79°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

Wednesday, November 6, 2019

← Older → Newer
bus
37 min
 
9.3 miles
 
bus
  • 1:10am
    Asleep
    7:13am
    Awake
    6h 03m
    Slept
    22m
    Awake for
    Malmö, Skåne län, SWE
    Wed, Nov 6, 2019 7:13am +01:00
  • Aaron Parecki
    at Percy´s Restaurant & Bar
    Malmö, Skåne, Sweden • Wed, November 6, 2019 7:43am
    55.56483 12.975995
    Malmö, Skåne, Sweden • 35°F
    25 Coins
    Wed, Nov 6, 2019 7:43am +01:00
  • Fried Cauliflower and Potatoes
    Malmö, Skåne län • 36°F
    Wed, Nov 6, 2019 7:58am +01:00
  • Aaron Parecki
    Contributions from: Canada, France, Germany, Netherlands, Sweden, United Kingdom
    Wed, Nov 6, 2019 8:03am +01:00
  • Aaron Parecki
    at Best Western Malmö Arena Hotel
    Malmö, Skåne, Sweden • Wed, November 6, 2019 8:18am
    55.565671 12.976025
    Malmö, Skåne, Sweden • 35°F
    9 Coins
    Wed, Nov 6, 2019 8:18am +01:00
  • Aaron Parecki
    at MalmöMässan
    Malmö, Skåne, Sweden • Wed, November 6, 2019 8:19am
    55.566229 12.977125
    Øredev day 1!
    Malmö, Skåne, Sweden • 35°F
    6 Coins
    Wed, Nov 6, 2019 8:19am +01:00
  • dietrich https://mastodon.social/@dietrich   •   Nov 5

    Feels like Gmail folders/labels are loading reeeeaaaallllyyy slow these days.

    Aaron Parecki
    half the time gmail fails to show some of the labels on an email, which is great when I try to go add it, and instead it then toggles the label off πŸ€¦β€β™‚οΈ
    Malmö, Skåne län • 38°F
    1 reply
    Wed, Nov 6, 2019 11:13am +01:00
  • How to Hack OAuth
    Nov
    6
    November 6, 2019 1:00pm - 2:00pm (+0100)
    MalmöMässan Exhibition & Congress Center
    Malmö, Skåne län, SWE
    Øredev
    View Slides
    Watch Video
    2 mentions
    permalink #oauth
  • Aaron Parecki
    Contributions from: Canada, France, Germany, Netherlands, Sweden, United Kingdom
    Wed, Nov 6, 2019 1:32pm +01:00
  • Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna
    Incredibly excited to hear @aaronpk talk about How To Hack OAuth! Such a relevant topic to my current work and a talk I've been looking forward to since it was announced! #oredev
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 11:58am +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oredev
  • Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna
    This is absolutely how it feels trying to learn OAuth when you're first starting out.... Ok fine, this is how I still feel some days @aaronpk #oredev
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 12:02pm +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oredev
  • Filip Bech πŸ‡©πŸ‡° https://twitter.com/Filipbech
    Super interesting talk about hacking #oauth by @aaronpk ... insightful!
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 12:37pm +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oauth
  • Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna
    A quick and easy visualization of Back Channel data transfer vs Front Channel data transfer by @aaronpk at #oredev!
    I'll now be sitting here dreaming of a world where kitties come to give me my access tokens ..
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 12:49pm +00:00 (liked on Wed, Nov 6, 2019 1:51pm +01:00) #oredev
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Ah, that’s a shame. It seemed to be going well so far and I thought I'd be done today but since getting "invalid_grant" I've made no progress (I'm using it in an Expo app). I've seen it mentioned in a few places but nobody seems to have a solution. Thanks for the quick reply. πŸ‘
    Aaron Parecki
    They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
    Malmö, Skåne län, SWE • 40°F
    1 like 2 replies
    Wed, Nov 6, 2019 2:38pm +01:00
  • Peter Bhat Harkins https://twitter.com/pushcx
    @Lobsters fetches web pages for a couple reasons:
    * to prefill the title field on new links as a convenience
    * to cache story text for the search engine
    * to check for rel=canonical links
    * to auth github/twitter/keybase accounts
    * to send webmentions back to blogs
    Malmö, Skåne län • 41°F
    Wed, Nov 6, 2019 1:41pm +00:00 (liked on Wed, Nov 6, 2019 2:43pm +01:00)
  • Aaron Parecki
    Slides from my "How to Hack OAuth" talk at #oredev are up!

    https://speakerdeck.com/aaronpk/how-to-hack-oauth-oredev-2019

    Thanks everyone for coming to watch and I hope you got something out of it! I'll post again when the video is out!
    Malmö, Skåne län, SWE • 41°F
    28 likes 4 reposts 1 reply
    Wed, Nov 6, 2019 2:47pm +01:00 #oredev #oauth
  • Mike Ortiz https://twitter.com/ortizmj12   •   Nov 1
    hey @aaronpk, thanks again for the great talk at #bsidespdx! Any chance you'll be sharing the slide deck? I wanted to review them again and there were some links in there I wanted to follow up on :)
    Aaron Parecki
    Video is up and slides are linked from there! https://www.youtube.com/watch?v=xSDeToCyJjo&list=PLRyLn6THA5wN05b3qJ6N0OpL3YbritKI-
    Malmö, Skåne län, SWE • 41°F
    1 like 1 reply
    Wed, Nov 6, 2019 2:49pm +01:00
  • Aaron Parecki
    Contributions from: Canada, France, Germany, Malaysia, Netherlands, Sweden, United Kingdom
    Wed, Nov 6, 2019 3:34pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.
    Aaron Parecki
    Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.
    Malmö, Skåne län • 41°F
    4 replies
    Wed, Nov 6, 2019 3:35pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    As I'm also using Expo, I followed the following to start with and there was no redirect_uri used.

    https://medium.com/appandflow/eli5-sign-in-with-apple-for-react-native-using-expo-sdk35-node-js-5210cdb94bd6

    I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.
    Malmö, Skåne län • 41°F
    1 reply
    Wed, Nov 6, 2019 4:02pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
    Malmö, Skåne län • 40°F
    4 replies
    Wed, Nov 6, 2019 4:22pm +01:00
  • David Neal πŸ₯“πŸ₯‘ https://twitter.com/reverentgeek
    Hey! Could you do me a favor? I've published what I *hope to be* an informative and entertaining intro to OAuth & OIDC. It would be so awesome to hear your feedback so I can get better at making these types of videos! Please share it with others, too! https://www.youtube.com/watch?v=t18YB3xDfXI
    Malmö, Skåne län • 40°F
    Wed, Nov 6, 2019 2:39pm +00:00 (liked on Wed, Nov 6, 2019 4:25pm +01:00)
  • Egil Sørensen https://twitter.com/egilegil
    Very good presentation, thoroughly enjoyed it. Inclusion of cats as visual aids are also always welcome πŸ‘πŸ™‚
    Malmö, Skåne län • 40°F
    Wed, Nov 6, 2019 3:18pm +00:00 (liked on Wed, Nov 6, 2019 4:25pm +01:00)
  • Aaron Parecki
    at SkajBar
    Malmö, Skåne, Sweden • Wed, November 6, 2019 5:02pm
    55.565773 12.975895
    Malmö, Skåne, Sweden • 40°F
    35 Coins
    Wed, Nov 6, 2019 5:02pm +01:00
  • Aaron Parecki
    Last night at the #oredev speaker dinner I got to participate in either an old Swedish tradition or an elaborate prank they play on foreigners: alternating between the sauna and jumping into the Baltic Sea three times.

