Aaron Parecki

Monday, November 19, 2018

• 
• 

  10:11pm

  Asleep

  6:03am

  Awake

  7h 52m

  Slept

  17m

  Awake for

  

  Portland, Oregon, USA • 42°F

  Mon, Nov 19, 2018 6:03am -08:00
• Johannes Ebner 🌐 https://twitter.com/Structed

  Great talk about the #indieweb by @adactio at #voxxeddays #thessaloniki - extremely inspiring!

  

  Portland, Oregon • 46°F

  Mon, Nov 19, 2018 8:43am +00:00 (liked on Mon, Nov 19, 2018 6:20am -08:00) #indieweb #voxxeddays #thessaloniki
• Stéphanie Walter @ Voxxed Thessaloniki 🦊🌈🇬🇷 https://twitter.com/WalterStephanie

  A great resource to know more about decentralized web: https://indieweb.org/
  Don't forget to have fun, your website is a playground!!
  Let's share what we know, just chose where you want to share it.
  #vdthess18

  Portland, Oregon • 46°F

  Mon, Nov 19, 2018 8:42am +00:00 (liked on Mon, Nov 19, 2018 6:21am -08:00) #vdthess18
• 

  161.4lbs

  Weight

  20.3%

  Body Fat

  Portland, Oregon • 39°F

  Mon, Nov 19, 2018 6:21am -08:00
• Instant Pot Caramelized Onions (www.essentialomnivore.com)

  Mon, Nov 19, 2018 7:56am -08:00 #recipe
• Easy Vegan French Onion Soup Recipe | Elizabeth Rider (www.elizabethrider.com)

  Mon, Nov 19, 2018 7:56am -08:00 #recipe
• Stephanie Walter https://mastodon.social/@stephaniewalter

  "Having your own website is damn disruptive when everything is centralised on Medium, Facebook, Twitter, etc." 😀 #vdthess18

  Portland, Oregon • 42°F

  Mon, Nov 19, 2018 8:40am +00:00 (liked on Mon, Nov 19, 2018 8:31am -08:00) #vdthess18
• Lillian Karabaic https://twitter.com/anomalily

  Sleep is a drug. I took 2 whole days off work and slept 9 hours a night and exercised and I feel like I am on SPEED today. Is this why weekends exist?

  Portland, Oregon • 43°F

  Mon, Nov 19, 2018 4:52pm +00:00 (liked on Mon, Nov 19, 2018 9:00am -08:00)
• (datatracker.ietf.org)

  Portland, Oregon • 52°F

  Mon, Nov 19, 2018 3:49pm -08:00 #ietf #oauth #ietf103
• https://www.ietf.org/mail-archive/web/oauth/current/msg18477.html

  OAUTH-WG
  

  On Wed, Nov 7, 2018 at 7:20 AM Joseph Heenan <joseph at authlete.com> wrote:
  
  > It may be worth slightly rewording 7.2 as it may encourage a growing misconception that all native apps must be public clients. With many devices now having embedded HSMs, we’ve seen increasing interest in mobile apps being dynamically (per-install) registered oauth2 private clients, and that model has a lot of advantages. (I’m not sure if we might see a similar model evolving for web apps.)
  
  That's a great point, thanks. I've removed the reference to native apps being public clients since it doesn't really add anything to this spec if I have to caveat the description.
  
  On Thu, Nov 15, 2018 at 12:58 PM Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
  
  > > > First of all the AS decides whether it issues refresh tokens or not. Having the ability does not mean the AS must do it. If you feel it’s safer to not do it. Fine.
  > > Sure, and this should be mentioned then somewhere (either in the threats doc or in this proposed best practice doc). Not all end developers using these protocols fully understand the ramifications.
  > @Aaron: I suggest this goes to the SPA BCP since this is client specific.
  
  Thanks, I agree that this document should include some recommendations around refresh token handling. Looking at the discussion in this thread, it seems there are a few different strategies folks are taking. Since it seems like there isn't a strong consensus, it sounds like this would be better suited for the "Security Considerations" section, and to not make MUST/SHOULD recommendations, but rather just point out the issues. Any thoughts on that before I take a stab at writing something?
  
  I've incorporated some of the other feedback here and published an updated version:
  
  https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-01
  
  Thanks for the feedback so far.

  Portland, Oregon

  Mon, Nov 19, 2018 6:09pm -08:00 #oauth