Aaron Parecki

#OAuth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• Connect2id https://twitter.com/connect2id

  We set out to give an overview of #OAuth 2.1, for developers already familiar with OAuth 2.0 as well as newcomers @DickHardt @aaronpk @tlodderstedt http://c2id.co/8q

  

  Portland, Oregon • 61°F

  Thu, Aug 6, 2020 6:03pm +00:00 (liked on Thu, Aug 6, 2020 11:16am -07:00) #OAuth
• Least privilege with less effort: Macaroon access tokens in AM 7.0 – Neil Madden (neilmadden.blog)

  "The only problem was it turned out that even if you did have the secret key you often couldn’t use the token either, because it was just too hard to get request signing to work reliably. Some brave souls periodically try and revive this idea."

  Thu, Jul 30, 2020 10:54am -07:00 #oauth #signing
• 

  OAuth 2.1 has officially been adopted by the IETF OAuth working group! 🎉
  
  https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
  
  I'll be chatting about this and many other updates from last week's security workshop today during OAuth Happy Hour! Join me and bring your questions!
  
  https://www.youtube.com/watch?v=sUEBatNmsbY

  Portland, Oregon • 71°F

  36 likes 11 reposts 3 replies 1 mention

  Thu, Jul 30, 2020 8:51am -07:00 #oauth
• Blort™ (Unofficial) 🚫 https://social.tchncs.de/@Blort   •   Jul 25

  @aaronpk
  So, have you heard of any progress on the horizon towards a self hostable identity/authorization login service yet?

  Still waiting for the day that logging into another Fediverse service is as easy as logging into a new website with Facebook...(or at least that we can see progress towards something like it...) #Mozilla #Persona looked good. Not sure if #ReclaimID is going anywhere. I'd love to hear about it if something is moving forward somewhere...

  (Not sure if #Oauth related or not)
  

  I'm doing a talk at #APConf about exactly this... how the fediverse can use #OAuth to achieve exactly this goal! https://conf.activitypub.rocks/

  Portland, Oregon • 67°F

  Fri, Jul 24, 2020 8:00pm -07:00 #apconf #oauth
• 

  Shoutout to the #osw2020 organizers for putting together an extremely successful virtual event! 🎉 Even if it did mean I had to be awake and on camera by 5am the last three days. 😴 Still had a great bunch of #OAuth discussions!

  Portland, Oregon • 70°F

  10 likes 1 repost 1 reply

  Fri, Jul 24, 2020 3:05pm -07:00 #osw2020 #oauth
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  OAuth 2.1 becomes the simpler & more secure #OAuth. A bunch of existing RFCs and drafts roll into one, so easier to follow too. Presented by @aaronpk at the #osw2020

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:57pm +00:00 (liked on Wed, Jul 22, 2020 8:16am -07:00) #OAuth #osw2020
• OAuth 2.1

  Jul

  22

  July 22, 2020 7:30am - 8:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• 

  My view today for the OAuth Security Workshop! #osw2020

  

  Portland, Oregon • 64°F

  17 likes 2 reposts 2 replies

  Wed, Jul 22, 2020 6:31am -07:00 #oauth #osw2020
• Protecting Single-Page Apps using OAuth

  Jul

  22

  July 22, 2020 5:30am - 6:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  Today @aaronpk will be presenting #OAuth 2.1. The core OAuth grants are getting consolidated, security gets hardened with PKCE #osw2020 https://barcamptools.eu/oauth-security-workshop-2020/events/0d0423b6-5924-4e6f-8b3b-63edbbe0ae59/oauth_2_1

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 8:56am +00:00 (liked on Wed, Jul 22, 2020 4:52am -07:00) #OAuth #osw2020
• OAuth Security Workshop

  Jul

  22

  Jul

  23

  Jul

  24

  July 22-24, 2020
  3 days

  Scandic Nidelven

  Trondheim, Trøndelag, NOR

  permalink #oauth #okta
• 

  I'm going live with @afitnerd in 5 minutes to talk about OAuth, online security, and also chat about yesterday's massive #TwitterHack! Join us, and bring your OAuth questions! https://youtu.be/dJl5wNAPm-w

  Portland, Oregon, USA

  3 likes 1 repost

  Thu, Jul 16, 2020 12:55pm -07:00 #oauth #twitter #security #twitterhack
• An offensive guide to the Authorization Code grant (postvidia.com)

  Tue, Jul 14, 2020 4:58pm -07:00 #oauth #security
• The State of OAuth

  Jun

  30

  June 30, 2020 10:20am - 10:45am (-0700)

  Online

  Interface by API Days

  View Slides

  permalink #oauth
• 

  I'm going live in 10 minutes talking about the State of OAuth at @APIDaysGlobal!
  
  Register for free → https://www.apidays.co/interface

  Portland, Oregon • 63°F

  5 likes 1 repost

  Tue, Jun 30, 2020 10:09am -07:00 #oauth
• Why AnyList Won’t Be Supporting Sign In with Apple - AnyList Blog (blog.anylist.com)

  Mon, Jun 29, 2020 9:21pm -07:00 #apple #oauth
• 

  sneak peek of an image I made for a talk tomorrow
  
  can you guess what it's about?

  

  Portland, Oregon • 73°F

  14 likes 1 repost 10 replies

  Mon, Jun 29, 2020 6:37pm -07:00 #oauth #gollum
• Interface by API Days

  Jun

  30

  Jul

  1

  June 30 through July 1, 2020
  

  Online

  permalink #apidays #oauth

• The Real Cause of the Sign In with Apple Zero-Day

  

  The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.

  continue reading...

  37 likes 19 reposts 1 bookmark 9 replies 25 mentions

  Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
• 

  Going live with @afitnerd in 10 minutes to talk about all things #OAuth and OpenID Connect! I think we might even have a demo of a pretty sneaky attack to show off!
  
  https://youtu.be/moQidjdV5cw

  Portland, Oregon • 56°F

  2 likes 2 reposts

  Thu, May 21, 2020 12:49pm -07:00 #oauth #oidc