    Either way it was a fun experience. πŸ˜†
    Malmö, Skåne län • 40°F
    18 likes 4 replies
    Wed, Nov 6, 2019 5:15pm +01:00 #oredev
  • Grant Horwood ↙↙↙ https://twitter.com/gbhorwood
    like, am i going to watch this guy's video on oauth? is it going to be accurate and insightful? i have no idea. but the second i saw that nineties "i'm running slackware on a sparc station 10" beard, i slammed the 'play' button.
    Malmö, Skåne län • 40°F
    Wed, Nov 6, 2019 4:23pm +00:00 (liked on Wed, Nov 6, 2019 5:42pm +01:00)
  • Justin Richer https://twitter.com/justin__richer
    And this is precisely why "expires_in" is a lot less helpful than it seems.
    Malmö, Skåne län • 39°F
    Sat, Nov 2, 2019 11:44am +00:00 (liked on Wed, Nov 6, 2019 5:48pm +01:00)
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
    Malmö, Skåne län • 39°F
    5 replies
    Wed, Nov 6, 2019 6:16pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    I remembered why `redirect_uri` is optional in their docs πŸ˜‚

    They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 6:19pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.
    Aaron Parecki
    What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 6:32pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.
    Aaron Parecki
    Also you need to be exchanging the authorization code from a server somewhere, because you can't ship this app with the client secret built in.
    Malmö, Skåne län • 39°F
    1 reply
    Wed, Nov 6, 2019 6:32pm +01:00
  • Gary https://twitter.com/every_daydad   •   Nov 6
    Today during lunch I'm trying to finish the edit for Friday's video as I've got a pretty busy week ahead.

    And I'll tell you what, MacOS side car basically gives you dual screen capability that fits in your backpack.

    It's going to change how I travel.

    🀯
    Aaron Parecki
    How's the latency? I've been using Duet for a while, but it's a bit laggy and occasionally has some compression artifacts, so I mainly only use it as a second display for presentations.
    Malmö, Skåne län • 39°F
    2 likes 2 replies
    Wed, Nov 6, 2019 6:34pm +01:00
  • David Neal πŸ₯“πŸ₯‘ https://twitter.com/reverentgeek
    Oh my goodness I just made a total fool of myself spewing my coffee and laughing out loud at this tweet at #MSIgnite πŸ˜‚

    Thanks for making my day!
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 5:24pm +00:00 (liked on Wed, Nov 6, 2019 6:36pm +01:00) #MSIgnite
  • Gary https://twitter.com/every_daydad   •   Nov 6
    There is a noticeable lag but just having a second window to hold non-priority screens is awesome.
    Aaron Parecki
    ah bummer I was hoping they could do magic being closer to the metal at both ends. Guess it's cool that it'll be built in now tho.

    Duet has been a lifesaver when I need to see speaker notes but also need to share the slides via Zoom.
    Malmö, Skåne län • 39°F
    2 likes
    Wed, Nov 6, 2019 6:41pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    I have a GraphQL server (Prisma) and I'm sending the auth code there. Then, on that server, I'm trying to validate the auth code with Apple. Once it validates, I'd either be creating a user and sending a session token back or signing a user in by sending back a session token.
    Aaron Parecki
    Cool, so that URL on the GraphQL server is the redirect_url, and that's what needs to be sent in that POST request.
    Malmö, Skåne län • 39°F
    2 replies
    Wed, Nov 6, 2019 6:51pm +01:00
  • Bus
    4.86mi
    Distance
    21:22
    Duration
    7:34pm
    Start
    7:55pm
    End
    Malmö, Skåne län • 38°F
    Wed, Nov 6, 2019 7:55pm +01:00
  • Aaron Parecki
    at Malmö Rådhus
    Malmö, Skåne, Sweden • Wed, November 6, 2019 7:59pm
    55.606392 13.000806
    Malmö, Skåne, Sweden • 38°F
    25 Coins
    Wed, Nov 6, 2019 7:59pm +01:00
  • Eggplant Parmesan
    Malmö, Skåne län, SWE • 35°F
    Wed, Nov 6, 2019 9:17pm +01:00
  • Bus
    4.51mi
    Distance
    15:43
    Duration
    10:32pm
    Start
    10:47pm
    End
    Malmö, Skåne län • 33°F
    Wed, Nov 6, 2019 10:47pm +01:00
  • Aaron Parecki
    at SkajBar
    Malmö, Skåne, Sweden • Wed, November 6, 2019 10:57pm
    55.565773 12.975895
    Keeping the party going
    Malmö, Skåne, Sweden • 33°F
    8 Coins
    Wed, Nov 6, 2019 10:57pm +01:00
← Older → Newer

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • πŸŽ₯ YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • βš™οΈ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv