59°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Sebastiaan Andeweg https://seblog.nl   •   May 14

    At one point yesterday, I understood the difference between IndieAuth, IndieAuth and IndieAuth. I believe I reached that point again, almost.

    Aaron Parecki
    😂😂😭
    Düsseldorf, Nordrhein-Westfalen, DEU
    Sun, May 14, 2017 11:55am +02:00
  • Patrick Schaller http://F3Development.com   •   May 4
    Sorry, I meant I'm being told the URL can't be visible and they are holding up other mobile apps login as examples that do not show it.
    Aaron Parecki
    @rogue__leader Yeah sorry, 140 chars isn't enough 😭

    Before SFSafariView, the only way to securely do OAuth was to launch the native Safari browser. This meant you'd get bounced out of the app, which a lot of developers didn't want to do to their users. I don't disagree that this was a bad experience, and plenty of people feel the same.

    What ended up happening is people instead started embedding the WebView into their apps, in order to avoid having their users bounce out of the app and come back. The compromise in this case is that people would have to type their password to log in, because the embedded WebView doesn't share cookies with the system browser.

    It took Apple a long time to roll out SFSafariView, so there are just a lot of apps out there that still have the embedded WebView.

    Advantages of WebView:
    • Does not make the user leave the app to complete the OAuth flow

    Problems with WebView:
    • User has no way to verify they are on the real website, so phishing attacks are undetectable
    • Does not share system cookies, so users have to type their password every time

    Advantages of SFSafariView:
    • Does not make the user leave the app to complete the OAuth flow
    • The user can see the address bar so can verify they're on the correct website
    • Shares system cookies, so the user won't have to type their password if they've already signed in using the native Safari app

    I should probably turn this into a proper blog post.
    Portland, Oregon
    2 replies
    Thu, May 4, 2017 10:47am -07:00 #oauth2
  • Paul C Pederson http://paulcpederson.com/   •   Apr 20
    Haha I literally just started using this 😂
    Aaron Parecki
    @paulcpederson 😂😂😂😭
    Portland, Oregon
    Thu, Apr 20, 2017 4:56pm -07:00
  • Aaron Parecki
    why 😭 @DropboxSupport
    Portland, Oregon, USA
    3 replies
    Thu, Mar 2, 2017 4:46pm -08:00 #dropbox
  • Aaron Parecki
    Welp. That's an awesome "welcome to the neighborhood" a week after moving in. 😭 So much for the "secure" courtyard bike parking.
    Portland, Oregon, USA
    4 likes 59 replies
    Thu, Dec 1, 2016 7:38pm -08:00 #sbd #stolen
  • Aaron Parecki
    Finally have a free evening and home before 7pm. Which of my 12 active projects should I work on tonight? 😂😭
    Portland, Oregon, USA
    9 likes 6 replies
    Thu, Jun 16, 2016 6:15pm -07:00
  • Aaron Parecki
    at Weissman Dental
    Portland, Oregon • Wed, December 17, 2014 8:00am
    45.519222 -122.683982
    😬😭
    Portland, OR, United States
    Wed, Dec 17, 2014 8:00am -08:00
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv