WeChat ID
aaronpk_tv
-
Good reminder to add "check whether the password field supports pasting from password managers" to my list of criteria when deciding where to open a bank account. https://twitter.com/KeyBank_Help/status/1148247347463446528 -
"Everyone wants to be the Amazon of their industry before Amazon is the Amazon of their industry." @toddmckinnon at @okta #oktaforum
-
Blackfriars, Greater London, United Kingdom • Mon, June 17, 2019 5:31pm#okta tech rehearsal
-
Some great tips on developer experience from my friend @rod_laura!
π Publish open source
βοΈ Communicate clearly
π» Create lots of sample code
π Share on your blog
π± Build a community
https://developer.okta.com/blog/2019/06/10/five-essential-tips-for-building-developer-libraries -
Last week I sat down with @nbarbettini to answer some questions about what's going on with the @OAuth_2 Implicit flow. #oauth π₯β‘ https://www.youtube.com/watch?v=CHzERullHe8 -
I had fun with this one: 7 Ways an OAuth Access Token is like a Hotel Key Card
https://developer.okta.com/blog/2019/06/05/seven-ways-an-oauth-access-token-is-like-a-hotel-key-card -
Let's Clarify some Misunderstandings around Sign In with Apple
tl;dr This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.continue reading... -
Alright, if you are curious about "Sign In with Apple," I walk through exactly how it works and what it looks like in this post.
https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
#WWDC19 #OAuth #AppleID -
Initial test of the "Sign in with Apple" API:
• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email -
at The Rec RoomToronto, ON, Canada • Tue, May 28, 2019 11:00am
-
To anyone who thought partial redirect URL matching in @OAuth_2 is "good enough," read this thread. Complete Periscope account takeover just by viewing a tweet. https://hackerone.com/reports/110293 #oauth
-
If you're in Toronto you should come to my #OAuth talk tomorrow! π https://regionalevents.okta.com/oktaapiworkshoptoronto
We'll have food and drinks, and we're giving copies of my book to everyone who attends! π -
Ready to head home after a fun week of #IndieWebCamp, #BTConf, #a11yClub, and teaching two #OAuth workshops. β£
β£Thanks so much to everyone who helped make all of that happen!
β£
β£Had a great time back in DΓΌsseldorf and looking forward to coming back next year! β£
β£#travel #condor #lufthansa #longhaulflight #frankfurtairport
-
Better Default Security for IndieAuth Login Forms
Last year, I posted a JavaScript snippet that I've started using in all my projects that have an IndieAuth login form, which will automatically add the http scheme if you type a plain domain. This is particularly a problem because the iOS keyboard doesn't include the : character in URL mode.continue reading... -
Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now:
β good random number generators
β secure hashing functions
Just missing a good base64 encoding function. (Check out the ugly hack in the post.)
https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead#begin-the-pkce-request -
Just in time for #iiw I published a blog post: "Is the OAuth 2.0 Implicit Flow Dead?" https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead
-
San Francisco, California • Thu, April 4, 2019 11:50am#okta afterparty
