Aaron Parecki

If you run a community Twitter account, this is a good time to:

1) Make sure you 100% know everyone who has access to it
2) Enable two-factor authentication

You do *not* want to be in the position of having to explain that your account has been taken over by racists

Portland, Oregon • 70°F

3 likes 4 reposts 1 reply

Mon, Jun 1, 2020 3:55pm -07:00 #security #twitter
The Real Cause of the Sign In with Apple Zero-Day

The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.
continue reading...

37 likes 19 reposts 1 bookmark 9 replies 25 mentions

Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
Going live with @afitnerd in 10 minutes to talk about all things #OAuth and OpenID Connect! I think we might even have a demo of a pretty sneaky attack to show off!

https://youtu.be/moQidjdV5cw

Portland, Oregon • 56°F

2 likes 2 reposts

Thu, May 21, 2020 12:49pm -07:00 #oauth #oidc
About to go live at another #OAuth Happy Hour! We'll be talking about security, sharing the latest updates from the last IETF meeting, and answering your OAuth questions!

https://youtu.be/E4msDjZMRZc

Portland, Oregon • 56°F

2 likes

Thu, May 14, 2020 12:49pm -07:00 #oauth
Reminder! Join me today at 1pm pacific for an OAuth Happy Hour! 🔐🍻 I'll be answering your #OAuth questions along with my friend @afitnerd!

Details here ➡️ https://events.oauth.net/2020/04/oauth-happy-hour-5aVNs7pL1gE1

Portland, Oregon • 53°F

4 likes 1 repost 1 mention

Thu, Apr 23, 2020 9:53am -07:00 #oauth
My #OktaneLive talk is up! "What's New with OAuth?"

In just 30 minutes I cover the latest developments in the OAuth working group! So much new stuff happening in the OAuth world right now!

https://youtu.be/g_aVPdwBTfw

Portland, Oregon • 74°F

17 likes 6 reposts 1 reply

Thu, Apr 9, 2020 3:03pm -07:00 #oauth #okta #oktadev #ietf #oktane20 #oktanelive
This morning I gave a talk to 600 people while sitting on my couch drinking coffee. ☕️ I could get used to this virtual conference thing. #Oktane20 #JustQuarantineThings

Portland, Oregon • 47°F

25 likes 1 repost 1 reply 2 mentions

Wed, Apr 1, 2020 7:17pm -07:00 #oktane20 #justquarantinethings
"Cryptography turns hard security problems into hard key management problems" @cperciva at #Oktane20

Portland, Oregon • 44°F

25 likes 6 reposts 2 replies 1 mention

Wed, Apr 1, 2020 11:43am -07:00 #cryptography #crypto #oktane20
Digital Spring Cleaning

Well, it's Spring, and we're all stuck inside! 😃 So why not use this time to do a little Spring cleaning and declutter your digital life. We all have things we know we should do that we keep putting off. Here are a few things you can do to tidy things up and improve your online security in a time when most of us are interacting only online.
continue reading...

5 likes 1 bookmark

Wed, Apr 1, 2020 7:55am -07:00 #spring #security #cleaning #clutter #declutter
Just published a talk I gave at a virtual conference: How to Hack OAuth

It's been fun to be able to "speak" at conferences in a highly edited format instead of winging it on stage! I hope it's more fun to watch as a viewer too!

https://www.youtube.com/watch?v=aU9RsE4fcRM

Portland, Oregon • 42°F

23 likes 4 reposts 1 mention

Tue, Mar 31, 2020 11:16am -07:00 #oktadev #oauth
Going live in about an hour at Spring Live, doing a talk on how to hack OAuth!

Join here ➡️ https://connect.tanzu.vmware.com/Spring_Live.html

Welcome to the new world of virtual conferences!

Portland, Oregon • 53°F

8 likes 3 reposts 2 replies 1 mention

Fri, Mar 20, 2020 5:54am -07:00 #oauth
The first draft of OAuth 2.1 is out! Thanks so much to @tlodderstedt and @DickHardt for their work on this!

https://aaronparecki.com/2020/03/11/14/oauth-2-1

Portland, Oregon • 54°F

61 likes 27 reposts 2 replies 1 mention

Wed, Mar 11, 2020 5:32pm -07:00 #oauth
OAuth WG

First Draft of OAuth 2.1

I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.
continue reading...

61 likes 27 reposts 2 replies 4 mentions

Wed, Mar 11, 2020 5:22pm -07:00 #oauth #oauth2 #ietf #oauth21
The second video in my "OAuth in Five Minutes" series is up!

🎥 "What's the difference between confidential and public clients?"

https://www.youtube.com/watch?v=5cQNwifDq1U

Portland, Oregon • 54°F

20 likes 6 reposts 2 replies

Thu, Feb 27, 2020 12:47pm -08:00 #oauth #video #okta #oktadev
at Yerba Buena Center for the Arts

San Francisco, California • Tue, February 11, 2020 8:35am

37.785484 -122.402451

#Okta #TKO

San Francisco, CA, United States • 59°F

8 Coins

Tue, Feb 11, 2020 8:35am -08:00 #okta #tko
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 https://youtu.be/KT8ybowdyr0

Portland, Oregon, USA • 44°F

8 likes 3 reposts 2 replies 2 mentions

Tue, Jan 21, 2020 7:52am -08:00 #oauth #okta
oh no, please tell me this help article from Facebook is just way out of date...

https://www.facebook.com/help/249817848463304

"Why am I being asked to enter my email login information while trying to reset my Facebook password?"

They can't still be doing this, right?

Portland, Oregon • 43°F

3 likes 1 reply

Fri, Jan 17, 2020 2:46pm -08:00 #facebook #oauth #security
I often talk about the tradeoffs between local and remote access token validation in my OAuth presentations. This blog post by my coworker is a nice demonstration of that in PHP! https://developer.okta.com/blog/2020/01/15/protecting-a-php-api-with-oauth

Portland, Oregon • 42°F

1 like 2 reposts

Fri, Jan 17, 2020 1:21pm -08:00 #oauth #php
I'm working on a 2020 revision to my book, OAuth 2.0 Simplified!

https://oauth2simplified.com

If you find a typo or other error that I am not already aware of, I will send you an OAuth cat sticker! Send me an email or DM with details if you find something!

Portland, Oregon • 37°F

40 likes 13 reposts 1 reply

Tue, Jan 14, 2020 10:54am -08:00 #oauth
The confusing part about online security is knowing *when* it's safe to give your SMS two-factor auth codes to a third party.

Portland, Oregon • 39°F

4 likes 9 replies

Mon, Jan 13, 2020 2:53pm -08:00 #security #mfa

older

Aaron Parecki

The Real Cause of the Sign In with Apple Zero-Day

Digital Spring Cleaning

First Draft of OAuth 2.1