85°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.
    Aaron Parecki
    What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 6:32pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    I remembered why `redirect_uri` is optional in their docs 😂

    They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.
    Malmö, Skåne län • 39°F
    Wed, Nov 6, 2019 6:19pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.
    Malmö, Skåne län • 39°F
    5 replies
    Wed, Nov 6, 2019 6:16pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.
    Malmö, Skåne län • 40°F
    4 replies
    Wed, Nov 6, 2019 4:22pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    As I'm also using Expo, I followed the following to start with and there was no redirect_uri used.

    https://medium.com/appandflow/eli5-sign-in-with-apple-for-react-native-using-expo-sdk35-node-js-5210cdb94bd6

    I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required.

    https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
    Aaron Parecki
    Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.
    Malmö, Skåne län • 41°F
    1 reply
    Wed, Nov 6, 2019 4:02pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.
    Aaron Parecki
    Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.
    Malmö, Skåne län • 41°F
    4 replies
    Wed, Nov 6, 2019 3:35pm +01:00
  • Mike Ortiz https://twitter.com/ortizmj12   •   Nov 1
    hey @aaronpk, thanks again for the great talk at #bsidespdx! Any chance you'll be sharing the slide deck? I wanted to review them again and there were some links in there I wanted to follow up on :)
    Aaron Parecki
    Video is up and slides are linked from there! https://www.youtube.com/watch?v=xSDeToCyJjo&list=PLRyLn6THA5wN05b3qJ6N0OpL3YbritKI-
    Malmö, Skåne län, SWE • 41°F
    1 like 1 reply
    Wed, Nov 6, 2019 2:49pm +01:00
  • Darryl Young https://twitter.com/darryl_young   •   Nov 6
    Ah, that’s a shame. It seemed to be going well so far and I thought I'd be done today but since getting "invalid_grant" I've made no progress (I'm using it in an Expo app). I've seen it mentioned in a few places but nobody seems to have a solution. Thanks for the quick reply. 👍
    Aaron Parecki
    They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
    Malmö, Skåne län, SWE • 40°F
    1 like 2 replies
    Wed, Nov 6, 2019 2:38pm +01:00
  • dietrich https://mastodon.social/@dietrich   •   Nov 5

    Feels like Gmail folders/labels are loading reeeeaaaallllyyy slow these days.

    Aaron Parecki
    half the time gmail fails to show some of the labels on an email, which is great when I try to go add it, and instead it then toggles the label off 🤦‍♂️
    Malmö, Skåne län • 38°F
    1 reply
    Wed, Nov 6, 2019 11:13am +01:00
  • Internet of Shit https://twitter.com/internetofshit   •   Nov 4
    Hello yes, Best Buy is bricking lights because it doesn’t feel like maintaining them anymore 😳
    Aaron Parecki
    Good timing, I'm using this example in a talk I'm doing this week ☺️
    Malmö, Skåne län, SWE • 41°F
    3 likes
    Tue, Nov 5, 2019 2:11pm +01:00
  • Justin Schuh 🤬 https://twitter.com/justinschuh   •   Nov 4
    My favorite thing about anti-Google conspiracy theories is that they all assume a level of top-down strategy and coordination across product areas that's so far beyond what the company is capable of.
    Aaron Parecki
    I try to tell people this all the time tbh
    Malmö, Skåne län • 45°F
    Tue, Nov 5, 2019 12:43am +01:00
  • Andy Baio https://twitter.com/waxpancake   •   Nov 4
    This new blazingly-fast open-source library isolates vocals from music, built on a TensorFlow model trained on tens of thousands of songs. I tested it on Lizzo, Billie Eilish, Lil Nas X, Marvin Gaye, and others—listen to the results here. https://twitter.com/waxy/status/1191432430298775555
    Aaron Parecki
    what the... this is literally something I dreamed about being able to do 20 years ago and never in a million years thought computers would be able to come close
    Malmö, Skåne län • 45°F
    9 likes
    Tue, Nov 5, 2019 12:37am +01:00
  • Gary https://twitter.com/every_daydad   •   Nov 4
    Man it feels so good to be working on an iPad again.

    I think he iPad Pro is the absolute best productivity tool I’ve ever come across and using it over the last day with iPadOS its even better.

    The only thing it cant do is play WoW 😭
    Aaron Parecki
    Are you editing videos on it too?? That's the one thing I haven't found easier on the iPad. I do prefer it for editing in Lightroom now tho!
    Malmö, Skåne län • 45°F
    1 like
    Mon, Nov 4, 2019 10:35pm +01:00
  • Internet of Shit https://twitter.com/internetofshit   •   Nov 3
    Philips Hue lighting is now on the Shitdex: https://internetofshit.net/products/philips/philips-hue
    Aaron Parecki
    Did something change, or did you just add it to the website?
    Malmö, Skåne län, SWE • 48°F
    Mon, Nov 4, 2019 11:30am +01:00
  • Pelle Wessman https://twitter.com/voxpelli   •   Nov 4
    Neat! A coffee at my office in the afternoon?
    Aaron Parecki
    That'd be great! DM me the details!
    Malmö, Skåne län • 49°F
    Mon, Nov 4, 2019 8:29am +01:00
  • Pelle Wessman https://twitter.com/voxpelli   •   Nov 3
    Oh, welcome! Didn’t know you planned to come here 😄

    Got time for a coffee/beer while here?
    Aaron Parecki
    Yes! In fact I'm free most of today!
    Malmö, Skåne län • 48°F
    2 replies
    Mon, Nov 4, 2019 8:11am +01:00
  • Jonnie Hallman https://twitter.com/destroytoday   •   Nov 3
    I was glancing through the website and one of the sections said to set up a short URL. (fwiw, I didn’t read *too* thoroughly, so it could’ve certainly been a suggestion/optional)
    Aaron Parecki
    It's definitely mentioned as optional on the "Getting Started" page if that's what you were looking at. But in general you should also think of everything on the wiki as optional, because after all it's your website!
    Malmö, Skåne län • 50°F
    1 reply
    Sun, Nov 3, 2019 10:02pm +01:00
  • Jonnie Hallman https://twitter.com/destroytoday   •   Nov 3
    I haven’t, but “Set up a personal URL shortener” is a no go for me. Bad for the web.
    Aaron Parecki
    I'm curious what you read that suggested a URL shortener was a required step. I agree they're bad for the web, but I use them for other things like in slides and in print. If nothing else we should make it more obvious that nobody is suggesting a URL shortener is required.
    Malmö, Skåne län, SWE • 50°F
    4 replies
    Sun, Nov 3, 2019 9:57pm +01:00
  • Jamie Tanna https://www.jvt.me   •   Nov 3

    Going from macOS to Ubuntu

    Aaron Parecki
    oof just read through all that since I'm starting to get annoyed at MacOS but that was enough to make me not want to switch to Linux!
    Malmö, Skåne län • 53°F
    1 reply
    Sun, Nov 3, 2019 3:23pm +01:00
  • Michael Bishop https://miklb.com/   •   Nov 3

    First lesson learned on smart home devices. Check if it is 5ghz WiFi capable.

    Aaron Parecki
    ooh that got me too. My scale is 2.4ghz only. I had to make a special SSID on 2.4ghz for it because my main one broadcasts both but it was failing to connect.
    Malmö, Skåne län • 53°F
    Sun, Nov 3, 2019 3:13pm +01:00
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv