Category Archives: Developer

It’s that time of year… when people think about exchanging JWT for opaque tokens

Yes, it’s that time of year when people think about RFC7523, which describes how to exchange JWT for opaque OAuth tokens. Right? If you’re like me, the waves of acronyms, jargon, and IETF RFCs (see what I did there?) seem to never end. OAuth, JWT, RFC 7523, JTI, … Continue reading »


Developer , , , ,

Drupal 7, #states, and mutually exclusive checkboxes

This post will be a bit techy. I confronted and solved a minor problem yesterday, and in the spirit of the internet, thought I’d share the solution, in case anyone else tries something similar. This is about Drupal forms, and specifically within forms, the #states capability, which is … Continue reading »


Developer , ,

Google Guava – sweet and succulent

I have a bit of java code that handles JWT. It generates a MACVerifier and then uses that to verify a signature. Someone commented that it was taking more time than they expected. I didn’t see a ton of opportunity for optimization, but I thought I might wrap … Continue reading »


Developer , , ,

restclient.el – sending API Requests directly from within Emacs

Hey, something new! (to me!) the restclient.el library, for emacs. I tried it. I like it. I recommend it. What does it do? Allows you to send REST requests (really just http requests) right from emacs, interactively. And then pretty-prints the results if possible (if XML or JSON … Continue reading »


Developer , ,

Webinar on OpenID Connect and JWT in Apigee Edge, featuring yours truly

Here’s the replay of the Webinar, on OpenID Connect and JWT that I did with Vinit Mehta a week ago or so. It’s about 45 minutes long. If you have questions, you can post them to The Apigee Community


Developer , ,

letsencrypt and NearlyFreeSpeech

I’ve been running this site on nearlyfreespeech for some time now. Last week I created a cert using the tools and service made available by letsencrypt.org, and then configured my NFS server to use it. It was pretty easy, but not documented. I’ll share here what I did … Continue reading »


Developer , , ,

Use PHP code to make WordPress redirect to secure site

Lots of people use the .htaccess redirect rules to force their wordpress sites to load with the secure option. It looks like this: But if you have a hoster that does not provide you the ability to modify the .htaccess file, that won’t work. These hosters typically set … Continue reading »


Developer , , ,

Pre-request script for Postman, to calculate HttpSignature

If you do REST, you probably have a favorite REST client testing tool. Mine is Postman, a Google Chrome app. Postman has a nifty feature called Pre-request scripts, which allows you to write some Javascript code that performs a calculation and then reads and writes the “environment” object … Continue reading »


Developer , , ,

Online calculator for SHA and HMAC-SHA

Here’s a thing I built. It’s just a webpage that calculates SHA-(1,224,256,384,512) and HMAC with the same algorithms. I was using this to help with building a system that relies on HttpSignature. Developers need some help in constructing and validating their HMACs and SHAs.


Developer , ,

Naïve Data analysis leads to incorrect conclusions – WWII Bomber Plane edition

Here’s a good story showing us how focusing on the data we have in front of us may lead us to incorrect conclusions. The summary is this: In World War II, Allied bomber command undertook an analysis effort to determine how to optimally reinforce bomber planes to protect … Continue reading »


Developer , , ,