Some more info on OAuth 2.1 from the @oktadev blog: OAuth 2.1: • Aaron Parecki

47°F

Some more info on OAuth 2.1 from the @oktadev blog:

OAuth 2.1: How many RFCs does it take to change a light bulb?

https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs

Portland, Oregon • 46°F

Fri, Dec 13, 2019 10:29am -08:00 #oauth #oauth2

31 likes 5 reposts 7 replies 2 mentions
Have you written a response to this? Let me know the URL:
- Vinay Bist twitter.com/VinayBist1
  
  implicit is good to go ..query on password - If password flow is deprecated then how we achieve those use cases which this was addressing..like migration of legacy clients..which flow we can use for those use cases
  
  Thu, Feb 20, 2020 10:00pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  They are here! oauth.net/events/2019-11… Tho I suppose I should email that to the list as well.
  
  Sun, Dec 15, 2019 4:12pm +00:00 (via brid-gy.appspot.com)
- Greg unrelenting.technology
  
  How are the new OAuth2 things going to impact IndieAuth if at all?
  
  Sun, Dec 15, 2019 5:50am -08:00
- Torsten Lodderstedt twitter.com/tlodderstedt
  
  @aaronpk can you please publish your notes from the informal meeting?
  
  Sun, Dec 15, 2019 8:50am +00:00 (via brid-gy.appspot.com)
- Justin Richer twitter.com/justin__richer
  
  Also potential, a potential working group in this case! Right now it's just a mailing list.
  
  Sat, Dec 14, 2019 9:25pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  I can get it changed to say "a potential 2.1". What's the right term for the TX Auth group right now then? datatracker.ietf.org/wg/txauth/abou…
  
  Sat, Dec 14, 2019 9:24pm +00:00 (via brid-gy.appspot.com)
- Justin Richer twitter.com/justin__richer
  
  This is misleading. The OAuth WG did not yet agree to do a 2.1 revision, and there's not yet a TxAuth working group. I want both of those things but it's not reality quite yet.
  
  Sat, Dec 14, 2019 9:06pm +00:00 (via brid-gy.appspot.com)
Other Mentions
- Matt Raible twitter.com/mraible
  
  OAuth's implicit flow was created before browsers supported CORS. Let's deprecate it! Auth code flow + PKCE is the future. Cheers to #OAuth 2.1. 🎉🍻
  
  Fri, Dec 13, 2019 7:04pm +00:00 (via brid-gy.appspot.com)
- unrelenting.technology
  
  Sun, Aug 8, 2021 10:48am -08:00

Posted in /notes using quill.p3k.io