75°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • @goto https://twitter.com/samuelgoto   •   Oct 8
    No, in the sense are these designed such that two different RPs get the same global identifier for the same user?
    Aaron Parecki
    Oh yeah, that's intentional. It'd be interesting to explore what it could look like otherwise tho.
    Portland, Oregon • 47°F
    1 like 19 replies
    Thu, Oct 7, 2021 9:27pm -07:00
  • @goto https://twitter.com/samuelgoto   •   Oct 8
    "Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(
    Aaron Parecki
    Do you mean when there's a viable replacement for DNS? We can cross that bridge when we come to it.
    Portland, Oregon • 47°F
    21 replies
    Thu, Oct 7, 2021 9:24pm -07:00
  • @goto https://twitter.com/samuelgoto   •   Oct 7
    Ok, I did look into this more carefully and I remember running into this earlier.

    How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?
    Aaron Parecki
    There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect
    Portland, Oregon • 48°F
    23 replies
    Thu, Oct 7, 2021 9:20pm -07:00
  • @goto https://twitter.com/samuelgoto   •   Oct 7
    @aaronpk on a related note: does any part of IndieAuth break when browsers block third party cookies?
    Aaron Parecki
    No, none of it relies on third party cookies thankfully, it's closer to plain OAuth in that sense.
    Portland, Oregon • 48°F
    1 reply
    Thu, Oct 7, 2021 9:17pm -07:00
  • Roberto Blake πŸ‡ΊπŸ‡ΈπŸ‡΅πŸ‡¦πŸ—½Creative Entrepreneur https://twitter.com/robertoblake   •   Oct 7
    For those who have renovated a basement for YouTube or streaming, about how much was the total project?
    Aaron Parecki
    I do not want to add it all up
    Portland, Oregon • 43°F
    6 likes
    Thu, Oct 7, 2021 6:34am -07:00
  • @goto https://twitter.com/samuelgoto   •   Oct 7
    Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?
    Aaron Parecki
    Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship.

    We built IndieAuth to avoid the need for any client registration and it works great for that use case: https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web
    Portland, Oregon, USA • 51°F
    1 like 1 reply
    Wed, Oct 6, 2021 7:49pm -07:00
  • Aaron Parecki https://aaronparecki.com/   •   Oct 6
    At the end of the day, OAuth is just a way to communicate between services and users, and as such it's easy to grasp and non-controversial.

    OAuth solved a universal problem – signing into a web site – and, in doing so, created a new problem: how does a site know it's really you?
    Aaron Parecki
    Follow @wtf_oauth for your daily dose of OAuth humor, which will be funny to approximately 0.0001% of you
    Portland, Oregon, USA • 52°F
    8 likes 1 repost
    Wed, Oct 6, 2021 7:23pm -07:00
  • John Allsopp https://twitter.com/johnallsopp   •   Oct 7
    what I usually say to speakers is a rough title and 3-4 bullet points of what you want to cover as a start-I think why it's challenging is folks try to "sell" the talk from the get go, rather than refine the focus, then worry about selling it
    Aaron Parecki
    here you are trying to be actually helpful and I've just gone and set up a new parody twitter account @wtf_oauth

    now back to work, let me actually read this now πŸ˜…
    Portland, Oregon, USA • 52°F
    2 likes
    Wed, Oct 6, 2021 7:20pm -07:00
  • Gabe Cohen https://twitter.com/_gabecohen   •   Oct 7
    https://www.copy.ai/
    Aaron Parecki
    I think copy.ai has it out for Khan Academy

    "I want to start a company based around making great educational content on truly complex concepts like OAuth. Think Khan Academy but also feel like you're talking with an expert."
    Portland, Oregon, USA • 55°F
    2 likes 1 reply
    Wed, Oct 6, 2021 6:21pm -07:00
  • Jesse Vincent https://twitter.com/obra   •   Oct 7
    Write the full talk, then train a neural net to summarize the transcript.
    Aaron Parecki
    That would very likely get me a better result than feeding this AI 3 sentences and having it come up with comedy gold like this:

    "OAuth is like having the Facebook app on your phone, but you are using the same password that you are using for everything else."
    Portland, Oregon, USA • 55°F
    2 likes
    Wed, Oct 6, 2021 6:18pm -07:00
  • Not Fake Adam Kalsey https://twitter.com/akalsey   •   Oct 7
    Give the same talk repeatedly.
    Aaron Parecki
    I actually mostly do, but for this one I want to branch out and approach things differently
    Portland, Oregon, USA • 55°F
    1 reply
    Wed, Oct 6, 2021 6:12pm -07:00
  • Aaron Parecki https://aaronparecki.com/   •   Oct 6
    oh but this sentence it made is gold:

    "Developed for internal use at Google, OAuth is an elegant solution to making web services easy to use while keeping your private data private."
    Aaron Parecki
    this is so much more fun than writing this CFP:

    "At the end of the day, OAuth is just a messaging protocol for communicating between services and users, and as such it's easy to grasp and non-controversial."
    Portland, Oregon, USA • 55°F
    3 likes 1 repost
    Wed, Oct 6, 2021 5:54pm -07:00
  • Aaron Parecki https://aaronparecki.com/   •   Oct 6
    oh my god it's repeating sentences back to me that I've written in blog posts and other places online πŸ˜‚
    Aaron Parecki
    oh but this sentence it made is gold:

    "Developed for internal use at Google, OAuth is an elegant solution to making web services easy to use while keeping your private data private."
    Portland, Oregon, USA • 55°F
    2 likes 1 reply
    Wed, Oct 6, 2021 5:50pm -07:00
  • John Allsopp https://twitter.com/johnallsopp   •   Oct 7
    shoot it over and I'll write it for you! :-)
    Aaron Parecki
    well now I'm trying to describe what I'm trying to write about and realizing that if I could do that well that would be the CFP πŸ˜…
    Portland, Oregon, USA • 55°F
    2 likes 2 replies
    Wed, Oct 6, 2021 5:47pm -07:00
  • Gabe Cohen https://twitter.com/_gabecohen   •   Oct 7
    https://www.copy.ai/
    Aaron Parecki
    oh my god it's repeating sentences back to me that I've written in blog posts and other places online πŸ˜‚
    Portland, Oregon, USA • 55°F
    4 likes 1 reply
    Wed, Oct 6, 2021 5:47pm -07:00
  • John Allsopp https://twitter.com/johnallsopp   •   Oct 7
    this is why I write a lot of the abstracts for speakers at our conferences! I know speakers often hate this bit the most!
    Aaron Parecki
    wow that is next level! πŸ’―
    Portland, Oregon, USA • 55°F
    1 like 4 replies
    Wed, Oct 6, 2021 5:41pm -07:00
  • foone https://twitter.com/Foone   •   Oct 3
    god this post continues to be relevant. I've yet to block someone who is like UM ACTUALLY CRYTPYO IS GOOD ACTUALLY without them having their favorite crytypo in their name and all over their bio
    https://twitter.com/Foone/status/1442846073316265984
    Aaron Parecki
    I appreciate that you've misspelled all the words because otherwise my bot would have auto-blocked you by now and these threads continue to be just gold πŸ˜‚
    Portland, Oregon, USA • 56°F
    1 like 1 reply
    Wed, Oct 6, 2021 5:18pm -07:00
  • Farasath Ahamed https://twitter.com/farazath619   •   Oct 6
    Thanks @aaronpk for the clarification πŸ‘
    So OAuth 2.1 is essentially OAuth 2.0 without the naughty bits :)
    Aaron Parecki
    That's one way to say it πŸ˜‚πŸ˜‚πŸ˜‚
    Portland, Oregon, USA • 48°F
    2 likes
    Wed, Oct 6, 2021 8:21am -07:00
  • Farasath Ahamed https://twitter.com/farazath619   •   Oct 6
    Noticed that the resource owner password and implicit grants are removed from the 2.1 (For obvious reasons :))

    But doesn't that make the OAuth 2.1 framework backward incompatible with OAuth 2.0?

    OAuth 2.1 kind of gives the feeling its a slight(minor) change from OAuth 2.0
    Aaron Parecki
    Password and Implicit are already not part of OAuth 2.0 as described by the Security Best Current Practice. The 2.1 update is leaving them out so that you don't have to first learn about them and then read another doc telling you not to use them.
    Portland, Oregon, USA • 48°F
    3 likes 3 replies
    Wed, Oct 6, 2021 8:17am -07:00
  • Doug Bowman https://twitter.com/stop   •   Oct 4
    And where did you come to point that out? πŸ˜‰
    Aaron Parecki
    my website of course πŸ˜‰
    Portland, Oregon, USA • 57°F
    2 likes
    Mon, Oct 4, 2021 11:27am -07:00
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • πŸŽ₯ YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • βš™οΈ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv