Aaron Parecki

So at first Apple shortcutted OIDC protocol steps in SIWA which rendered them insecure, after fixing that they went on to add extras on top of OIDC which now renders them insecure again. It should be clear to everyone now: don't roll your own. #openid #siwa

When writing headlines, use the active voice and clearly identify subjects. https://www.theverge.com/2020/5/31/21276044/police-violence-protest-george-floyd

This is a great illustration of how much space cars waste!

They say that up to 230 cars will be able to fit in the stadium to watch the movie. 230 cars in the whole damn stadium.

If this is the future, I don’t wanna be in it. https://www.miamiherald.com/miami-com/things-to-do/article243003896.html

Being sick of politics AND having an environment where you can stop thinking about current state of the world is called PREVILEGE.

YOU HEARD IT!

there are two americas: one fights for black lives and the other fights for brunch

Another remark: this issue wouldn’t have allowed account takeover at the RP if the RP would use iss+sub claim to identify the user account instead of relying on the email address (potentially even without scoping it within the particular IDP). Poor coding practice too.

Fully agree to that 😀

Just looking also at examples like https://insomniasec.com/blog/auth0-jwt-validation-bypass or https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/.
o/c they are different + very individual, but if already the big players have such issues, how much more can go wrong on RS side where devs are usually not Auth experts.