Aaron Parecki

  • Articles
  • Notes
  • Photos

Articles tagged #oauth

2023-03-09 OAuth Support in Bluesky and AT Protocol
2022-12-06 OAuth for Browser-Based Apps Draft 12
2022-12-02 The Laws of OAuth
2022-09-15 New Draft of OAuth for Browser-Based Apps (Draft -11)
2021-04-13 How to Sign Users In with IndieAuth
2020-12-22 Learn OAuth over the winter break!
2020-12-03 IndieAuth Spec Updates 2020
2020-05-31 The Real Cause of the Sign In with Apple Zero-Day
2020-03-11 First Draft of OAuth 2.1
2020-02-12 Implicit flow in the Security BCP draft -14
2019-12-12 It's Time for OAuth 2.1
2019-12-09 It's an OAuth week!
2019-09-26 New OAuth for Browser-Based Apps draft -04
2019-07-18 Adding Identity to OAuth XYZ
2019-06-04 Let's Clarify some Misunderstandings around Sign In with Apple
2018-07-07 OAuth for the Open Web
2018-01-09 OAuth 2.0 Simplified Is Now Available On Kindle!
2017-12-05 Announcing the IndieAuth Spec!
2017-02-17 Day 59: Updated the Logo on IndieAuth.com's GitHub Login #100DaysOfIndieWeb
2015-01-15 So you implemented an OAuth 2.0 API...
← older
  • OAuth Support in Bluesky and AT Protocol

    Bluesky, a new social media platform and AT Protocol, is unsurprisingly running up against the same challenges and limitations that Flickr, Twitter and many other social media platforms faced in the 2000s: passwords!
    continue reading...
    12 likes 1 repost 8 replies 2 mentions
    #oauth #indieauth #bluesky #atproto #indieweb #indieauth
    Thu, Mar 9, 2023 5:09pm -08:00
  • OAuth WG

    OAuth for Browser-Based Apps Draft 12

    I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!
    continue reading...
    #oauth #ietf
    Tue, Dec 6, 2022 4:20pm -08:00
  • The Laws of OAuth

    The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system.
    continue reading...
    2 replies
    #chatgpt #openai #oauth
    Fri, Dec 2, 2022 3:00pm -08:00
  • OAuth WG

    New Draft of OAuth for Browser-Based Apps (Draft -11)

    With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.
    continue reading...
    #oauth #oauth2
    Thu, Sep 15, 2022 6:04pm -07:00
  • How to Sign Users In with IndieAuth

    This post will show you step by step how you can let people log in to your website with their own IndieAuth website so you don't need to worry about user accounts or passwords.
    continue reading...
    3 likes 3 bookmarks 1 reply 4 mentions
    #indieauth #indieweb #oauth
    Tue, Apr 13, 2021 9:15pm -07:00
  • Learn OAuth over the winter break!

    Over the last year, I've helped thousands of software developers learn about OAuth by hosting live and virtual workshops, and all this knowledge is now available as an on-demand video course!
    continue reading...
    1 reply
    #oauth #workshop #course #udemy
    Tue, Dec 22, 2020 2:17pm -08:00
  • IndieAuth Spec Updates 2020

    This year, the IndieWeb community has been making progress on iterating and evolving the IndieAuth protocol. IndieAuth is an extension of OAuth 2.0 that enables it to work with personal websites and in a decentralized environment.
    continue reading...
    3 likes 4 bookmarks 5 replies 9 mentions
    #indieauth #indieweb #oauth
    Thu, Dec 3, 2020 6:55pm -08:00
  • The Real Cause of the Sign In with Apple Zero-Day

    The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.
    continue reading...
    37 likes 19 reposts 1 bookmark 9 replies 25 mentions
    #oauth #oidc #apple #siwa #security #zeroday
    Sun, May 31, 2020 1:49pm -07:00
  • OAuth WG

    First Draft of OAuth 2.1

    I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.
    continue reading...
    61 likes 27 reposts 2 replies 4 mentions
    #oauth #oauth2 #ietf #oauth21
    Wed, Mar 11, 2020 5:22pm -07:00
  • OAuth WG

    Implicit flow in the Security BCP draft -14

    Hi all, I'm reading through the latest draft of the Security BCP, and
    continue reading...
    #oauth #ietf #implicit
    Wed, Feb 12, 2020 3:43pm -08:00
  • It's Time for OAuth 2.1

    Trying to understand OAuth often feels like being trapped inside a maze of specs, trying to find your way out, before you can finally do what you actually set out to do: build your application.
    continue reading...
    107 likes 58 reposts 1 bookmark 2 replies 24 mentions
    #oauth #oauth2 #oauth21
    Thu, Dec 12, 2019 6:10pm -08:00
  • It's an OAuth week!

    Now is your chance to join and ask me your OAuth questions!
    continue reading...
    5 likes 3 reposts 1 mention
    #oauth #oauth2
    Mon, Dec 9, 2019 1:28pm -08:00
  • OAuth WG

    New OAuth for Browser-Based Apps draft -04

    Hi all,
    continue reading...
    #oauth
    Thu, Sep 26, 2019 3:45pm +02:00
  • Adding Identity to OAuth XYZ

    The new draft spec at OAuth.xyz outlines a potential way to completely re-think OAuth from the ground up.
    continue reading...
    15 likes 6 reposts 1 reply 2 mentions
    #oauth #xyz #txaz
    Thu, Jul 18, 2019 11:18pm -05:00
  • Let's Clarify some Misunderstandings around Sign In with Apple

    tl;dr This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.
    continue reading...
    145 likes 46 reposts 1 bookmark 27 replies 17 mentions
    #appleid #oauth #wwdc19
    Tue, Jun 4, 2019 2:44pm -07:00
  • OAuth for the Open Web

    OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.
    continue reading...
    82 likes 33 reposts 46 replies 76 mentions
    #indieauth #oauth #oauth2 #indieweb
    Sat, Jul 7, 2018 9:30am -07:00
  • OAuth 2.0 Simplified Subscribers

    OAuth 2.0 Simplified Is Now Available On Kindle!

    OAuth 2.0 Simplified is now available on Kindle!
    continue reading...
    8 likes 3 reposts 1 mention
    #oauth2simplified #oauth2 #kindle #oauth
    Tue, Jan 9, 2018 9:30am -08:00
  • Announcing the IndieAuth Spec!

    It's been a long time coming, but I've finally published a proper IndieAuth spec!
    continue reading...
    2 likes 1 reply 3 mentions
    #indieweb #indiewebchallenge #indieauth #oauth2 #oauth
    Tue, Dec 5, 2017 12:30pm -08:00
  • Day 59: Updated the Logo on IndieAuth.com's GitHub Login #100DaysOfIndieWeb

    This evening, Tantek pointed out to me that while he was logging in to the wiki via IndieAuth.com for the first time on a new computer, there was something a little strange about the IndieAuth.com flow...
    continue reading...
    1 like 1 mention
    #100daysofindieweb #indieauth.com #oauth
    Fri, Feb 17, 2017 8:56pm -08:00
  • So you implemented an OAuth 2.0 API...

    While OAuth 2.0 is a good framework for building an API, the spec itself leaves many things un-specified, and it's up to the implementer to make a decision based on their own security requirements. As such, most OAuth 2.0 implementations are not interoperable, which is often cited as a failure of OAuth 2.0. On the other hand, the current state of OAuth 2.0 implementations is that they are often similar enough that developers don't need to learn too many new concepts when dealing with them.
    continue reading...
    19 likes 6 reposts 3 replies 5 mentions
    #oauth #oauth2 #standards #web #authentication #checklist
    Thu, Jan 15, 2015 12:15pm -08:00
next

Hi, I'm Aaron Parecki, Senior Security Architect at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2023 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv