53°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Aaron Parecki
    PSA: If you use Twitter to sign in to stuff, you should double check you have another way to get in to those accounts asap. With Twitter charging ??? for API access next week, you have no way of knowing whether the apps you use are going to pay that.
    Portland, Oregon, USA • 49°F
    #oauth #twitter
    Thu, Feb 2, 2023 4:23pm -08:00
    140 likes 139 reposts 11 replies 5 mentions
    • Paul
    • Karma
    • Ville Takanen
    • Pelle
    • Jojanneke van den Bosch
    • ⛧Satanist⛧
    • Sarah E Bourne
    • Meeko
    • CharJTF :a11y: (she/her)
    • Sebastian Helzle
    • Dmitri Shuralyov
    • Dan Cameron
    • Maggie Maybe
    • Andrew Dunham
    • Mike 🍁
    • Geoff Cordner
    • Stefanie Schulte
    • Simon Richter
    • Christopher Stewart
    • Amabe Dev
    • Nicole M. Wolverton
    • clar fon
    • Ben Hutchings
    • Joe Gassis
    • Yingtai
    • Andrej Shadura
    • ceb
    • Jamie Tanna
    • Demiguise
    • kaiserkiwi :kiwibird:
    • Philipp Defner
    • Simon Waldherr
    • jket
    • Taller Ghost Walt
    • jke
    • Senhor Schlauschlau
    • Breadbin
    • Gastrohedonist™️
    • Stefan :mastodon:
    • Doctor Popular
    • Artur Weigandt
    • maxfenton
    • Garrett (he/him)
    • Robert George 𓇳𓃀𓁹𓏏𓇥𓆓𓀀
    • PaulOutBox
    • Oblomov
    • Lexi of the Night
    • Jordan L. Hawk
    • DeFrisselle ☑️
    • Aria Buckles
    • Ryan Noakes 🇨🇦
    • Molly B
    • Malka Beth
    • Nona #DarkGranny
    • Michael Montour
    • SheeryJay
    • berkshierwrites
    • DragonFlyEye
    • Tim Chambers (Admin)
    • ChainsawFlowerchild
    • ⛧Satanist⛧
    • Philip Zastrow
    • (╯°□°)╯︵ ┻━┻
    • Tigerfort
    • Kevin Ashworth ☑️
    • @living8bit
    • luneellise21
    • Chet Faliszek
    • Builder Joe
    • Carmela
    • Rey :ghosthug:
    • georg fischer
    • alec
    • FlipperPA
    • Dan Sugalski
    • Danny Blue
    • Jim Kozlowski
    • Falcon
    • David🏳️‍🌈🌻🐈‍⬛🐧🎮
    • Evan
    • Evan
    • Frank Stallone
    • Chi Señires
    • Zach Leatherman
    • Adam Lui :verified:
    • Elon Musk :verified:
    • Silent Observer
    • Nicolas Mendoza 🇺🇦🏳️‍🌈🏳️‍
    • Alan Crawford
    • Mark Gardner
    • jack the nonabrasive
    • Adam DuVander
    • acidmanhattan.eth
    • Harshdeep S Jawanda
    • Sam 0xEACD
    • Swamp Yankee
    • Beau
    • Bob Allen, M.Sc.
    • Craig Kasseckert
    • John Leslie
    • Thomas Cantrell
    • laim
    • Jason Flynn
    • Harrison Jackson
    • Carlie
    • Brad Fogle
    • Patrick Foley
    • stl-place
    • Kali Walker
    • @nelson@tech.lgbt
    • Shawn Recinto 💻🎮💡
    • Colin Jaccino (@cjaccino@indieweb.social)
    • Nick Lo
    • Jillian Ada Burrows
    • Kasper Zutterman
    • Pierre Krahn (the OhMyKrahn variant)
    • Ideas At Random ...
    • jmelesky
    • mgd81@infosec.exchange
    • gu3st 🐡 (@gu3st@pufferzone.racing)
    • PathumX
    • Shaun Bellis
    • Ariel from Appfigures
    • Atara 💙🌻💛
    • Peggy K
    • Charles Gaba (Had a blue check pre-11/07/22)
    • Dmitri Shuralyov
    • DOM 🍥
