69°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • alianora https://cybre.space/@nightpool   •   May 2

    @aaronpk no, I understand that one, I just still don't see how pkce helps improper redirect validation (since the pkce secret and redirect URI come from the same request)

    Aaron Parecki
    PKCE makes the auth code useless if it's stolen. In PKCE the secret isn't sent out until the access token request.
    San Jose, California • 49°F
    Thu, May 2, 2019 4:21pm -07:00
    1 reply
    • alianora cybre.space/@nightpool

      @aaronpk Yes, i get that, but the attacker can make the access token request just as easily as the legitimate client.

      Thu, May 2, 2019 11:22pm +00:00
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv