Aaron Parecki

71°F

Grant Horwood ↙↙↙ https://twitter.com/gbhorwood

like, am i going to watch this guy's video on oauth? is it going to be accurate and insightful? i have no idea. but the second i saw that nineties "i'm running slackware on a sparc station 10" beard, i slammed the 'play' button.

Malmö, Skåne län • 40°F

Wed, Nov 6, 2019 4:23pm +00:00 (liked on Wed, Nov 6, 2019 5:42pm +01:00)
Last night at the #oredev speaker dinner I got to participate in either an old Swedish tradition or an elaborate prank they play on foreigners: alternating between the sauna and jumping into the Baltic Sea three times.

Either way it was a fun experience. 😆

Malmö, Skåne län • 40°F

18 likes 4 replies

Wed, Nov 6, 2019 5:15pm +01:00 #oredev
at SkajBar

Malmö, Skåne, Sweden • Wed, November 6, 2019 5:02pm

55.565773 12.975895

Malmö, Skåne, Sweden • 40°F

35 Coins

Wed, Nov 6, 2019 5:02pm +01:00
Egil Sørensen https://twitter.com/egilegil

Very good presentation, thoroughly enjoyed it. Inclusion of cats as visual aids are also always welcome 👍🙂

Malmö, Skåne län • 40°F

Wed, Nov 6, 2019 3:18pm +00:00 (liked on Wed, Nov 6, 2019 4:25pm +01:00)
David Neal 🥓🥑 https://twitter.com/reverentgeek

Hey! Could you do me a favor? I've published what I *hope to be* an informative and entertaining intro to OAuth & OIDC. It would be so awesome to hear your feedback so I can get better at making these types of videos! Please share it with others, too! https://www.youtube.com/watch?v=t18YB3xDfXI

Malmö, Skåne län • 40°F

Wed, Nov 6, 2019 2:39pm +00:00 (liked on Wed, Nov 6, 2019 4:25pm +01:00)
Darryl Young https://twitter.com/darryl_young • Nov 6
Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.

Malmö, Skåne län • 40°F

4 replies

Wed, Nov 6, 2019 4:22pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
As I'm also using Expo, I followed the following to start with and there was no redirect_uri used.

https://medium.com/appandflow/eli5-sign-in-with-apple-for-react-native-using-expo-sdk35-node-js-5210cdb94bd6

I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.

Malmö, Skåne län • 41°F

1 reply

Wed, Nov 6, 2019 4:02pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.

Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.

Malmö, Skåne län • 41°F

4 replies

Wed, Nov 6, 2019 3:35pm +01:00
Mike Ortiz https://twitter.com/ortizmj12 • Nov 1
hey @aaronpk, thanks again for the great talk at #bsidespdx! Any chance you'll be sharing the slide deck? I wanted to review them again and there were some links in there I wanted to follow up on :)

Video is up and slides are linked from there! https://www.youtube.com/watch?v=xSDeToCyJjo&list=PLRyLn6THA5wN05b3qJ6N0OpL3YbritKI-

Malmö, Skåne län, SWE • 41°F

1 like 1 reply

Wed, Nov 6, 2019 2:49pm +01:00
Slides from my "How to Hack OAuth" talk at #oredev are up!

https://speakerdeck.com/aaronpk/how-to-hack-oauth-oredev-2019

Thanks everyone for coming to watch and I hope you got something out of it! I'll post again when the video is out!

Malmö, Skåne län, SWE • 41°F

28 likes 4 reposts 1 reply

Wed, Nov 6, 2019 2:47pm +01:00 #oredev #oauth
Peter Bhat Harkins https://twitter.com/pushcx

@Lobsters fetches web pages for a couple reasons:
* to prefill the title field on new links as a convenience
* to cache story text for the search engine
* to check for rel=canonical links
* to auth github/twitter/keybase accounts
* to send webmentions back to blogs

Malmö, Skåne län • 41°F

Wed, Nov 6, 2019 1:41pm +00:00 (liked on Wed, Nov 6, 2019 2:43pm +01:00)
Darryl Young https://twitter.com/darryl_young • Nov 6
Ah, that’s a shame. It seemed to be going well so far and I thought I'd be done today but since getting "invalid_grant" I've made no progress (I'm using it in an Expo app). I've seen it mentioned in a few places but nobody seems to have a solution. Thanks for the quick reply. 👍

They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple

Malmö, Skåne län, SWE • 40°F

1 like 2 replies

Wed, Nov 6, 2019 2:38pm +01:00
Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna

A quick and easy visualization of Back Channel data transfer vs Front Channel data transfer by @aaronpk at #oredev!
I'll now be sitting here dreaming of a world where kitties come to give me my access tokens ..

Malmö, Skåne län • 41°F

Wed, Nov 6, 2019 12:49pm +00:00 (liked on Wed, Nov 6, 2019 1:51pm +01:00) #oredev
Filip Bech 🇩🇰 https://twitter.com/Filipbech

Super interesting talk about hacking #oauth by @aaronpk ... insightful!

Malmö, Skåne län • 41°F

Wed, Nov 6, 2019 12:37pm +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oauth
Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna

This is absolutely how it feels trying to learn OAuth when you're first starting out.... Ok fine, this is how I still feel some days @aaronpk #oredev

Malmö, Skåne län • 41°F

Wed, Nov 6, 2019 12:02pm +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oredev
Bailey Hanna @ #Oredev2019 https://twitter.com/BaileyHanna

Incredibly excited to hear @aaronpk talk about How To Hack OAuth! Such a relevant topic to my current work and a talk I've been looking forward to since it was announced! #oredev

Malmö, Skåne län • 41°F

Wed, Nov 6, 2019 11:58am +00:00 (liked on Wed, Nov 6, 2019 1:46pm +01:00) #oredev
at MalmöMässan

Malmö, Skåne, Sweden • Wed, November 6, 2019 8:19am

55.566229 12.977125

Øredev day 1!

Malmö, Skåne, Sweden • 35°F

6 Coins

Wed, Nov 6, 2019 8:19am +01:00
at Best Western Malmö Arena Hotel

Malmö, Skåne, Sweden • Wed, November 6, 2019 8:18am

55.565671 12.976025

Malmö, Skåne, Sweden • 35°F

9 Coins

Wed, Nov 6, 2019 8:18am +01:00
at Percy´s Restaurant & Bar

Malmö, Skåne, Sweden • Wed, November 6, 2019 7:43am

55.56483 12.975995

Malmö, Skåne, Sweden • 35°F

25 Coins

Wed, Nov 6, 2019 7:43am +01:00
at SkajBar

Malmö, Skåne, Sweden • Tue, November 5, 2019 10:00pm

55.565773 12.975895

Malmö, Skåne, Sweden • 37°F

30 Coins

Tue, Nov 5, 2019 10:00pm +01:00

older