Aaron Parecki

#OAuth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• API Tokens: A Tedious Survey · Fly (fly.io)

  Tue, Aug 24, 2021 4:36pm -07:00 #oauth #security #api
• Matt Raible https://twitter.com/mraible

  This was an excellent session from @aaronpk and @vibronet on the past and future of OAuth!
  
  Future stuff they mentioned:
  
  - RAR: Rich Authorization Requests (so you can add more to consent screens)
  - Sender-Constrained Access Tokens (to verify the sender)
  
  #OAuth #DeveloperDay

  Bellevue, Washington • 77°F

  Tue, Aug 24, 2021 7:15pm +00:00 (liked on Tue, Aug 24, 2021 3:03pm -07:00) #OAuth #DeveloperDay
• OAuth: Past, Present, and Future

  Aug

  24

  August 24, 2021 11:30am - 12:00pm (-0700)

  Online

  Developer Day

  permalink #oauth
• Changelog https://twitter.com/changelog

  🔥 New episode of The Changelog! 🔥
  
  📌 OAuth, "It's complicated."
  💫 with @aaronpk
  🎤 hosted by @adamstac @jerodsanto
  🗃️ #security
  
  💚 https://changelog.fm/456

  Portland, Oregon • 72°F

  Mon, Aug 23, 2021 11:02pm +00:00 (liked on Mon, Aug 23, 2021 4:03pm -07:00) #security #oauth
• The Changelog https://changelog.com/

  Today we’re joined by Aaron Parecki, co-founder of IndieWebCamp and maintainer of OAuth.net, for a deep dive on the state of OAuth 2.0 and what’s next in OAuth 2.1. We cover the complications of OAuth, RFCs like Proof Key for Code Exchange, also known as PKCE, OAuth for browser-based apps, and next generation specs like the Grant Negotiation and Authorization Protocol, also known as GNAP. The conversation begins with how Aaron experiments with the IndieWeb as a showcase of what’s possible.

  Mon, Aug 23, 2021 9:00am -07:00 (reposted on Mon, Aug 23, 2021 9:00am -07:00) #oauth #indieweb #changelog #podcast
• 🔑 OAuth 2.0 flows explained in GIFs - DEV Community (dev.to)

  Mon, Aug 16, 2021 2:36pm -07:00 #oauth
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 102°F

  Thu, Aug 12, 2021 11:04pm +00:00 (liked on Thu, Aug 12, 2021 4:54pm -07:00) #oauth #oktadev #api #security #okta #owncast
• 

  Live now on YouTube + OwnCast! OAuth Happy Hour with me and @vibronet! 🎉 Come hang out and talk about OAuth for an hour or whatever!
  
  https://youtu.be/irkrhuLiPbc
  
  https://live.oktadev.events/

  Portland, Oregon • 102°F

  5 likes 1 repost

  Thu, Aug 12, 2021 4:01pm -07:00 #oauth
• Custom authentication in Azure Static Web Apps | Microsoft Docs (docs.microsoft.com)

  Fri, Jul 23, 2021 5:23pm -07:00 #azure #oauth #okta
• Using Okta with Static Web Apps - Microsoft Tech Community (techcommunity.microsoft.com)

  Fri, Jul 23, 2021 5:23pm -07:00 #azure #oauth #okta
• Authentication and authorization for Azure Static Web Apps | Microsoft Docs (docs.microsoft.com)

  Fri, Jul 23, 2021 5:22pm -07:00 #azure #authentication #oauth
• 

  okay Internet, I need your suggestions:
  
  I have a static website that I can't modify, and I want to host it on some platform that I can tie to an arbitrary OpenID Connect provider so that only certain people can access it.
  
  What's the easiest way to do this?

  Portland, Oregon • 83°F

  13 likes 7 reposts 47 replies

  Fri, Jul 23, 2021 3:16pm -07:00 #oauth #openid
• Ex-Plaid employees raise $30M for Stytch, an API-first passwordless authentication platform – TechCrunch (techcrunch.com)

  "The thing that even surprised us about the API-first approach is that we now also have a handful of Fortune 500 companies using the product and the primary reasoning from their standpoint was one of the simplicity of getting set up on the platform"

  Fri, Jul 16, 2021 9:19pm -07:00 #auth #api #startups #oauth
• 

  Join me and @vibronet tomorrow @ 4pm for another round of OAuth Happy Hour!
  
  I'm giving away a physical copy of my book to everyone who attends live! No need to pre-register, but make sure you join live for instructions on how to get your copy!
  
  https://oktadev.events/GUNyXcO9Fp6z

  Portland, Oregon • 82°F

  12 likes 3 reposts 1 reply 1 mention

  Wed, Jul 14, 2021 4:35pm -07:00 #oauth #happyhour
• nginxinc/nginx-openid-connect: Reference implementation of OpenID Connect integration for NGINX Plus (github.com)

  Thu, Jul 1, 2021 4:41pm -07:00 #nginx #oauth #okta #oktadev
• The State of OAuth

  Jul

  1

  July 1, 2021 2:00pm - 2:30pm (-0700)

  Online

  permalink #interface #apidays #oauth #oktadev
• Interface by API Days

  Jun

  30

  Jul

  2

  June 30 through July 2, 2021
  3 days

  Online

  permalink #interface #apidays #oauth #oktadev
• Owncast https://botsin.space/@owncast

  OktaDev Live has just started streaming on their #owncast server! Check them out at:
  https://live.oktadev.events.

  OAuth Happy Hour

  #okta #security #api #oktadev #oauth

  

  Portland, Oregon • 66°F

  Thu, Jun 10, 2021 11:03pm +00:00 (liked on Thu, Jun 10, 2021 5:05pm -07:00) #oauth #oktadev #api #security #okta #owncast
• Google aids effort that’s starting “federated identity” W3c interest group | Information Trust Exchange Governing Association (itega.org)

  Fri, Jun 4, 2021 2:26pm -07:00 #webid #google #oauth #browser #identity #w3c #okta #oktadev
• OAuth 2.0 Threat Model Penetration Testing Checklist (www.binarybrotherhood.io)

  Thu, Jun 3, 2021 9:07am -07:00 #oauth #security