Enterprise-Ready MCP
I've seen a lot of complaints about how MCP isn't ready for the enterprise.
continue reading...
WeChat ID
aaronpk_tv
Articles tagged #oauth
| 2025-05-12 | Enterprise-Ready MCP |
| 2025-04-03 | Let's fix OAuth in MCP |
| 2024-11-04 | My IETF 121 Agenda |
| 2024-08-29 | OAuth Oh Yeah! |
| 2024-07-21 | My IETF 120 Agenda |
| 2024-05-12 | FedCM for IndieAuth |
| 2024-05-02 | OAuth for Browser-Based Apps Working Group Last Call! |
| 2024-03-29 | OAuth: "grant" vs "flow" vs "grant type" |
| 2023-10-23 | OAuth for Browser-Based Apps Draft 15 |
| 2023-03-09 | OAuth Support in Bluesky and AT Protocol |
| 2022-12-06 | OAuth for Browser-Based Apps Draft 12 |
| 2022-12-02 | The Laws of OAuth |
| 2022-09-15 | New Draft of OAuth for Browser-Based Apps (Draft -11) |
| 2021-04-13 | How to Sign Users In with IndieAuth |
| 2020-12-22 | Learn OAuth over the winter break! |
| 2020-12-03 | IndieAuth Spec Updates 2020 |
| 2020-05-31 | The Real Cause of the Sign In with Apple Zero-Day |
| 2020-03-11 | First Draft of OAuth 2.1 |
| 2020-02-12 | Implicit flow in the Security BCP draft -14 |
| 2019-12-12 | It's Time for OAuth 2.1 |
| ← older |
-
Let's fix OAuth in MCP
Update: The changes described in this blog post have been incorporated into the 2025-06-18 version of the MCP spec!continue reading... -
My IETF 120 Agenda
The sessions I will be attending and presenting at during IETF 120 in Vancouvercontinue reading... -
FedCM for IndieAuth
IndieWebCamp Düsseldorf took place this weekend, and I was inspired to work on a quick hack for demo day to show off a new feature I've been working on for IndieAuth.continue reading... -
OAuth for Browser-Based Apps Working Group Last Call!
The draft specification OAuth for Browser-Based Applications has just entered Working Group Last Call!continue reading... -
OAuth: "grant" vs "flow" vs "grant type"
Is it called an OAuth "grant" or a "flow"? What about "grant type"?continue reading... -
OAuth for Browser-Based Apps Draft 15
After a lot of discussion on the mailing list over the last few months, and after some excellent discussions at the OAuth Security Workshop, we've been working on revising the draft to provide clearer guidance and clearer discussion of the threats and consequences of the various architectural patterns in the draft.continue reading... -
OAuth Support in Bluesky and AT Protocol
Bluesky, a new social media platform and AT Protocol, is unsurprisingly running up against the same challenges and limitations that Flickr, Twitter and many other social media platforms faced in the 2000s: passwords!continue reading... -
OAuth for Browser-Based Apps Draft 12
I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!continue reading... -
The Laws of OAuth
The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system.continue reading... -
New Draft of OAuth for Browser-Based Apps (Draft -11)
With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.continue reading... -
How to Sign Users In with IndieAuth
This post will show you step by step how you can let people log in to your website with their own IndieAuth website so you don't need to worry about user accounts or passwords.continue reading... -
Learn OAuth over the winter break!
Over the last year, I've helped thousands of software developers learn about OAuth by hosting live and virtual workshops, and all this knowledge is now available as an on-demand video course!continue reading... -
IndieAuth Spec Updates 2020
This year, the IndieWeb community has been making progress on iterating and evolving the IndieAuth protocol. IndieAuth is an extension of OAuth 2.0 that enables it to work with personal websites and in a decentralized environment.continue reading... -
The Real Cause of the Sign In with Apple Zero-Day
The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.continue reading... -
First Draft of OAuth 2.1
I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.continue reading... -
Implicit flow in the Security BCP draft -14
Hi all, I'm reading through the latest draft of the Security BCP, andcontinue reading... -
It's Time for OAuth 2.1
Trying to understand OAuth often feels like being trapped inside a maze of specs, trying to find your way out, before you can finally do what you actually set out to do: build your application.continue reading...
