Solutions Engineer at Okta. I write about identity, access management, and security. This site archives my published articles, talks, and presentations.
Most analytics tools require a JavaScript snippet in every page — which means your readers' browsers are doing the tracking work, and adding a dependency you cannot fully control. In this post I will detail how I added page view tracking to this blog using Next.js 16's proxy layer and Vercel Blob, with no client-side JavaScript and no third-party analytics service.
Identity systems are very good at answering one question: who are you? What they are less good at is the follow-up: and who are you acting for? In this post I will look at why separating the authenticated user from the account or person they are acting within is important, what it enables across a range of industries, and how Auth0 and Auth0 FGA address the two complementary sides of the problem.
In part one we built the Auth0 ACUL screens for multi-tenant routing with a hardcoded lookup. In this post I will replace that with a real Cloudflare Worker backed by Workers KV, move to full email-address routing, handle users who exist across multiple tenants, and add Cloudflare Turnstile bot protection to the login screens.
Home Realm Discovery is a well-understood pattern at the network layer, but moving that routing logic inside Auth0's login flow using Advanced Custom Universal Login opens up some interesting possibilities — and a few unexpected challenges.
The Auth0 CLI is a handy tool to help with designing and building your Auth0 experience. It lets you do a number of things including: The Auth0 CLI has a simple interactive logging flow that lets you login as a user and it is powered by the device authorization flow. Unfortunatel