83°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Fred Emmott https://twitter.com/fredemmott   •   Jan 14
    Does anyone have an approachable article for "don't trust the client"? Best I've found is the OAuth threat model RFC (RFC 6819), but it's a bit too long to ask others to read for a quick overview :) (not work related)
    Aaron Parecki
    Good question. If you find anything, let me know and I can add a link to it on https://oauth.net/2/native-apps/
    Portland, Oregon, USA • 39°F
    Mon, Jan 14, 2019 10:00am -08:00
    1 reply
    • Aaron Parecki twitter.com/aaronpk
      oh you're definitely not crazy, I just sometimes forget that not everybody already knows this :-) Most of what I've written on this starts with the assumption that the reader already knows mobile apps can't keep secrets.
      Mon, Jan 14, 2019 6:10pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv