78°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Boomrang https://twitter.com/boomrang99   •   Jul 29
    Thanks for the response. I am trying to understand the specifics of the risk involved here. The site itself is HTTPS however the load balancer/proxy infra sometimes redirect to HTTP for the callback URL
    Aaron Parecki
    Everything that the user's browser touches has to be HTTPS.

    This document talks about the details of several related attacks if you're interested https://tools.ietf.org/html/draft-ietf-oauth-security-topics
    Portland, Oregon
    Mon, Jul 29, 2019 8:41am -07:00
    1 like 2 replies
    • Nate Barbettini
    • Boomrang twitter.com/boomrang99
      and how this is possible??????
      Fri, Dec 13, 2019 2:31am +00:00 (via brid-gy.appspot.com)
    • Boomrang twitter.com/boomrang99
      I think my question is not answered. I understand that the sites must be HTTPS. However my questy is specific to sending authorization code in HTTP channel. It is actually a URL parameter!! And not a POST request
      Sat, Aug 3, 2019 4:35am +00:00 (via brid-gy.appspot.com)
Posted in /replies using monocle.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv