Aaron Parecki

alianora https://cybre.space/@nightpool • May 2
@aaronpk This is a good post! But I'm having trouble trying to understand the attack that the authorization flow is protecting against. How can a token be stolen "in transit back to the application"?

An easy example to see is captive wifi portals where the network intercepts DNS requests and returns a different answer.

Mountain View, California • 49°F

Thu, May 2, 2019 8:33am -07:00
alianora https://cybre.space/@nightpool • May 2
@aaronpk This is a good post! But I'm having trouble trying to understand the attack that the authorization flow is protecting against. How can a token be stolen "in transit back to the application"?

That's the classic problem with the front-channel (sending data over HTTP redirects in a browser). The sender has no way to know if the receiver got the data, and has no way to tell if it was stolen or copied.

Mountain View, California • 49°F

Thu, May 2, 2019 8:31am -07:00
Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now:

✅ good random number generators
✅ secure hashing functions

Just missing a good base64 encoding function. (Check out the ugly hack in the post.)

https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead#begin-the-pkce-request

Mountain View, California, USA • 49°F

5 likes 1 repost 5 replies

Thu, May 2, 2019 8:25am -07:00 #oauth #javascript #pkce
at Computer History Museum

Mountain View, California • Thu, May 2, 2019 7:54am

37.414456 -122.0775

Mountain View, CA, United States

1 Coin

Thu, May 2, 2019 7:54am -07:00
Contributions from: Germany, India, Switzerland, United States

Thu, May 2, 2019 7:40am -07:00
at Hotel Vue

Mountain View, California • Thu, May 2, 2019 7:29am

37.381403 -122.074277

Mountain View, CA, United States • 49°F

10 Coins

Thu, May 2, 2019 7:29am -07:00
Contributions from: Germany, India, United Kingdom, United States

Thu, May 2, 2019 7:26am -07:00
Contributions from: Germany, India, United States

Thu, May 2, 2019 7:09am -07:00
10:25pm
Asleep

6:28am
Awake

8h 03m
Slept

23m
Awake for

Mountain View, California, USA

Thu, May 2, 2019 6:28am -07:00
current status: wrapped up the web standards meeting for the day, and now watching the recording of yesterday's Planning and Sustainability Commission meeting in Portland, a different kind of standards meeting.

what? I don't have too many projects *you* have too many projects

Mountain View, California, USA • 49°F

12 likes 1 repost 1 reply

Wed, May 1, 2019 9:17pm -07:00 #pdx #portland
Troy Howard https://twitter.com/thoward37

Now that the conference is over, I can finally relax and watch the talks from the comfort of my living room sofa.

#ml4all #conference #machinelearning #appletv

Mountain View, California • 49°F

www.instagram.com/ml4allconf

Wed, May 1, 2019 5:07pm -07:00 (liked on Wed, May 1, 2019 8:45pm -07:00) #ml4all #conference #machinelearning #appletv
at Hotel Vue

Mountain View, California • Wed, May 1, 2019 8:42pm

37.381403 -122.074277

Mountain View, CA, United States • 49°F

34 Coins

Wed, May 1, 2019 8:42pm -07:00
Taxi

3.11mi
Distance

6:41
Duration

8:30pm
Start

8:36pm
End

Mountain View, California • 49°F

Wed, May 1, 2019 8:36pm -07:00
Randall Degges https://twitter.com/rdegges • May 2
Just in case you were wondering, there is, in fact, a blockchain magazine for Australians.

ohno

Mountain View, California • 49°F

Wed, May 1, 2019 7:38pm -07:00
Eve Maler https://twitter.com/xmlgrrl

Hear, hear. Really incisive analysis from @gffletch on how relying parties look at the SSI proposition and some of the challenges in solving the last mile(s?). #iiw

Mountain View, California • 49°F

Wed, May 1, 2019 11:27pm +00:00 (liked on Wed, May 1, 2019 4:39pm -07:00) #iiw
at Computer History Museum

Mountain View, California • Wed, May 1, 2019 3:34pm

37.414456 -122.0775

Mountain View, CA, United States • 49°F

1 like 5 Coins

Wed, May 1, 2019 3:34pm -07:00
at Cloud Café

Mountain View, California • Wed, May 1, 2019 1:30pm

37.414486 -122.077605

Mountain View, CA, United States • 49°F

7 Coins

Wed, May 1, 2019 1:30pm -07:00
Nico Kaiser https://twitter.com/nicokaiser • May 1
From what I understand, the Auth Code flow (even with PKCE) needs some kind of backend in the app (i.e., no static HTML-only cross-domain SPA), or am I missing something?

If you read the post I talk about exactly that issue and provide sample code for doing auth code + PKCE entirely in JavaScript

Mountain View, California, USA • 49°F

1 reply

Wed, May 1, 2019 9:58am -07:00
Justin Richer https://twitter.com/justin__richer

Going to be discussing https://oauth.xyz today at #iiw

Mountain View, California • 49°F

Wed, May 1, 2019 4:25pm +00:00 (liked on Wed, May 1, 2019 9:56am -07:00) #iiw
I commuted to Mountain View from Portland this morning and still got here earlier than some people who were stuck in Bay Area traffic. #iiw

Mountain View, California, USA • 49°F

Wed, May 1, 2019 9:48am -07:00 #iiw

older