Aaron Parecki

Tuesday, April 24, 2018

• 
• 

  9:44pm

  Asleep

  5:44am

  Awake

  8h 00m

  Slept

  14m

  Awake for

  

  Portland, Oregon, USA

  Tue, Apr 24, 2018 5:44am -07:00
• 

  151.2lbs

  Weight

  18.0%

  Body Fat

  Portland, Oregon

  Tue, Apr 24, 2018 5:59am -07:00
• 

  Contributions from: Canada, Germany, Israel, South Africa, United Kingdom, United States

  Tue, Apr 24, 2018 9:14am -07:00
• Adam Lewis https://twitter.com/lewiada

  We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.

  Portland, Oregon • 71°F

  Tue, Apr 24, 2018 1:48pm -04:00 (liked on Tue, Apr 24, 2018 10:52am -07:00)
• Adam Lewis https://twitter.com/lewiada   •   Apr 24

  We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.
  

  BCP for public UA clients:
  
  • use the authorization code flow
  • omit client secret
  • strict redirect URI validation
  
  Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps

  Portland, Oregon • 71°F

  3 likes 1 repost 6 replies

  Tue, Apr 24, 2018 10:57am -07:00 #oauth2
• Aaron Parecki https://aaronparecki.com/   •   Apr 24

  BCP for public UA clients:
  
  • use the authorization code flow
  • omit client secret
  • strict redirect URI validation
  
  Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps
  

  I agree it would be nice to see this written up properly though. In the mean time, I'm adding a section to my book about this.

  Portland, Oregon • 72°F

  2 likes 1 repost

  Tue, Apr 24, 2018 11:05am -07:00
• 

  @buffer Does this Facebook API announcement mean publishing to Facebook from Buffer will stop working? https://developers.facebook.com/blog/post/2018/04/24/new-facebook-platform-product-changes-policy-updates/

  Portland, Oregon • 73°F

  1 like 2 replies

  Tue, Apr 24, 2018 11:41am -07:00
• Adam Lewis https://twitter.com/lewiada   •   Apr 24

  and what about for storing the access token in the browser?
  

  Sadly there isn't a satisfying answer to that. Anything that your JS can use to store any token is vulnerable to XSS. The only secure option is cookies, but that won't work with OAuth. https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

  Portland, Oregon • 75°F

  1 like 3 replies

  Tue, Apr 24, 2018 12:07pm -07:00
• Please Stop Using Local Storage (dev.to)

  Tue, Apr 24, 2018 12:07pm -07:00 #localstorage #oauth
• Apr 24

  Announcement: “Those of you sitting in window seats probably got a good look at the Southwest jet that flew over us. They’re at 36,000 ft., we are at 35,000 ft.” A) Is this common? B) Is it a good idea to announce this? 😳🤔
  

  wow pretty cool! It looks like 1000ft is normal though: https://aviation.stackexchange.com/a/2813

  Portland, Oregon • 77°F

  Tue, Apr 24, 2018 2:19pm -07:00
• nickvance https://micro.blog/nickvance   •   Apr 24

  @aaronpk I'm a big fan of plan 'ol RSS but this is neat. Seems weird that it shows up under a GoDaddy URL though?
  

  Plain old RSS is fine for what it does -- one-way consumption of blog posts and podcasts -- but the web moved on from that kind of interaction ages ago. GoDaddy has been a big indieweb supporter for a while now too! https://indieweb.org/GoDaddy

  Portland, Oregon • 78°F

  Tue, Apr 24, 2018 2:29pm -07:00
• Donut.js 🍩 6pm Tue Apr 24 at Alchemy Code Lab http://donutjs.club

  Hello everybody, Donut.js is tonight! Tickets are still available! Join us at 6pm at @AlchemyCodeLab for superb talks from @ryrykubes and @sandyaaaas and @elnoelle. Come support http://portlandmeetportland.org! Come and eat donuts and chat and party! https://donutjs.club

  

  Portland, Oregon • 78°F

  Tue, Apr 24, 2018 2:43pm -07:00 (liked on Tue, Apr 24, 2018 3:05pm -07:00)
• Donut.js 🍩 6pm Tue Apr 24 at Alchemy Code Lab http://donutjs.club

  We are very happy to let you know that @oktadev is sponsoring our video recording and production!
  
  Okta provides authentication, authorization, and user management to your web or mobile app. Learn more at http://developer.okta.com!
  
  🔑🍩‿🍩🔒

  Portland, Oregon • 78°F

  Tue, Apr 24, 2018 2:39pm -07:00 (liked on Tue, Apr 24, 2018 3:05pm -07:00)
• 

  at Alchemy Code Lab

  Portland, Oregon • Tue, April 24, 2018 5:32pm

  45.523394 -122.680919

  #DonutJS setup

  Portland, OR, United States • 79°F

  4 Coins

  Tue, Apr 24, 2018 5:32pm -07:00 #donutjs
• 

  Hello from @donutjs, packed house tonight! We're livestreaming tonight thanks to support from @oktadev! https://youtu.be/4czBvCbtiWw

  

  Portland, Oregon • 76°F

  8 likes 2 reposts

  Tue, Apr 24, 2018 6:41pm -07:00