59°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • OAuth WG

    OAuth for Browser-Based Apps Draft 15

    October 23, 2023

    After a lot of discussion on the mailing list over the last few months, and after some excellent discussions at the OAuth Security Workshop, we've been working on revising the draft to provide clearer guidance and clearer discussion of the threats and consequences of the various architectural patterns in the draft.

    I would like to give a huge thanks to Philippe De Ryck for stepping up to work on this draft as a co-author!

    This version is a huge restructuring of the draft and now starts with a concrete description of possible threats of malicious JavaScript as well as the consequences of each. The architectural patterns have been updated to reference which of each threat is mitigated by the pattern. This restructuring should help readers make a better informed decision by being able to evaluate the risks and benefits of each solution.

    https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps

    https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-15.html

    Please give this a read, I am confident that this is a major improvement to the draft!

    Portland, Oregon • 53°F
    Mon, Oct 23, 2023 9:12am -07:00 #oauth #ietf
    1 mention

    Other Mentions

    • aaronpk micro.blog/aaronpk
      OAuth for Browser-Based Apps Draft 15 aaronparecki.com
      Mon, Oct 23, 2023 9:12am -07:00 (via micro.blog)
Posted in /articles using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv