Aaron Parecki

Wednesday, July 22, 2020

• 
• OAuth Security Workshop

  Jul

  22

  Jul

  23

  Jul

  24

  July 22-24, 2020
  3 days

  Scandic Nidelven

  Trondheim, Trøndelag, NOR

  permalink #oauth #okta
• 

  9:50pm

  Asleep

  4:22am

  Awake

  6h 32m

  Slept

  10m

  Awake for

  

  Portland, Oregon, USA

  Wed, Jul 22, 2020 4:22am -07:00
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  Today @aaronpk will be presenting #OAuth 2.1. The core OAuth grants are getting consolidated, security gets hardened with PKCE #osw2020 https://barcamptools.eu/oauth-security-workshop-2020/events/0d0423b6-5924-4e6f-8b3b-63edbbe0ae59/oauth_2_1

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 8:56am +00:00 (liked on Wed, Jul 22, 2020 4:52am -07:00) #OAuth #osw2020
• Henrik Carlsson   •   permalink
  

  Yeah! I've been giving sneak peeks on my livestreams, but once I get things a little more polished off I'll do a proper video on it! (Wait til you see what I have planned for the ceiling lights!)

  Portland, Oregon • 64°F

  1 reply

  Wed, Jul 22, 2020 4:55am -07:00
• Protecting Single-Page Apps using OAuth

  Jul

  22

  July 22, 2020 5:30am - 6:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• Dr. Fett https://twitter.com/dfett42

  #osw2020

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 12:44pm +00:00 (liked on Wed, Jul 22, 2020 5:59am -07:00) #osw2020
• Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect https://twitter.com/darutk

  "PROTECKING SINGLE-PAGE APPS USING OAUTH" by Aaron Parecki (@aaronpk) in #osw2020. Single-Page Application architectures are introduced.

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 1:00pm +00:00 (liked on Wed, Jul 22, 2020 6:10am -07:00) #osw2020
• 

  My view today for the OAuth Security Workshop! #osw2020

  

  Portland, Oregon • 64°F

  17 likes 2 reposts 2 replies

  Wed, Jul 22, 2020 6:31am -07:00 #oauth #osw2020
• Henrik Carlsson   •   permalink
  

  I have it set up to pull my YouTube videos back to my website as blog posts that embed the YouTube video. I mostly consider my YouTube content separate right now, mainly because I am actually trying to play the YouTube game.
  
  https://aaronparecki.com/videos
  
  I think I saw your first reply in my micro.blog feed. This one showed up as a webmention but there was no content in it.

  Portland, Oregon • 64°F

  1 reply

  Wed, Jul 22, 2020 7:11am -07:00
• Becki (& Chris) https://twitter.com/beckiandchris   •   Jul 22

  Question, are YouTube channel trailers still a thing?
  

  I've never enjoyed watching a channel trailer, and I hate that they autoplay

  Portland, Oregon • 64°F

  4 likes 1 reply

  Wed, Jul 22, 2020 7:13am -07:00
• Becki (& Chris) https://twitter.com/beckiandchris

  The auto play drives me nuts, it’s like having music on a website

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:14pm +00:00 (liked on Wed, Jul 22, 2020 7:16am -07:00)
• OAuth 2.1

  Jul

  22

  July 22, 2020 7:30am - 8:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• 

  Contributions from: Canada, France, Greece, Japan, Russian Federation, Ukraine, United Kingdom, United States

  Wed, Jul 22, 2020 7:59am -07:00
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  OAuth 2.1 becomes the simpler & more secure #OAuth. A bunch of existing RFCs and drafts roll into one, so easier to follow too. Presented by @aaronpk at the #osw2020

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:57pm +00:00 (liked on Wed, Jul 22, 2020 8:16am -07:00) #OAuth #osw2020
• Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect https://twitter.com/darutk

  Another client type "credentialed", in addition to "public" and "confidential". The concept is being explained by Aaron (@aaronpk) in #osw2020.
  
  The OAuth 2.1 Authorization Framework
  https://tools.ietf.org/html/draft-parecki-oauth-v2-1

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:48pm +00:00 (liked on Wed, Jul 22, 2020 8:17am -07:00) #osw2020
• Taka@Authlete, BaaS for OAuth 2.0 & OpenID Connect https://twitter.com/darutk

  "OAUTH 2.1" by Aaron Parecki (@aaronpk) in OAuth Security Workshop 2020 (#osw2020).
  
  https://barcamptools.eu/oauth-security-workshop-2020/events/0d0423b6-5924-4e6f-8b3b-63edbbe0ae59/oauth_2_1
  
  OAuth 2.1 aims to simplify the maze of the specifications.

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:40pm +00:00 (liked on Wed, Jul 22, 2020 8:17am -07:00) #osw2020
• Jim Manico https://twitter.com/manicode

  Theory: Twitter internal tools were comprised via CSRF due to insider information.

