86°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Arend-Jan Kauffmann https://twitter.com/ajkauffmann   •   Jan 25
    It started with writing a blog post about OAuth authentication flow. But hiding the client secret was something I wanted to solve first. But you know what? I just found a way to work without a secret. And 100% secure! New blog posts and code will be online soon (=next week)
    Aaron Parecki
    Not totally sure the context of this, but have you at least read the OAuth docs around this exact problem?

    https://tools.ietf.org/html/rfc6819#section-5.3.1

    That's the reason OAuth uses a different flow for native apps and SPAs. I'll be curious to see your blog post!
    Portland, Oregon, USA
    Sat, Jan 25, 2020 8:35am -08:00
    2 likes 1 reply
    • NAVRockClimber
    • Arend-Jan Kauffmann
    • Arend-Jan Kauffmann twitter.com/ajkauffmann
      Yes, I'm aware. Whatever secret there is, it will be stored in isolated storage, only available for the code. The context is that I can't ship a secret with the app package. Which is similar to native and mobile apps.
      Sat, Jan 25, 2020 6:21pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv