Adding an RSS Feed to a Next.js App Router Site
A reader asked me to add an RSS feed to this blog. With Next.js App Router, the whole thing is about fifty lines of code and zero new dependencies - the framework handles more than you might expect.
Solutions Engineer at Okta. I write about identity, access management, and security. This site archives my published articles, talks, and presentations.
A reader asked me to add an RSS feed to this blog. With Next.js App Router, the whole thing is about fifty lines of code and zero new dependencies - the framework handles more than you might expect.
Every Auth0 session and token option in one live demo - Traditional Web App, SPA with DPoP, BFF with Multi-Resource Refresh Tokens, SSO isolation, On-Behalf-Of, Custom Token Exchange, and a unified profile view that correlates all of them at the Authorization Server layer.
Auth0 gives you a lot of knobs to turn when it comes to sessions and tokens. This post maps out every option - including RFC 8693 token exchange flows for service delegation and external identity bridging - and shows how they work together for different application types.
Running Auth0 MFA demos with real SMS requires every presenter to have a personal phone enrolled. Auth0's custom-phone-provider trigger lets you route codes to a shared inbox instead, so any team member can run the demo without any per-device setup.
OpenID's Shared Signals Framework and Continuous Access Evaluation Profile went final in August 2025, but Auth0 supports neither natively. This post details a from-scratch reference implementation, and what building it revealed about the gap between a finalised spec and the tooling around it.