    • Steven Scott 🇨🇦👨🏻‍💻
    • Ryan Guill
    • Ulterior 🏔️
    • Justin Ewalt
    • Waldir Pimenta
    • vmb
    • Eric Koslow
    • Tim Chambers - @tchambers@indieweb.social
    • Salocin
    • seb
    • ChristopherG
    • Ricardo Lopes
    • Enyinnaya
    • Axel Rauschmayer (INACTIVE)
    • Milla Havanka 🌊🦆
    • Daniel Schildt
    • Amy
    • Bbone
    • joachim
    • Jojanneke van den Bosch
    • Tim Chambers - @tchambers@indieweb.social
    • Jon McLaren
    • Sebastian Helzle
    • flowinho
    • Larry Garfield
    • Siobhan
    • Jen Kuntz (she/her) 🇨🇦
    • Mike 🍁
    • Douglas McMillan
    • Ryan Robinson
    • Jukka Niiranen
    • Markus Klötzer
    • m(e)iraidon | ghost pokemon love bot 👻
    • Andrew
    • Selenay
    • Simon Richter
    • AardvarkSagus
    • Phoenix
    • Rachel Cherry
    • The S Kate M 💛💙
    • Christopher Stewart
    • Amabe Dev
    • Atara 💙🌻💛
    • Brian Richards
    • suksisauvasekoitin
    • Joe Gassis
    • Insert :uhhuh:
    • Yingtai
    • Michael B.
    • Andrej Shadura
    • MrDaleSmith
    • Andrew Hickey
    • Kate Watson
    • ceb
    • Shawn (ze/zir) ⚧️
    • Kristoffer Lawson
    • Daniel Böhmer
    • Joni Korpi
    • Derek Brauders
    • 🇪🇺 well, patter's just this guy, you know 🇪🇺
    • Mathias Egekvist
    • Twіtter API (same username on Instagram)
    • Affienia 🦄💖💛💙
    • jket
    • Cᴀʀᴏʟɪɴᴇ Wᴀᴅᴅᴇʟʟ
    • Sven Kubiak
    • Mirko Kasparek
    • depone
    • der eazy
    • Andreas Dantz
    • Pierre Krahn (the OhMyKrahn variant)
    • Artur Weigandt
    • maxfenton
    • Guilherme Fitzgibbon
    • Jillian Ada Burrows
    • PaulOutBox
    • Oblomov
    • Axel Nennker
    • rainbowreckoner 🏳️‍🌈 🤔
    • Eka
    • Alex Wiebe
    • Colin Jaccino (@cjaccino@indieweb.social)
    • Ryan Noakes 🇨🇦
    • Molly B
    • Kat M. Moss
    • Malka Beth
    • Nona #DarkGranny
    • James Van Dyne
    • Kimota94
    • janetate
    • Cheryl Colan
    • berkshierwrites
    • Bonnie (she/her)
    • ✨🏳️‍⚧️Timelord Iroh(she/her)
    • vince :antiverified:
    • Tim Chambers (Admin)
    • ChainsawFlowerchild
    • ljlgeek (they/them)
    • Mike Lynch
    • Katja/Síle 「Amethyst」
    • Josh (he/his)
    • Tigerfort
    • Patrick Foley
    • Drew Mochak
    • Crazypedia :baph: :orion:
    • ToroidalCore
    • Mike, First of His Name
    • Iron Pencil Statue :lapis:
    • Lili Saintcrow
    • Naomi
    • Morten Rand-Hendriksen
    • jordan j ✨⚽️🏹💛
    • Sunny
    • Rey :ghosthug:
    • Jaime Lopez
    • kyzn
    • gingerchew
    • chantelle
    • bloodwrites 🦇
    • Peter Janes
    • 👍Maximum Derek👍
    • Dan Sugalski
    • Danny Blue
    • Jim Kozlowski
    • Falcon
    • David🏳️‍🌈🌻🐈‍⬛🐧🎮
    • @tool_man@mstdn.io 🌻🇺🇦
    • James Logan, MD
    • Arun Vydun
    • Evan
    • Nick Taylor
    • Rubén Maté
    • Zach Leatherman
    • PCI “fucks sake” Prez
    • Harshdeep S Jawanda
    • Silent Observer
    • Nicolas Mendoza 🇺🇦🏳️‍🌈🏳️‍
    • Alan Crawford
    • Danny Page
    • Mark Gardner
    • Adam DuVander
    • Johannes Ernst
    • jack the nonabrasive
    • Matzebob x0r.be/users/Matzebob

      @aaronpk oh no! My Vero account...!

      Fri, Feb 3, 2023 12:03pm -08:00
    • horseyfeelings twitter.com/horseyfeelings
      Monetization can be enforced at api gateway. but depends on how profile api proxy is configured at twitter’s gateway. Is it bundled with other “pay for” APIs? if yes, then good luck to folks who have this capability enabled as a RP where twitter is IDP. hello @elonmusk…
      Fri, Feb 3, 2023 6:49pm +00:00 (via brid.gy)
    • Dick Hardt twitter.com/DickHardt
      Logging in with Twitter is calling the profile API - hard to imagine how they will easily allow that specific API call be free and not others.
      Fri, Feb 3, 2023 3:31pm +00:00 (via brid.gy)
    • horseyfeelings twitter.com/horseyfeelings
      umm, putting a paywall to developer portal access is one thing, but invalidating already released tokens (which WILL expire), clientIDs and secrets specially for profile sharing flow is just plain stupid. Twitter does now “own” its user profile data, users do. I see lawsuits.
      Fri, Feb 3, 2023 12:54pm +00:00 (via brid.gy)
    • Aaron Parecki twitter.com/aaronpk
      I mean, has anything they've done made sense? They don't support OIDC which means you have to use the same OAuth developer portal to get API access and use Log In with Twitter. Are they going to separate the two by next week?
      Fri, Feb 3, 2023 5:12am +00:00 (via brid.gy)
    • horseyfeelings twitter.com/horseyfeelings
      Is @Twitter also monetizing OIDC/Log In capability? That does not make sense. They are just acting as an identity provider in this context and I’m not sure putting a paywall for user initiated profile sharing consent to 3rd parties is a right move. @elonmusk?
      Fri, Feb 3, 2023 4:38am +00:00 (via brid.gy)
    • Brandon Trebitowski brandontreb.com

      I feel like this applies to all “Sign in With” services (except indieauth of course ;)). I love the move to try and kill the password, however the state of these services is insane. I’m 1Pass for almost everything these days.

      Thu, Feb 2, 2023 5:04pm -08:00
    • David Celis xoxo.zone/users/davidcelis

      @aaronpk FWIW, OAuth appears to be treated separately from APIv1.1 and APIv2. it’s feasible that it will keep working for free. but it’s anybody’s guess at this point https://developer.twitter.com/en/docs/api-reference-index

      Thu, Feb 2, 2023 5:02pm -08:00
    • Jonathan Frederickson jawns.club/users/jfred

      @aaronpk Oh lord are they charging for their *oauth* APIs too? That would be... incredibly short-sighted

      Thu, Feb 2, 2023 4:58pm -08:00
    • Johannes Ernst social.coop/users/J12t

      @aaronpk I get the feeling Twitter doesn't know either.

      Thu, Feb 2, 2023 4:25pm -08:00
    • Aaron Parecki aaronparecki.com
      You can review the list of apps you've connected to your Twitter account here:

      https://twitter.com/settings/connected_apps
      Thu, Feb 2, 2023 4:24pm -08:00

    Other Mentions

    • Peggy K twitter.com/PeggyKTC
      Added by @DickHardt "Logging in with Twitter is calling the profile API - hard to imagine how they will easily allow that specific API call be free and not others."
      Fri, Feb 3, 2023 6:32pm +00:00 (via brid.gy)
    • Vittorio twitter.com/vibronet
      Very good advice. If you want a list of all the apps you granted some Twitter permissions to, visit twitter.com/settings/conne… - I discovered some i don’t often use, hence not in the sessions list, that I would have been locked out from at the next login attempt
      Fri, Feb 3, 2023 2:35am +00:00 (via brid.gy)
    • stl-place twitter.com/stlplace
      Excellent point. #TwitterAPI #TwitterDependency I added FB sign in for my #medium account (previously it was exclusively sign in via #Twitter)
      Fri, Feb 3, 2023 2:01am +00:00 (via brid.gy)
    • mastodon.social/@bengo twitter.com/bengo
      also: can we start talking about how “sign in with” almost ANY identity provider whose URL uses dns is vulnerable to this over long periods of time (took 15years for twitter rugpull but look where we are now)
      Fri, Feb 3, 2023 12:32am +00:00 (via brid.gy)
    • tim cappasskey twitter.com/timcappalli
      Great opportunity for sites and services to start looking at replacing consumer federation with #passkeys! Check out passkeys.dev for more info.
      Fri, Feb 3, 2023 12:26am +00:00 (via brid.gy)
Posted in /notes using quill.p3k.io

Hi, I'm Aaron Parecki, Senior Security Architect at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2023 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv