Apr 2020 - Present
Resume
Portfolio
I recently slightly updated my older article about API security best practices. All the things I wrote about more than two years ago are still relevant today. You can check the article here: https:...
Published version 1.2.2 of the NetID authenticator: https://github.com/curityio/netid-authenticator
I've written a tutorial on how to use a Dynamic Authenticator, a new feature in the Curity Identity Server: https://curity.io/resources/learn/dynamic-authenticator/ The tutorial comes with a demo r...
I gave a speech at API Secure about the Security of large API ecosystems.
Courses and videos
If you ever heard the phrase lodging intent and wondered what it is, then have a look at this video I created (with some help from a more skilled than me graphic designer colleague): https://curity...
I created a course about the details of OpenID Connect. If you wonder how OIDC is different from OAuth, how to properly use the ID token, or what are nonces and hybrid flows then have a look at the...
I created a course about building an Identity Architecture for APIs. You can learn about token flows, proof-of-possession tokens, scopes and claims, token-sharing techniques, and more. The course i...
Conference talks and Webinars
I was a guest in a Nordic APIs Livecast, talking about the ways in which we can leverage Hypermedia to create more native authentication processes. You can view that talk here: https://www.youtube....
I co-hosted a webinar about privacy and security enhancements that an API gateway gives. This was a joint effort by Curity and NGINX. You can watch it here: https://curity.io/resources/webinars/gua...
I took part in a webinar about Zulu Mission Control and Java Flight Recorder. I presented a demo on how to utilise these two tools to find performance and resource-utilisation issues in a JVM. You ...
I gave a talk during the virtual API Days Helsinki conference. Talking about some financial-grade security solutions that can be applied to any API. https://www.youtube.com/watch?v=AaUNj9S-SI8
Things I’ve built
View All
At Curity, we've released a new Android SDK that will make working with our Hypermedia Authentication API a blast. There's a code example app that shows you need only two lines of code and some con...
I created a small library for simpler usage of the passport authentication framework together with the Curity Identity Server. You can check it out here: https://www.npmjs.com/package/passport-curity
I created a Next.js implementation of Curity's OAuth Agent, a component used in the Token Handler pattern (a way to boost the security of your SPAs). Have a look at this tutorial and code repositor...
I released version 1.0.0 of a small utility library with Cypress commands that can help you write tests of an OpenID Connect Provider. Check it out here: https://www.npmjs.com/package/@curity/cypre...
Articles and blogs
View All
My article has been published on the New Stack. You can read all about Identity Distribution and its role in API Security: https://thenewstack.io/identity-distribution-is-essential-for-modern-api-s...
JWTs are secure only if used correctly. I created a course on JWT best practices. This will help you understand how to work with JWTs to maintain the best levels of security. Have a look at the fre...
I've written an article for the IT Chronicles website about the importance of identity in API Security. You can read it here: https://itchronicles.com/uncategorized/understanding-the-role-of-identi...
I wrote a blog post about the pros and cons of Client-Initiated Backchannel Authentication. Have a look at it here: https://curity.io/blog/whats-the-deal-with-ciba/