Aaron Parecki

Tony https://twitter.com/Tonyatwork • Mar 1
So he came back around. Funny thing is that when he was far off he put on his left turn signal like he was just gonna head to Burnside. But then he saw me still there and jammed on the gas and went for the intimidation move and blew out his front right tire! Bwah, ha, ha, ha!

what was he even thinking hitting the gas like that?? people like this make me so mad, I hope that is a very expensive repair bill

Portland, Oregon • 56°F

8 likes 1 reply

Tue, Mar 1, 2022 12:40pm -08:00
Joël Franusic https://twitter.com/jf • Mar 1
… the man pulls an electric chainsaw out of the back of the truck, plugs in into the truck and starts cutting down a tree “… that just ain’t true”

I am pretty sure I have already seen this F150 ad

Portland, Oregon • 57°F

1 like

Mon, Feb 28, 2022 8:45pm -08:00
Luria Petrucci https://twitter.com/LuriaPetrucci • Feb 26
Hosting any live streams this weekend? Drop your link in the comments 🤗

Live every Sunday! This time talking about copyright claims on YouTube! https://youtu.be/FzX0lmV8rRA

Portland, Oregon • 35°F

1 like

Sat, Feb 26, 2022 8:17am -08:00
Jake Sloan https://twitter.com/jakesloaninak • Feb 26
With the amount of traveling I have been doing in the last year, I think the single best thing I did was buy an @AlaskaAir lounge pass. Coffee, food, great wifi and a quiet place to relax between flights. I’ve even live-streamed from one in Seattle!

ooh this is relevant to my interests. They didn't mind you live-streaming from there? Did you go find a private booth or just set up in the corner somewhere? I have some trips coming up...

Portland, Oregon • 33°F

1 like 1 reply

Sat, Feb 26, 2022 6:27am -08:00
Vittorio https://twitter.com/vibronet • Feb 25
Yesterday I was attending a 350ppl Zoom meeting while driving.
The car in front of me made me miss a green light🚦, & I let out a scream of pure, unadulterated rage😡 .
The presenter suddenly stopped and everyone in chat wondered what made Vittorio so upset. I was unmuted 😅 oops

It was frankly an unforgettable moment 😅

Portland, Oregon • 43°F

4 likes

Fri, Feb 25, 2022 5:33pm -08:00
https://events.indieweb.org/2022/03/micro-camp-2022-IW2Qp3ygHike

I'll be there for the second half of the day! Looking forward to it!

Portland, Oregon, USA • 33°F

Thu, Feb 24, 2022 7:30pm -08:00
Brock Allen https://twitter.com/BrockLAllen • Feb 25
Arguably, tho, PKCE and putting a client secret into a SPA are orthogonal. It's conflating two things that work differently. Poor devs can't understand those differences.

The error should be "we see you sent a client secret and an Origin header. is your client a SPA?"

I totally agree, this error message makes no sense. I'm going to file a ticket tomorrow internally to fix it.

Portland, Oregon, USA • 33°F

Thu, Feb 24, 2022 7:18pm -08:00
Hirsch Singhal https://twitter.com/hpsin_ • Feb 25
Helps prevent devs from putting their client secrets in a web page to perform the client creds flow, yep. When AAD enabled this, we definitely got a couple support calls on that. This was how we ratcheted forward PKCE use from suggested to required as well.

yep you guessed it! misleading error message but that's exactly what was going on.

Portland, Oregon, USA • 33°F

2 replies

Thu, Feb 24, 2022 7:07pm -08:00
Brock Allen https://twitter.com/BrockLAllen • Feb 25
Ah, good question -- I didn't notice that. I bet their client config is misconfigured then.

Yep, I confirmed my suspicion. Misleading error message. Will post details on the github thread.

Portland, Oregon, USA • 33°F

1 like

Thu, Feb 24, 2022 7:03pm -08:00
Brock Allen https://twitter.com/BrockLAllen • Feb 25
People are asking, when using standards compliant OIDC client libraries:

https://github.com/authts/oidc-client-ts/issues/395#issue-1149525542

why does that example have the browser sending a client secret in the request? That seems odd. Happy to continue this over on the github thread.

Portland, Oregon, USA • 34°F

2 replies

Thu, Feb 24, 2022 6:58pm -08:00
Brock Allen https://twitter.com/BrockLAllen • Feb 25
It's confusing as hell, and I'm confused by the implementation -- on the token endpoint if Origin is present, you require that the authz used PKCE? That's about the only valid approach to that I can imagine.

Yeah that's right. I agree it's super confusing and has caused some tricky issues before. It may be different in the new platform but I'd have to double check

Portland, Oregon • 34°F

4 replies

Thu, Feb 24, 2022 6:53pm -08:00
Brock Allen https://twitter.com/BrockLAllen • Feb 25
Hey @aaronpk, can you explain this help article? It makes no sense to me. TIA

https://support.okta.com/help/s/article/Browser-requests-to-the-token-endpoint-must-use-Proof-Key-for-Code-Exchange?language=en_US

Oh yeah, I remember this one. I don't remember if this is still current behavior, but basically Okta is tying to prevent browsers from using anything other than the authorization code PKCE flow. It does that by detecting the Origin header which isn't sent by server apps.

Portland, Oregon • 34°F

1 like 11 replies

Thu, Feb 24, 2022 6:50pm -08:00
Aaron Parecki https://aaronparecki.com/ • Feb 23
Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/

I didn't realize before, but their docs are open source! I just sent them a PR to fix it!

https://github.com/18F/identity-dev-docs/pull/235

Portland, Oregon, USA • 29°F

8 likes

Wed, Feb 23, 2022 11:25am -08:00
DoctorMac https://micro.blog/DoctorMac • Feb 23
@aaronpk you would use this mechanism: 18f.gsa.gov/vulnerabi...

"We accept and discuss vulnerability reports on HackerOne, via email at tts-vulnerability-reports@gsa.gov, or through the form"

HackerOne is the preferred reporting.

Thanks, it's not a security issue, just some misleading wording in the docs. I sent them a PR to fix it!

Portland, Oregon, USA • 29°F

Wed, Feb 23, 2022 11:24am -08:00
Jason Garber https://twitter.com/jgarber • Feb 23
18F manages the app. Main source repo is here: https://github.com/18F/identity-idp

Not sure if the docs are generated from there, though.

oh awesome, their docs are on there! I will just send them a PR then!

https://github.com/18F/identity-dev-docs

Portland, Oregon, USA • 29°F

1 like 1 reply

Wed, Feb 23, 2022 9:47am -08:00
Nils https://coolworld.cc/@n • Feb 20
@aaronpk Lawyer up and hit em hard. False DMCA claims are no Kavaliersdelikt (there‘s one for your German lessons).

Thankfully the place I licensed the songs from has a team of lawyers on it now!

Portland, Oregon • 40°F

Sun, Feb 20, 2022 7:42am -08:00
Raphael Lullis https://mastodon.communick.com/@raphael • Feb 20
@aaronpk Aaron, so many popular youtubers dealing with bogus copyright claims now... what is missing on the open source video streaming platforms for them to make the
switch? Is it "just" a matter of network effects?

Yeah there's a lot more to it than just pushing out a video stream. Discovery and payments are the two big reasons to use YouTube/Twitch.

If you stream on your own website, nobody will know unless you tell them thru some other network. If you also want to monetize that you have to sell your own ads.

Portland, Oregon • 41°F

Sun, Feb 20, 2022 6:16am -08:00
Vittorio https://twitter.com/vibronet • Feb 20
Any day now

Me picking out new kitchen appliances

Portland, Oregon • 46°F

1 like

Sat, Feb 19, 2022 10:24pm -08:00
Sara Dietschy 🍑y https://twitter.com/saradietschy • Feb 20
How do yal spend your Saturday night 🙃

I mean, since you asked... https://twitter.com/aaronpk/status/1495218082461011969

Portland, Oregon • 46°F

Sat, Feb 19, 2022 8:15pm -08:00
Anandkar https://twitter.com/anandkar1987 • Feb 20
I want to buy this course. Is there any coupon code?

Yeah! Udemy runs coupons on it pretty often! I don't know the exact schedule, but check back again every week or so and you'll probably find it discounted!

Portland, Oregon • 46°F

Sat, Feb 19, 2022 8:14pm -08:00

older