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:51pm +00:00 (liked on Wed, Jul 22, 2020 8:18am -07:00)
• Mitch https://mastodon.xyz/@mitchkiah

  @aaronpk woah, love the paint there!

  Portland, Oregon • 65°F

  Wed, Jul 22, 2020 3:49pm +00:00 (liked on Wed, Jul 22, 2020 8:49am -07:00)
• Audrey Ember 🔥 https://twitter.com/AudreyEmber   •   Jul 22

  I'm so sick of men saying they support women being entrepreneur's and doing their own thing, only to turn around and make 'jokes' about wanting a girlfriend so that they can do their laundry. Hello? Sorry, I think you dropped something called SELF AWARENESS.
  

  ew what? I don't want anyone doing my laundry but me!

  Portland, Oregon • 66°F

  3 likes

  Wed, Jul 22, 2020 9:33am -07:00
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi   •   Jul 22

  How do you find the new "credentialed" term? Been wondering if a better name could be given to this in-between class of clients
  

  Suggestions welcome, but I like that it's pretty descriptive: "credentialed clients are clients that have credentials"

  Portland, Oregon • 66°F

  2 replies

  Wed, Jul 22, 2020 9:36am -07:00
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi   •   Jul 22

  I can imagine a lot of thought was already spent on this :) Is a public client which uses a client certificate solely for the purpose of obtaining a private key bound token considered credentialed?
  

  The text in the spec is "Clients that have credentials and their identity has been not been confirmed by the AS are designated as 'credentialed clients'", so that includes dynamic registration or the client bringing its own certificate, so yes :-)

  Portland, Oregon • 66°F

  1 like

  Wed, Jul 22, 2020 9:46am -07:00
• Dr. Fett https://twitter.com/dfett42

  In this study by @____pieter____ 56% of OAuth providers are susceptible to the PKCE Sidestep attack that I described in https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/ #osw2020

  

  Portland, Oregon • 71°F

  Wed, Jul 22, 2020 6:53pm +00:00 (liked on Wed, Jul 22, 2020 11:59am -07:00) #osw2020
• 

  Contributions from: Canada, France, Greece, Japan, Russian Federation, Ukraine, United Kingdom, United States

  Wed, Jul 22, 2020 1:37pm -07:00
• jeremycherfas https://micro.blog/jeremycherfas   •   Jul 22

  @aaronpk Very cool baffle on the light fitting.
  

  It's a honeycomb grid to reduce how much light spills off to the sides!

  Portland, Oregon • 75°F

  Wed, Jul 22, 2020 1:42pm -07:00
• Adobe Care https://twitter.com/AdobeCare   •   Jul 15

  Thanks for sharing the information, Aaron. We've got your back. Have you tried resetting the preferences yet: https://adobe.ly/3822gPa
  If that doesn't help then try changing the renderer to Software Only: https://adobe.ly/2vWB85T
  Let us know how it goes. ^NK
  

  same same. I reset preferences and changed renderer. It still happened again. Pretty consistently after playing a dozen or so clips in the project window.

  Portland, Oregon • 75°F

  3 replies

  Wed, Jul 22, 2020 2:19pm -07:00
• Lillian Karabaic 🥄🏳️‍🌈 BLM https://twitter.com/anomalily

  I thought I was supposed to get abs in quarantine, and all I got was a deep distrust of late-stage capitalism.

  Portland, Oregon • 75°F

  Wed, Jul 22, 2020 6:39pm +00:00 (liked on Wed, Jul 22, 2020 2:20pm -07:00)
• Adobe Care https://twitter.com/AdobeCare   •   Jul 22

  That's weird! The issue seems to be with the footage from the same source. Could you share a sample file with us through a direct message so that we can test it at our end? We'll stand by! ^Shivangi
  

  Sent, thanks!

  Portland, Oregon • 77°F

  Wed, Jul 22, 2020 3:20pm -07:00
• 

  Contributions from: Canada, France, Greece, Japan, Russian Federation, Ukraine, United Kingdom, United States

  Wed, Jul 22, 2020 3:47pm -07:00
• BenderTube📱🔌💡 https://twitter.com/BenderTubeOG

  A few days later than expected, but the new setup is 98% done ✅. Just waiting for a couple cable management things for the last couple of wires

  

  Portland, Oregon • 72°F

  Thu, Jul 23, 2020 12:17am +00:00 (liked on Wed, Jul 22, 2020 8:51pm -07:00)
• 

  Why yes I *am* holding my laptop over the air conditioner to cool the CPU while I export my video so that it goes faster why did you ask

  

  Portland, Oregon • 70°F

  21 likes 2 reposts

  Wed, Jul 22, 2020 9:28pm -07:00 #video #youtube