48°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Aaron Parecki
    Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.

    https://twitter.com/atomicbird/status/1163478833326108673
    Santa Ana, California, USA
    Mon, Aug 19, 2019 2:29pm -07:00 #apple #oauth #openid #oidc
    18 likes 9 reposts 6 replies
    • Ondřej Pokorný
    • Drezil
    • Kristin Henry
    • shibayashi
    • Sengi
    • Jacky.
    • NODL
    • @herestomwiththeweather@mastodon.social
    • Tim Cappalli
    • Hirsch Singhal
    • Yogesh Powar
    • Alex White
    • 1Man/ManyMachines
    • felix schwenzel
    • Blaine Cook
    • Micah Silverman
    • Moshe Njema
    • Drezil
    • Felix 𝄢
    • Alex White
    • Frank Gasparovic
    • Evan
    • shibayashi
    • Adrian Cochrane
    • Jacky.
    • Jonathan Giddy
    • beroal CS twitter.com/beroal_cs
      IIRC, incompatibilities between implementations sank OpenID. Hence the problem is in the programmers, again.
      Fri, Aug 30, 2019 8:06pm +00:00 (via brid-gy.appspot.com)
    • Hirsch Singhal twitter.com/hpsin_
      (and thank you for your writeup on what the heck is Apple ID, it's been a great resource to help bring others up to speed)
      Mon, Aug 19, 2019 11:41pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      Yeah totally. That was why I was bashing my head against the wall for a while when I first tried this API out. I couldn't figure out what I was doing wrong. The worst part is it's based on the first time the user approves the app regardless of whether the app finishes the flow. John P Dandison ☁☁☁
      Mon, Aug 19, 2019 10:49pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      100%. Also notice how not following the spec opened up a new vulnerability. But when has Apple been known to respect standards? Hirsch Singhal
      Mon, Aug 19, 2019 10:48pm +00:00 (via brid-gy.appspot.com)
    • John Patrick Dandison ☁☁☁ twitter.com/AzureAndChill
      There’s not a clear way to ‘reset’ either which makes test/dev extremely frustrating Aaron Parecki Aaron Parecki Aaron Parecki
      Mon, Aug 19, 2019 10:46pm +00:00 (via brid-gy.appspot.com)
    • Hirsch Singhal twitter.com/hpsin_
      This is disappointing, and likely a hole in any OIDC compliance. I'd expect requesting an email scope drops the email claim into the token. Aaron Parecki Aaron Parecki Aaron Parecki
      Mon, Aug 19, 2019 10:42pm +00:00 (via brid-gy.appspot.com)
Posted in /notes using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv