2016 6:41pm GMT

09 Feb 2016

feedPlanet Identity

Mike Jones - Microsoft: Initial OAuth working group Discovery specification

We have created the initial working group version of OAuth Discovery based on draft-jones-oauth-discovery-01, with no normative changes. The specification is available at: http://tools.ietf.org/html/draft-ietf-oauth-discovery-00 An HTML-formatted version is also available at: http://self-issued.info/docs/draft-ietf-oauth-discovery-00.html

09 Feb 2016 2:06pm GMT

Katasoft: Stormpath React SDK: Introducing custom login and registration forms

Building forms has never really been any fun. But with the new custom forms feature that we've added to the Stormpath React SDK, it suddenly is. This custom forms functionality means you'll have the ability to plug in your own markup to the forms for user login, registration and reset password without having to think about any of the logic behind them.

React developers can now simply style the form quickly, and Stormpath will take care of all the rest.

Let's Build a User Form in React

Before we get started: If you haven't played around with React or want to try these examples in a sample application, then take a look at our previous blog post Build a React.js Application With User Authentication or play along with the example project.

Default Markup

Forms in the Stormpath React SDK still work as previously. If no markup is provided, the form will simply render with the default Bootstrap markup, i.e.

1
<LoginForm />

This actually turns into:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<LoginForm>
  <div className='sp-login-form'>
    <div className="row">
      <div className="col-xs-12">
        <div className="form-horizontal">
          <div className="form-group">
            <label htmlFor="spEmail" className="col-xs-12 col-sm-4 control-label">Email</label>
            <div className="col-xs-12 col-sm-4">
              <input className="form-control" id="spUsername" name="username" placeholder="Username or Email" />
            </div>
          </div>
          <div className="form-group">
            <label htmlFor="spPassword" className="col-xs-12 col-sm-4 control-label">Password</label>
            <div className="col-xs-12 col-sm-4">
              <input type="password" className="form-control" id="spPassword" name="password" placeholder="Password" />
            </div>
          </div>
          <div className="form-group">
            <div className="col-sm-offset-4 col-sm-4">
              <p className="alert alert-danger" spIf="form.error"><span spBind="form.errorMessage" /></p>
              <button type="submit" className="btn btn-primary">Login</button>
              <Link to="/forgot" className="pull-right">Forgot Password</Link>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div>
</LoginForm>

Custom Markup for Login Forms

Now, adding your own markup to user forms is easy. When markup is passed to the form, the form will automatically process that markup and bind common input fields and buttons depending on their input type and name. The conditions (spIf) and bindings (spBind) available depend on the form used.

To demonstrate this, a simple, stripped-down login form can look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<LoginForm>
  <p>
    <input type="text" name="username" placeholder="Username" />
  </p>
  <p>
    <input type="password" name="password" placeholder="Password" />
  </p>
  <p spIf="form.error">
    <strong>Error:</strong> <span spBind="form.errorMessage" />
  </p>
  <p>
    <input type="submit" value="Login" />
  </p>
</LoginForm>

Field Mapping

As previously mentioned, when markup is provided to a form, that markup is processed and input fields are mapped, with available fields varying by form. For the login form, the valid fields are username (or login, the username to login with) and password (the password to login with).

In order to map an input to the username field, all you have to do is to set the input name to the field name:

1
<input type="text" name="username" />

If you're interested in seeing what fields can be mapped for the registration or reset password form, take a look at the Stormpath React documentation.

Conditional Statements

In order to control what is being shown, each form has a specific set of spIf conditions that you can use. For the login form, the available conditions are form.processing, which is true when the form is loading, and form.error, which is set to true when there is a bindable error message.

In order to only show an element during a form.error, all you need to do is set the spIf attribute:

1
2
3
<p spIf="form.error">
  Form error occurred. Please try again.
</p>

If you're interested in seeing what spIf conditions are available for the registration or reset password form, take a look at the Stormpath React documentation.

Bind Values

In order to show certain texts, spBind can be added on an element to bind that element to a value. For the login form, the bindable values are form.errorMessage, which is an error message present when the form.error condition is true.

So in order to show an error message during a form.error, all you need to do is to set the spBind attribute on an element, as shown below:

1
2
3
<p spIf="form.error">
  <span spBind="form.errorMessage" />
</p>

If you're interested in seeing what spBind values are available for the registration or reset password form, take a look at the Stormpath React documentation.

Intercept Form Submit

If an onSubmit attribute is set on a form, then the handled function attached to that attribute will be called once a form is submitted. The handler that you attach can be used to do custom error validation or format the data that is posted to Stormpath, i.e. providing your own onSubmit handler for the login form would look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
class LoginPage extends React.Component {
  onFormSubmit(e, next) {
     var data = e.data;

    // Require passwords to be at least 10 characters.
    if (data.password.length < 10) {
      return next(new Error('Password must be at least 10 characters long.'));
    }

    // Force usernames to be in lowercase.
    data.username = data.username.toLowerCase();

    next(null, data);
  }

  render() {
    return <LoginForm onSubmit={this.onFormSubmit.bind(this)} />;
  }
}

Summary

As you've just seen demonstrated, the new custom forms feature really makes building forms a lot easier. It's one of the many improvements we have added to the React SDK lately.

If you have any feedback on the custom forms feature or the React SDK in general. Feel free to leave that in the comment section below.

09 Feb 2016 9:09am GMT

Mike Jones - Microsoft: W3C Web Authentication Working Group

The W3C approved the Web Authentication Working Group charter today and announced the first working group meeting, which will be on March 4, 2016 in San Francisco. The initial input to the working group was the member submission of FIDO 2.0 Platform Specifications.

09 Feb 2016 7:06am GMT

08 Feb 2016

feedPlanet Identity

OpenID.net: New OpenID Foundation Board Leadership

Thanks to all who voted for representatives to the OpenID Foundation Board of Directors. George Fletcher of AOL will begin a new two year term as the community member representative. His continued leadership on the Executive Committee ensures continuity on important initiatives like OpenID Connect Certification and his deep technical expertise will assist the new work groups [...]

08 Feb 2016 7:00pm GMT

06 Feb 2016

feedPlanet Identity

OpenID.net: Registration Now Open for OpenID Foundation Workshop on Monday, April 25, 2016

OpenID Foundation Workshops provide insight and influence on important internet identity standards. The workshop provides updates on the adoption of OpenID Connect across industry sectors. We'll review progress on OpenID Connect Certification and gather feedback for planned Relying Party certification. Work Group Leaders will overview the MODRNA (Mobile Profile of OpenID Connect) as well as [...]

06 Feb 2016 12:44pm GMT