diff --git a/_source/_assets/img/avatar-indranil-jha.jpg b/_source/_assets/img/avatar-indranil-jha.jpg new file mode 100644 index 0000000000..5b60a0a55f Binary files /dev/null and b/_source/_assets/img/avatar-indranil-jha.jpg differ diff --git a/_source/_assets/img/blog/angular-forroot/social.jpg b/_source/_assets/img/blog/angular-forroot/social.jpg new file mode 100644 index 0000000000..b60268db3e Binary files /dev/null and b/_source/_assets/img/blog/angular-forroot/social.jpg differ diff --git a/_source/_assets/img/blog/step-up-auth/request-timing.png b/_source/_assets/img/blog/step-up-auth/request-timing.png new file mode 100644 index 0000000000..38a17526db Binary files /dev/null and b/_source/_assets/img/blog/step-up-auth/request-timing.png differ diff --git a/_source/_assets/img/blog/step-up-auth/stepup.png b/_source/_assets/img/blog/step-up-auth/stepup.png new file mode 100644 index 0000000000..2d07fb7214 Binary files /dev/null and b/_source/_assets/img/blog/step-up-auth/stepup.png differ diff --git a/_source/_data/authors.yml b/_source/_data/authors.yml index ef2b557569..930d286b21 100644 --- a/_source/_data/authors.yml +++ b/_source/_data/authors.yml @@ -1,3 +1,9 @@ +indranil-jha: + full_name: Indranil Jha + display_name: Indranil Jha + avatar: avatar-indranil-jha.jpg + bio: "Senior Solutions Engineer" + erikka-innes: full_name: Erikka Innes display_name: Erikka Innes diff --git a/_source/_posts/2021-11-22-full-stack-java.md b/_source/_posts/2021-11-22-full-stack-java.md index 0e8b2f2151..7af112c7fb 100644 --- a/_source/_posts/2021-11-22-full-stack-java.md +++ b/_source/_posts/2021-11-22-full-stack-java.md @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [java,javascript] description: "This tutorial shows you how to create a slick-looking, full-stack, secure application using React, Spring Boot, and JHipster." -tags: [java, full-stack, react, spring-boot, jhipster] +tags: [java, full-stack, react, spring-boot, jhipster, auth0] tweets: - "Full Stack Java is made easy with @jhipster! See how to configure your app with @Auth0 in this tutorial." - "React + Spring Boot + OpenID Connect!? Oh My! 👀" diff --git a/_source/_posts/2022-03-03-spring-native-jhipster.adoc b/_source/_posts/2022-03-03-spring-native-jhipster.adoc index 4891a4383f..61a548e9e7 100644 --- a/_source/_posts/2022-03-03-spring-native-jhipster.adoc +++ b/_source/_posts/2022-03-03-spring-native-jhipster.adoc @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [java] description: "Do you want to build a full-stack Java webapp that starts in milliseconds? Spring has your back! 👊" -tags: [java, spring-boot, spring-native, jhipster, graalvm] +tags: [java, spring-boot, spring-native, jhipster, graalvm, auth0] tweets: - "Start your @JHipster + Spring Boot app in under a second with Spring Native and @GraalVM!" - "Introducing JHipster Native: 'Wow! That was quick!'" diff --git a/_source/_posts/2022-04-22-github-actions-graalvm.adoc b/_source/_posts/2022-04-22-github-actions-graalvm.adoc index 8474bf52dd..b08dfc3da6 100644 --- a/_source/_posts/2022-04-22-github-actions-graalvm.adoc +++ b/_source/_posts/2022-04-22-github-actions-graalvm.adoc @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [java,devops] description: "Sometimes it takes a journey of many hours and many builds to produce a released artifact. GraalVM + GitHub Actions = ❤️." -tags: [java,graalvm,jhipster,spring-native,github-actions] +tags: [java,graalvm,jhipster,spring-native,github-actions,auth0] tweets: - "Learn how to configure @GitHub Actions to build @GraalVM images in this quick tutorial." - "Check it! @JHipster Native allows you to automate the wait of building your @GraalVM images. Learn more. 👇" diff --git a/_source/_posts/2022-05-12-ionic-angular-jhipster.adoc b/_source/_posts/2022-05-12-ionic-angular-jhipster.adoc index 332bd2b813..aded794471 100644 --- a/_source/_posts/2022-05-12-ionic-angular-jhipster.adoc +++ b/_source/_posts/2022-05-12-ionic-angular-jhipster.adoc @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [mobile,java,javascript] description: "Build an Ionic + Angular frontend for your Spring Boot backend, all using the power of JHipster! Secured by OpenID Connect." -tags: [ionic, spring-boot, spring-security, jhipster] +tags: [ionic, spring-boot, spring-security, jhipster, auth0] tweets: - "Create an Ionic app with a Spring Boot backend in minutes with the new Ionic blueprint for @jhipster!" - "Introducing JHipster Ionic: 'Wow! Did you really just build that?!'" diff --git a/_source/_posts/2022-06-17-simple-crud-react-and-spring-boot.md b/_source/_posts/2022-06-17-simple-crud-react-and-spring-boot.md index 3cc5d5eea8..1504fd994f 100644 --- a/_source/_posts/2022-06-17-simple-crud-react-and-spring-boot.md +++ b/_source/_posts/2022-06-17-simple-crud-react-and-spring-boot.md @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [java, javascript] description: "React is one of the most popular JavaScript frameworks, and Spring Boot is wildly popular in the Java ecosystem. This article shows you how to use them in the same app and secure it all with Okta." -tags: [java, spring-boot, react] +tags: [java, spring-boot, react, auth0] tweets: - "React + Spring Boot makes for a nice development experience. Learn how to make them work together with OIDC authentication." - "Spring Boot with @java + React with @javascript == 💙. Learn how to build a @springboot + @reactjs CRUD app today!" diff --git a/_source/_posts/2022-08-05-spring-boot-saml.adoc b/_source/_posts/2022-08-05-spring-boot-saml.adoc index 07600d5ae4..33cf4caab1 100644 --- a/_source/_posts/2022-08-05-spring-boot-saml.adoc +++ b/_source/_posts/2022-08-05-spring-boot-saml.adoc @@ -8,7 +8,7 @@ description: "Learn how to build a Spring Boot application that authenticates ag tweets: - "Need SAML integration in your Spring Boot application? Get Started with Spring Boot and SAML using Okta!" - "Spring Boot + SAML + Okta = 💙! Learn more →" -tags: [spring-boot, saml, spring-security] +tags: [spring-boot, saml, spring-security, auth0] type: conversion github: https://github.com/oktadev/okta-spring-boot-saml-example image: blog/spring-boot-saml2/spring-boot-saml.jpg diff --git a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md index 531aa289d6..2012582d59 100644 --- a/_source/_posts/2022-08-19-build-crud-spring-and-vue.md +++ b/_source/_posts/2022-08-19-build-crud-spring-and-vue.md @@ -5,7 +5,7 @@ author: andrew-hughes by: contractor communities: [java,javascript] description: "Create a CRUD (create, read, update, and delete) application using Spring Boot and Vue.js." -tags: [java, spring-boot, vue, javascript] +tags: [java, spring-boot, vue, javascript, auth0] tweets: - "Build a secure Spring Boot + Vue.js app with this in-depth tutorial!" - "💚 Vue and Spring Boot? This full-stack tutorial is for you!" diff --git a/_source/_posts/2022-10-10-micro-frontends-java-microservices.adoc b/_source/_posts/2022-10-10-micro-frontends-java-microservices.adoc index 6b50ed2d48..aac3c69630 100644 --- a/_source/_posts/2022-10-10-micro-frontends-java-microservices.adoc +++ b/_source/_posts/2022-10-10-micro-frontends-java-microservices.adoc @@ -9,7 +9,7 @@ tweets: - "Want to ditch your monolith UI for micro frontends? My latest tutorial shows you how!" - "Learn how to build a @java microservices architecture that leverages micro frontends for the UI." - "Spring Boot and Spring Cloud simplify development of Java microservices, but what about the frontend? Try micro frontends!" -tags: [java, microservices, microfrontends, jhipster] +tags: [java, microservices, microfrontends, jhipster, auth0] type: conversion github: https://github.com/oktadev/auth0-micro-frontends-jhipster-example image: blog/micro-frontends-java/micro-frontends.jpg diff --git a/_source/_posts/2022-10-12-integrate-react-native-and-spring-boot-securely.adoc b/_source/_posts/2022-10-12-integrate-react-native-and-spring-boot-securely.adoc index 731e59e21f..1f249b84fc 100644 --- a/_source/_posts/2022-10-12-integrate-react-native-and-spring-boot-securely.adoc +++ b/_source/_posts/2022-10-12-integrate-react-native-and-spring-boot-securely.adoc @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [mobile,java,javascript] description: "Use JHipster to build a photo-sharing app for web and mobile that has a React frontend with OIDC authentication and a Spring Boot backend." -tags: [react-native, spring-boot, jhipster] +tags: [react-native, spring-boot, jhipster, auth0] tweets: - "Want to integrate a React Native app with a Spring Boot backend using OAuth 2.0 and OIDC? React Native JHipster makes it pretty darn easy. Learn how to use it in my latest tutorial." image: blog/react-native-jhipster/react-native-jhipster.jpg diff --git a/_source/_posts/2022-10-14-quick-javascript-authentication.adoc b/_source/_posts/2022-10-14-quick-javascript-authentication.adoc index d6026e0def..54243d38fd 100644 --- a/_source/_posts/2022-10-14-quick-javascript-authentication.adoc +++ b/_source/_posts/2022-10-14-quick-javascript-authentication.adoc @@ -5,7 +5,7 @@ author: matt-raible by: advocate