WeChat ID
aaronpk_tv
-
Las Vegas, Nevada • Mon, August 29, 2016 5:31pm#oktane16 opening reception -
Just launched a big reorganization of https://oauth.net which should make it easier to find things! π #oauth2 #oktane16
-
Las Vegas, Nevada • Mon, August 29, 2016 8:35am#oktane16 registration
-
Vegas here I come! #oktane16
-
This is perhaps the first step in the fall of certificate authorities in favor of p2p root CA trust sharing. https://twitter.com/FiloSottile/status/735940720931012608
-
Remember when everyone was building and promoting "open" APIs? What happened to that? http://developers.instagram.com/post/133424514006/instagram-platform-update
-
Well this is progress... an in-app browser that shows the address bar and shares system cookies
-
-
HTML is my API
In August 2012, I wrote a quick script to stream front-page Hackernews stories to an IRC channel on Freenode. It broke after 2.5 years, at which point I switched to their new JSON API. That one broke after 2 days. Here is how we can fix this.continue reading... -
@eyeficard Help! I can't connect my card to Flickr anymore! The auth screen pops up inside the app (which is bad OAuth practice) and now Yahoo rejects the request!
-
OAuth: better than NoAuth.
-
So you implemented an OAuth 2.0 API...
While OAuth 2.0 is a good framework for building an API, the spec itself leaves many things un-specified, and it's up to the implementer to make a decision based on their own security requirements. As such, most OAuth 2.0 implementations are not interoperable, which is often cited as a failure of OAuth 2.0. On the other hand, the current state of OAuth 2.0 implementations is that they are often similar enough that developers don't need to learn too many new concepts when dealing with them.continue reading... -
A Little Twitter Developer History
Back in the early days of Twitter, I noticed that several tweets I was seeing showed "via _____" next to the date, which linked to the application that was used to post the tweet. I thought "hey that's a clever way to give credit to applications" and thought it would be a good way to get people to discover the Twitter app I was creating at the time.continue reading... -
Continuing last weekend's documentation of all the un-specified parts of OAuth 2.0, things were going pretty well until I hit the "Security Considerations" section, which basically recommends but doesn't require a whole bunch of things. Basically this means an API can be fully OAuth 2.0 compliant and also completely insecure.
If you want to know more, keep an eye out for this blog post. Or hire me as an independent OAuth consultant and I'd gladly spend a day with you. -
Currently documenting all the ways the OAuth 2.0 framework leaves choices up to the implementor. The list is long. #oauth2
-
The article on OAuth and Authentication that I helped write/edit is online now: http://oauth.net/articles/authentication/ (thanks to @aaronpk for publishing!)
-
The comments on this "hacking a Gmail account with just a phone number" article make me reconsider using SMS/phone as a security mechanism at all. Original article: https://ello.co/gb/post/knOWk-qeTqfSpJ6f8-arCQ Comments: https://news.ycombinator.com/item?id=8541313
-
Launched some updates to the documentation at http://oauth.net/documentation/ with the OAuth group tonight! Will hopefully have more improvements to the site soon! #iiw
-
Just got this email from Dreamhost. https://gist.github.com/aaronpk/7475391 An interesting proactive response to the Adobe user db leak!
-
The @Jawbone UP, my favorite of the #quantifiedself trackers, finally released their official API! https://jawbone.com/up/developer/
