Aaron Parecki

#OAuth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  #oauth #oauth2

  Sat, Feb 4, 2017 11:35am -08:00

• London (LHR) to Portland (PDX)

  November 11, 2022 from 2:25pm (+0100) to 4:35pm (-0700)

  British Airways Flight 267

  

  Portland Intl in Portland

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• IETF 114

  Nov

  5

  Nov

  …

  Nov

  11

  November 5-11, 2022
  7 days

  Hilton London Metropole

  London, England, GBR

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• Portland (PDX) to Seattle (SEA)

  November 3, 2022 from 4:45pm to 5:41pm (-0700)

  Alaska Flight 2102

  Seattle (SEA) to London (LHR)

  November 3, 2022 at 8:28pm (-0700) until Nov 4 at 12:45pm (+0000)

  American Airlines Flight 156

  

  Heathrow in London

  #ietf114 #okta #ietf #oauth

  permalink
• 

  I'm working on a new video course, (tentatively) called "Advanced OAuth Security"!
  
  If you'd like to be the first to hear when it goes live, you can sign up for my email list here!
  
  https://oauth2simplified.com

  Portland, Oregon, USA • 68°F

  15 likes 5 replies

  #oauth

  Fri, Sep 16, 2022 2:13pm -07:00
• OAuth WG

  New Draft of OAuth for Browser-Based Apps (Draft -11)

  With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.

  continue reading...

  #oauth #oauth2

  Thu, Sep 15, 2022 6:04pm -07:00
• 

  Just published a new version of OAuth 2.0 for Browser-Based Apps!
  
  https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html
  
  If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!

  Portland, Oregon, USA • 67°F

  19 likes 3 reposts 1 reply

  #oauth

  Tue, Sep 13, 2022 11:26am -07:00
• IRC × OAuth 2.0 · emersion (emersion.fr)

  #oauth

  Tue, Sep 13, 2022 10:19am -07:00
• Aaron Parecki https://aaronparecki.com/   •   Aug 23

  The way I like to think about it is:
  
  If the client knows when the AT will (likely) expire, it can proactively refresh the token.
  
  There is nothing the client can do differently if it knows when the RT will (likely) expire.
  

  Yes, the client needs to be able to handle unexpected expiration of both the AT and RT, which tbh is more an argument that the AS should never return expires_in than an argument that it should return it for both tokens.

  Seattle, Washington, USA • 79°F

  1 like 1 reply

  #oauth

  Tue, Aug 23, 2022 4:49pm -07:00
• Dan Moore https://twitter.com/mooreds

  A little #oauth #ietf existential humor to lighten your day, courtesy of @__b_c

  

  Portland, Oregon • 72°F

  #oauth #ietf

  Tue, Aug 23, 2022 4:44pm +00:00 (liked on Tue, Aug 23, 2022 10:42am -07:00)
• Let websites framebust out of native apps | Holovaty.com (www.holovaty.com)

  #apps #security #oauth

  Sun, Aug 14, 2022 6:20am -07:00
• 

  Throwback to the OAuth WG dinner at #IETF114 in Philadelphia!
  
  Tag yourself if I missed you!
  
  @vibronet @timcappalli @__b_c @PieterKasselman @hpsin_ @selfissued @rifaat_sy and @kristinayasuda even tho she arrived just after this photo

  

  Portland, Oregon, USA • 73°F

  12 likes

  #ietf #oauth #ietf114

  Fri, Aug 12, 2022 12:12pm -07:00
• 

  In case you needed a reminder about why we care so much about OAuth/OIDC flows being used in the system browser and not embedded browsers, Instagram injects their own tracking code in every web page you visit inside Instagram https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

  Austin, Texas, USA • 99°F

  53 likes 20 reposts 9 replies

  #instagram #oauth

  Wed, Aug 10, 2022 1:46pm -05:00
• Dr. Fett https://twitter.com/dfett42

  I had a very productive week at #ietf114! Got a ton of things done esp. in #OAuth WG - SD-JWT went to call for adoption, security BCP advanced, and @__b_c pushed DPoP forward. Looking forward to London in November!

  Portland, Oregon • 67°F

  #ietf114 #OAuth

  Mon, Aug 1, 2022 12:47pm +00:00 (liked on Mon, Aug 1, 2022 7:16am -07:00)
• Philadelphia (PHL) to Seattle (SEA)

  July 29, 2022 from 6:20pm (-0400) to 9:20pm (-0700)

  Alaska Flight 23

  Seattle (SEA) to Portland (PDX)

  July 29, 2022 from 10:45pm to 11:37pm (-0700)

  Alaska Flight 239

  

  Portland Intl in Portland

  #okta #oktadev #ietf #oauth

  permalink
• Vittorio https://twitter.com/vibronet

  One of the #oauth sessions at #IETF114 I was looking forward to- @hpsin_ presenting on token theft as observed in @github

  

  Philadelphia, Pennsylvania • 87°F

  #oauth #IETF114

  Mon, Jul 25, 2022 3:20pm +00:00 (liked on Mon, Jul 25, 2022 11:36am -04:00)
• Vittorio https://twitter.com/vibronet

  Customary update about #OAuth 2.1 from @aaronpk - at #IETF114.
  Great progress!

  

  Philadelphia, Pennsylvania • 87°F

  #OAuth #IETF114

  Mon, Jul 25, 2022 2:58pm +00:00 (liked on Mon, Jul 25, 2022 11:18am -04:00)
• Vittorio https://twitter.com/vibronet

  The #IETF114 #oauth WG meeting is going to be a tour de force.
  I think I’ll have to rap thru the deck to make it in 10 - perhaps I can convince @__b_c to beatbox 😛

  

  Philadelphia, Pennsylvania • 97°F

  #IETF114 #oauth

  Sun, Jul 24, 2022 6:44pm +00:00 (liked on Sun, Jul 24, 2022 4:36pm -04:00)
• 

  Heading to Philly for #IETF114! Come find me and say hi! My agenda:
  
  Mon 10-12 OAuth WG
  Tue 10-11:30 OAuth Side Meeting
  Wed 10-11:30 OAuth Side Meeting
  Wed 2-3:30 SCIM Side Meeting
  Thu 10-12 GNAP WG
  Thu 2-3:30 OAuth Side Meeting
  Thu 4-5:30 SCIM Side Meeting
  Fri 12:30-2:30 SCIM WG

  Alaska Flight 32 SEA to PHL in Seattle, Washington, USA

  12 likes 2 reposts 1 reply

  #ietf #ietf114 #oauth #gnap #scim

  Sat, Jul 23, 2022 2:48pm -05:00
• Portland (PDX) to Seattle (SEA)

  July 23, 2022 from 5:00am to 6:03am (-0700)

  Alaska Flight 240

  Seattle (SEA) to Philadelphia (PHL)

  July 23, 2022 from 8:55am (-0700) to 5:10pm (-0400)

  Alaska Flight 32

  

  Philadelphia Intl in Philadelphia

  #okta #oktadev #ietf #oauth

  permalink
• Vittorio https://twitter.com/vibronet

  The identity conferences density in Q2 is ridiculous- @secworkshop, @RSAConference, #EIC2022, @Identiverse - we owe you an update, bit time!
  Join @aaronpk and yours truly at our customary #OAuth Happy Hour to get a digest of the most salient news

  Tempe, Arizona • 109°F

  #EIC2022 #OAuth

  Wed, Jul 20, 2022 11:47pm +00:00 (liked on Wed, Jul 20, 2022 5:46pm -07:00)