communities: [javascript] description: "Learn how to use OktaDev Schematics to add authentication to your JavaScript projects." -tags: [javascript, authentication, oktadev-schematics] +tags: [javascript, authentication, oktadev-schematics, auth0] tweets: - "Need to add authentication to your JavaScript or TypeScript apps? You can do it quickly with @oktadev schematics!" image: blog/oktadev-schematics-auth0/quick-javascript-login.jpg diff --git a/_source/_posts/2022-10-20-spring-vault.md b/_source/_posts/2022-10-20-spring-vault.md index cdcae2151c..97bf592740 100755 --- a/_source/_posts/2022-10-20-spring-vault.md +++ b/_source/_posts/2022-10-20-spring-vault.md @@ -5,7 +5,7 @@ author: jimena-garbarino by: contractor community: [java] description: "Storing secrets in your code is a bad idea. Learn how to use Spring Cloud Config and HashiCorp Vault to make your app more secure." -tags: [spring-vault, oidc, java, spring, spring-boot, vault, hashicorp, spring-cloud-vault] +tags: [spring-vault, oidc, java, spring-boot, vault, hashicorp, spring-cloud-vault, auth0] tweets: - "Learn how to secure your secrets with @springcloud vault and @HashiCorp Vault!" - "Securing your secrets is a must if you want to be secure by design. This tutorial shows you how!" diff --git a/_source/_posts/2023-03-03-step-up-auth.md b/_source/_posts/2023-03-03-step-up-auth.md new file mode 100644 index 0000000000..e5315ef39f --- /dev/null +++ b/_source/_posts/2023-03-03-step-up-auth.md @@ -0,0 +1,175 @@ +--- +layout: blog_post +title: "Step-up Authentication in Modern Applications" +author: indranil-jha +by: advocate +communities: [security] +description: "Understand and apply the principles of step-up authentication" +tags: [] +tweets: +- "" +- "" +- "" +image: blog/step-up-auth/stepup.png +type: awareness +--- + + Step-up authentication in an application is a pattern of allowing access to non-critical resources using basic level of authentication, and requiring additional authentications for critical resources. + +In this article, we will explore the whys and hows of step-up authentication in modern applications that include Single Page Applications (SPA) and native mobile applications. + +Federation protocols such as **OpenID Connect (OIDC)** are getting increasingly popular for modern applications to enhance security by trusting an appropriate identity provider. Here we will focus primarily on the **OIDC** standard and how it can be leveraged to provide the step-up functions in an idiomatic way. + +### Why an application needs step-up authentication + +> "Freedom, security, convenience -- choose two." - Dan Geer + +Step-up authentication is useful in balancing between frictionless user experience and security. + +In general, not all aspects of an application are equally critical. Prioritizing convenience over security for authentication to relatively non-critical resources can ensure a smoother user experience. When the user tries to access sensitive resources, additional scrutiny will ensure integrity and confidentiality.  + +For example, while doing a fund transfer, user probably won't mind multi-factor authentication challenge; while they can otherwise browse the application for just checking balances and viewing offers without much friction. + +Listed below are some real world scenarios where an application will typically challenge user with additional verification: + +- Update profile information + +- Forgot password + +- Purchase merchandise + +- Deposit checks + +- Transfer funds + +- Withdraw money from account + +- Making payments (Accounts Payable) + +- Update accounting information + +- Adjust payroll + +- Access salary data + +- Approve purchase orders + +- Access customer data + +- Update contracts + +- Add new person to the insurance + +- Access premium news articles + +In general, actions that change data or reveal secret information will require a higher level of verification than the default for other operations. + +### How did legacy applications handle this? + +Traditionally applications have handled step-up authentication by building the functionality inside the application. The implementations waste engineering effort by missing an opportunity to reuse well-tested code, incur ongoing maintenance burden, and are prone to security loopholes. + +Legacy access management solutions (*Siteminder*, *Oracle Access Manager*) mostly leverage agent-based reverse proxy architecture, and provide the step-up function by allowing to specify access policies based on HTTP URL paths. This architecture does not work well with modern SPA and mobile applications, since their application resources are not inherently URL based. + +### Federation and step-up + +Additionally, step-up authentication becomes tricky when [federation protocols](https://www.okta.com/identity-101/what-is-federated-identity/) such as **OIDC** and [**SAML**](https://www.okta.com/blog/2020/09/what-is-saml/) are used, since the standard federation protocols, unlike legacy reverse proxy solutions, do not track every user interaction with an application. + +The applications then need to initiate the step-up scenarios by themselves. Fortunately, **OIDC** has specifications to help applications build such scenarios and co-ordinate with identity provider for seamless step-up service in a declarative policy driven fashion. + +### Wait! Do you just want to re-authenticate? + +Sometimes, a user is authenticated to a sufficient level when they first logged in, but the compromise for convenience is to allow long-lived sessions. In this case, re-authentication may be a more appropriate solution than step-up authentication. **OIDC** supports such scenario [implicitly](https://openid.net/specs/openid-connect-core-1_0.html). + +In this case, the application will initiate a new authorization request with the identity provider. The request will have the value for the prompt parameter **login**. Then the authentication server will force re-authentication, even if there is an existing active session. + +``` +GET /authorize? + response_type=code + &scope=openid%20profile%20email + &client_id=****** &state=af0ifjsldkj + &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb + &prompt=login HTTP/1.1 +Host: server.example.com +``` + +### Elevate the session authentication level + +Every time the user tries to access a sensitive area of an application, prompting for re-authentication introduces friction in user experience. To properly strike a balance between smooth user experience and security considerations, the technique of **session elevation** can be adopted. + +The idea is to maintain a basic assurance level for a user session after user initially authenticates to the application.  + +- When the user accesses a sensitive resource, she is prompted for step-up authentication using additional authentication factors.  + +- Once step-up is successful, the user session is moved to a higher assurance level for a specified duration of time.  + +- Next time she accesses the sensitive area within the stipulated period, since her session is already at the elevated level, no more authentication challenge is presented, ensuring a relatively frictionless user experience. + +With **OIDC**, this behavior is achievable using the `acr_values` and `max_age` parameters of the authentication request. + +The following diagram steps through the sequence of access- + +{% img blog/step-up-auth/request-timing.png alt:"timing of authentication and re-authentication" width:"800" %} + + +- The acr_values parameter will have the assurance level requested for a session.  + + - If there is an existing session with a lower level of assurance, the authentication server will prompt the user for additional factors needed to satisfy the requested level of assurance.  + + - If the session is already at the requested level or higher, the authentication server will proceed without any additional user challenge. + +- The max_age parameter will keep the session elevated only for the stipulated duration. This is useful in scenario such as allowing access to sensitive resources, for say next 30 minutes, before it goes back to the previous assurance level. + +``` +GET /authorize? + response_type=code + &prompt=login + &scope=openid%20profile%20email + &client_id=****** + &state=af0ifjsldkj + &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb + &acr_values=phr + &max_age=30 HTTP/1.1 +Host: server.example.com\ +``` + +#### How Okta can help + +##### Okta Customer Identity Cloud (CIC) + +- Okta CIC comes with a flexible and extensible authentication engine, which can easily inspect `acr_values` in the authentication request and initiate step-up authentication.  + +- CIC recommends using the `acr_values` as defined in [this](https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html) OIDC spec. For example, `http://schemas.openid.net/pape/policies/2007/06/multi-factor`. + +- CIC can be configured to provide [step-up authentication](https://auth0.com/docs/secure/multi-factor-authentication/step-up-authentication) for both [web applications](https://auth0.com/docs/secure/multi-factor-authentication/step-up-authentication/configure-step-up-authentication-for-web-apps) and [API](https://auth0.com/docs/secure/multi-factor-authentication/step-up-authentication/configure-step-up-authentication-for-apis) + +##### Okta Workforce Identity Cloud (WIC) + +- WIC Authorization server has inbuilt support for step-up authentication.  + +- Currently, WIC supports a pre-defined [list](https://developer.okta.com/docs/guides/step-up-authentication/main/#predefined-parameter-values) of acr_values.  + +- The non-okta-specific defined values such as phr and phrh are taken from [this](https://openid.net/specs/openid-connect-eap-acr-values-1_0.html#OpenID.PAPE) OIDC spec.  + +- [This guide](https://developer.okta.com/docs/guides/step-up-authentication/main/) explains the capability in more detail. + +### How about transactional MFA? + +Transactional MFA is a close cousin of step-up authentication. In some step-up cases, transactional MFA can be used instead. + +Consider the scenario-  + +- User authenticates to the application + +- At some point the user tries to access a sensitive resource + +- User receives a push notification or email link in her mobile to approve the transaction + +- Once approved, the access is granted to the resource + +Recent standards like [OIDC CIBA](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html) allow this kind of out-of-band transactional MFA and might in some cases meet the need to step-up authentication.  + +One important difference is, while **CIBA** can be used to provide MFA during sensitive transaction, it typically does not affect any provider specific session. Also, **CIBA** is inherently out-of-band, and has its own niche uses.  + +### Additional resources + +Okta CIC Blog: ​[![](https://cdn.auth0.com/website/auth0_favicon.svg)What Is Step-Up Authentication? When To Use It Over MFA or Adaptive Auth?](https://auth0.com/blog/what-is-step-up-authentication-when-to-use-it) diff --git a/_source/_posts/2023-03-07-angular-forroot.md b/_source/_posts/2023-03-07-angular-forroot.md new file mode 100644 index 0000000000..850b4446dc --- /dev/null +++ b/_source/_posts/2023-03-07-angular-forroot.md @@ -0,0 +1,123 @@ +--- +layout: blog_post +title: "Streamline Your Okta Configuration in Angular Apps" +author: alisa-duncan +by: advocate +communities: [javascript] +description: "" +tags: [angular] +tweets: +- "Follow best patterns to quickly add your Okta configuration to #Angular apps by using the forRoot pattern!" +image: blog/angular-forroot/social.jpg +type: awareness +--- + +The Okta Angular SDK supports a new and improved configuration method to pass in the required properties for incorporating Okta in your Angular applications. Now, you can add Okta to your Angular application using the `forRoot` pattern! + +## The `forRoot` pattern in Angular + +The `forRoot` pattern helps ensure services defined in `NgModules` aren't duplicated across the application. This is especially noteworthy if you have a module that both provides services and also has component and directive declarations. The intention for the `forRoot` static method is for importing and configuration to happen at the root module. This is good practice and recommended patterns for an authentication module! It can make configuring the `NgModule` more straightforward too! + +Let's take a look at an example case, such as a cupcake e-commerce application with a module containing a service and view for supporting denoting your favorite treats with a heart. 😋🧁💜 + +Your service code might look like this with the `@Injectable()` decorator: + +```ts +@Injectable() +export class FavoriteCupcakeService { + addCupcakeToFavorites(cupcake: Cupcake): Observable { + // make HTTP call to add a cupcake to favorite for this user + } + + getFavoriteCupcakes(): Observable { + // make HTTP call to get all the favorite cupcakes for this user + } +} +``` + +Additionally, you have a component that supports the favorite cupcakes feature in the favorite cupcake module: + +```ts +@NgModule { + declarations: [FavoriteCupcakeComponent], + exports: [FavoriteCupcakeComponent], + providers: [FavoriteCupcakeService] +} +export class FavoriteCupcakeModule {} +``` + +In your application module, you might import the `FavoriteCupcakeModule`, making the declared `FavoriteCupcakeComponent` and provided `FavoriteCupcakeService` available throughout your application. + +But what if you don't import the `FavoriteCupcakeModule` in the `AppModule` or if you want to use the `FavoriteCupcakeComponent` in a lazy-loaded feature module in your app? You'll have to reimport the `FavoriteCupcakeModule` in that lazy-loaded module. Each lazy-loaded module has an injector instance, so you may have multiple instances of the `FavoriteCupcakeService` in your application, which we don't want. + +One option is to amend the `@Injectable()` decorator to add the metadata that determines where in the application the service is provided using the `providedIn` property: + +```ts +@Injectable({ + providedIn: 'root' +}) +``` + +This declaration within the decorator is preferable over providing the service within a module's `providers` array because it supports tree-shaking. + +Another option is adding the `forRoot()` static method to the `FavoriteCupcakeModule` and providing the `FavoriteCupcakeService`instead of through the `providers` array. The `FavoriteCupcakeService` can and should be a singleton instance for the application, and the `forRoot()` static method sets the module up to do so. + +Following in the steps of this best practice, the Okta Angular SDK now has more streamlined configuration options and helps promote good practices of importing the `OktaAuthModule` at the application root. Authentication applies to the entire application and should not depend on where you imported the `OktaAuthModule` in the application. + +Let's look at this configuration change. + +## Configuring the Okta Angular SDK using OAuth 2.0 and OpenID Connect (OIDC) + +Previously, to incorporate Okta in your Angular applications, you had to import the `OktaAuthModule` and pass in your configuration in the `providers` array as a replacement for the `OKTA_CONFIG` injection token like this: + +```ts +const oktaAuth = new OktaAuth({ + clientId: '{yourOktaClientId}', + issuer: 'https://{yourOktaDomain}/oauth2/default' +}); + +@NgModule({ + imports: [ + OktaAuthModule + ], + providers: [ + { provide: OKTA_CONFIG, useValue: {oktaAuth} } + ] +}) +export class AppModule { } +``` + +This method will continue to work, and you can continue using the module as you have it now without any changes. + +However, you can now change your configuration to pass in your Okta config directly into the `forRoot()` method of the `OktaAuthModule`. Not only is this more straightforward, it sets your application up to practice better architecture: + +```ts +const oktaAuth = new OktaAuth({ + clientId: '{yourOktaClientId}', + issuer: 'https://{yourOktaDomain}/oauth2/default' +}); + +@NgModule({ + imports: [ + OktaAuthModule.forRoot({oktaAuth}) + ] +}) +export class AppModule { } +``` + +The `OktaAuthModule` handles setting the `OKTA_CONFIG` injection token for you, so you won't have to make that extra hop when adding Okta to your application! 🎉 + +## Configuring Okta Angular application going forward + +Since authentication-related services should be application-wide, we recommend using the `OktaAuthModule.forRoot()` static method when configuring Okta in new Angular applications. You're still covered with backward-compatibility support if you have more complex needs, such as requiring a factory method to provide the `OKTA_CONFIG` injection token. + +The Okta Angular SDK team plans to improve this in the future. They recognize the current `OktaAuthModule` can improve, and to truly support `forRoot()`, they will have to remove auth services from the `providers` array of the module, which breaks backward compatibility. The Okta Angular SDK team also is preparing to support the latest Angular features, which will become the Angular recommended patterns going forward, such as stand-alone components, module-less architecture, and functional route guards. If you have thoughts or input, or want to share how you use the Okta Angular SDK so the team can make sure they consider it, feel free to drop a note in the comment below. + +## Learn more about Angular, Dependency Injection, and OpenID Connect + +If you liked this post, you might want to check out the following: +* [Practical Uses of Dependency Injection in Angular](/blog/2022/10/11/angular-dependency-injection) +* [Three Ways to Configure Modules in Your Angular App](/blog/2022/02/24/angular-async-config) +* [Add OpenID Connect to Angular Apps Quickly](/blog/2022/02/11/angular-auth0-quickly) + +Remember to follow us on [Twitter](https://twitter.com/oktadev) and subscribe to our [YouTube channel](https://www.youtube.com/c/OktaDev/) for more exciting content. We also want to hear about what tutorials you want to see. Leave us a comment below.