Reddit as an OAuth provider for a Java backend

OAuth (2) and Java work well together, there are plenty of libraries available which handle the general case and the more specific peculiarities of the various OAuth providers. Despite solid implementations like my favourite Spring Social [1] framework  the state of OAuth is at best fragmented. Not only because Spring Social is not as well … Continue reading Reddit as an OAuth provider for a Java backend

Non-Latin characters, openID and the openid4java library

The openid4java [1] library is a very handy set of components that handles openid and oauth for java applications and definitely worth a look before you capitulate in frustration before all that modern openid stuff. For those of us living and working outside the 7bit-speaking ANSI niche there is one webserver setting to verify: the … Continue reading Non-Latin characters, openID and the openid4java library

Pidgin having trouble with MSN certificate – and how to fix

I noticed recently that the Pidgin 2.7.5 messenger [1] had problems connecting to MSN with a certificate error about omega.contacts.msn.com. Fortunately I'm neither the first to have that problem, nor to find a solution [2]. MSN apparently replaced their certificate, which now needs to be updated with Pidgin. 1. point your browser to https://omega.contacts.msn.com/ 2. … Continue reading Pidgin having trouble with MSN certificate – and how to fix

Stateless user sessions with encrypted session IDs

When trying to design for stateless services one finds it easy to reduce the information stored in an http session but for one piece: whether the client has authenticated against the server or not. Usually you would implement a proccess for authenticating like this: Client submits credentials (login / password) to the server Server checks … Continue reading Stateless user sessions with encrypted session IDs