75°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Emelia πŸ‘ΈπŸ» https://hachyderm.io/@thisismissem

    @aaronpk sure, drop me an email (see my website in bio) and we can arrange a call.

    Portland, Oregon • 63°F
    Thu, May 16, 2024 6:25pm +00:00 (liked on Thu, May 16, 2024 11:37am -07:00)
  • Emelia πŸ‘ΈπŸ» https://hachyderm.io/@thisismissem   •   May 16

    @aaronpk am I understanding that in order to use FedCM the RP must perform dynamic client registration with the IdP? I'm unsure of how the `client_id` comes to exist for the RP and not really getting it for the first-sign-in flow?

    Aaron Parecki
    I just saw your comment on FedCM #585. Since you're diving into the depths of Mastodon OAuth already I'd love to talk about how we can better align IndieAuth OAuth and Mastodon OAuth!
    Portland, Oregon • 63°F
    1 reply
    Thu, May 16, 2024 11:22am -07:00 #585
  • Emelia πŸ‘ΈπŸ» https://hachyderm.io/@thisismissem   •   May 16

    @aaronpk am I understanding that in order to use FedCM the RP must perform dynamic client registration with the IdP? I'm unsure of how the `client_id` comes to exist for the RP and not really getting it for the first-sign-in flow?

    Aaron Parecki
    It has nothing to do with FedCM actually. In IndieAuth we avoid client registration entirely by using URLs as client identifiers. So the client already knows its client ID, and uses the same client ID at every authorization server it talks to. It's also a natural fit for FedCM since you can use `window.location.origin` for it in the JS call.
    Portland, Oregon • 63°F
    1 reply
    Thu, May 16, 2024 11:15am -07:00
  • Aaron Parecki
    Contributions from: France, Germany, India, Kuwait, Montenegro, Netherlands, New Zealand, Switzerland, United Kingdom, United States
    Thu, May 16, 2024 7:01am -07:00
  • 9:15pm
    Asleep
    5:13am
    Awake
    7h 58m
    Slept
    27m
    Awake for
    Portland, Oregon, USA
    Thu, May 16, 2024 5:13am -07:00
  • Aaron Parecki
    Contributions from: Germany, India, Kuwait, Montenegro, Netherlands, New Zealand, Switzerland, United Kingdom, United States
    Thu, May 16, 2024 1:19am -07:00
  • Aaron Parecki
    Contributions from: Germany, India, Kuwait, Montenegro, Netherlands, New Zealand, Switzerland, United Kingdom, United States
    Wed, May 15, 2024 3:08pm -07:00
  • KimberlyHirsh https://micro.blog/KimberlyHirsh   •   May 15

    @aaronpk This is great advice but anyone who tried it for me would be sorely disappointed by the extreme lack of refund.

    Aaron Parecki
    I have bad news, they just make up whatever numbers they want so that it comes out to getting a refund on your behalf πŸ™ƒ
    Portland, Oregon • 52°F
    Wed, May 15, 2024 6:09am -07:00
  • 9:57pm
    Asleep
    5:39am
    Awake
    7h 42m
    Slept
    39m
    Awake for
    Portland, Oregon, USA
    Wed, May 15, 2024 5:39am -07:00
  • https://bsky.app/profile/starrwulfe.xyz/post/3ksif2f24vb26
    Portland, Oregon • 76°F
    Tue, May 14, 2024 5:48pm -07:00
  • Aaron Parecki
    Pro tip: if you file taxes in the US, go get yourself an IRS PIN so someone can't fraudulently file taxes using your SSN trying to get your tax refund deposited in their account. Ask me how I know.

    https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
    Portland, Oregon, USA • 76°F
    4 likes 1 repost 4 replies
    Tue, May 14, 2024 4:52pm -07:00 #irs
  • Low Quality Facts https://mstdn.social/@lowqualityfacts

    2024: OpenAI releases a free virtual assistant with a weirdly flirty voice.

    2025: Millions of men become emotionally attached to the AI.

    2026: OpenAI threatens to delete your virtual girlfriend if you don't pay a monthly subscription. You must also buy her digital flowers or she will hate you.

    Portland, Oregon • 76°F
    Tue, May 14, 2024 2:02pm +00:00 (liked on Tue, May 14, 2024 4:40pm -07:00)
  • “Copay accumulators” put patients in middle of battle between insurers and drugmakers (www.marketplace.org)
    Tue, May 14, 2024 4:00pm -07:00 #anomalily
  • Prescription benefit manager move into drugmaking draws scrutiny - Marketplace (www.marketplace.org)
    Tue, May 14, 2024 3:58pm -07:00 #anomalily
  • https://berlin.social/@ir/112438489029794850
    Aaron Parecki
    Thanks! There's currently no browser API that guarantees the use of secure-element-stored private keys. The best we get now is non-exportable. There's a mention of that here https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#section-6.3.4.2.2 But as discussed, even hardware-backed keys don't prevent an attacker from starting their own flow in the browser with their own keys.
    Portland, Oregon • 47°F
    Tue, May 14, 2024 5:32am -07:00
  • https://mapstodon.space/@arferrand/112438539249720831
    Aaron Parecki
    Thanks! Mostly I'm doing German so I don't completely forget everything I learned in school.
    Portland, Oregon • 47°F
    Tue, May 14, 2024 5:29am -07:00
  • 10:04pm
    Asleep
    5:05am
    Awake
    7h 01m
    Slept
    25m
    Awake for
    Portland, Oregon, USA
    Tue, May 14, 2024 5:05am -07:00
  • Aaron Parecki
    Contributions from: Germany, India, Kuwait, Montenegro, Netherlands, New Zealand, Switzerland, United Kingdom, United States
    Mon, May 13, 2024 9:08pm -07:00
  • Royce Williams https://infosec.exchange/@tychotithonus   •   May 14

    @aaronpk Legit impressive.

    Aaron Parecki
    I've been looking forward to this day for a long time
    Portland, Oregon • 60°F
    1 like
    Mon, May 13, 2024 9:05pm -07:00
  • Aaron Parecki
    I don't mean to brag, but
    Portland, Oregon, USA • 60°F
    20 likes 4 replies
    Mon, May 13, 2024 8:47pm -07:00 #duolingo
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • πŸŽ₯ YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • βš™οΈ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv