Aaron Parecki

#OAuth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• Las Vegas

  May

  28

  May

  …

  May

  31

  May 28-31, 2024
  4 days

  ARIA Resort & Casino

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth
• Portland (PDX) to Las Vegas (LAS)

  May 27, 2024 from 11:00am to 1:17pm (-0700)

  Alaska Flight 610

  

  Mc Carran Intl in Las Vegas

  permalink #identiverse #okta #oauth

• FedCM for IndieAuth

  

  IndieWebCamp Düsseldorf took place this weekend, and I was inspired to work on a quick hack for demo day to show off a new feature I've been working on for IndieAuth.

  continue reading...

  13 likes 2 reposts 2 replies 1 mention

  Sun, May 12, 2024 7:39am -07:00 #fedcm #indieauth #oauth
• 

  OAuth for Browser-Based Apps has entered Working Group Last Call! Please share your comments in the next 2 weeks, even if it's just a general voice of support!
  
  https://aaronparecki.com/2024/05/02/5/oauth-browser-based-apps-last-call

  Portland, Oregon, USA • 60°F

  8 likes 8 reposts 1 reply

  Thu, May 2, 2024 3:22pm -07:00 #oauth #ietf

• OAuth for Browser-Based Apps Working Group Last Call!

  

  The draft specification OAuth for Browser-Based Applications has just entered Working Group Last Call!

  continue reading...

  3 likes 1 mention

  Thu, May 2, 2024 3:06pm -07:00 #oauth #ietf
• Rome (FCO) to Dallas-Fort Worth (DFW)

  April 13, 2024 from 10:10am (+0200) to 2:35pm (-0500)

  American Airlines Flight 239

  Dallas-Fort Worth (DFW) to Las Vegas (LAS)

  April 13, 2024 from 6:53pm (-0500) to 7:50pm (-0700)

  American Airlines Flight 1771

  

  Mc Carran Intl in Las Vegas

  permalink #okta #oauth
• OAuth Security Workshop

  Apr

  10

  Apr

  11

  Apr

  12

  April 10-12, 2024
  3 days

  Auditorium Antonianum

  Roma, Lazio, IT

  permalink #oauth #osw
• Portland (PDX) to Dallas-Fort Worth (DFW)

  April 8, 2024 from 7:00am (-0700) to 12:44pm (-0500)

  Alaska Flight 392

  

  Dallas Fort Worth Intl in Dallas-Fort Worth

  permalink #okta #oauth
• Portland (PDX) to Dallas-Fort Worth (DFW)

  April 8, 2024 from 6:20am (-0700) to 12:04pm (-0500)

  American Airlines Flight 2216

  Dallas-Fort Worth (DFW) to Rome (FCO)

  April 8, 2024 at 2:50pm (-0500) until Apr 9 at 8:05am (+0200)

  American Airlines Flight 240

  

  Fiumicino in Rome

  permalink #oauth #okta
• Italy

  Apr

  8

  Apr

  …

  Apr

  13

  April 8-13, 2024
  6 days

  Metropolitan City of Rome Capital

  Roma, Lazio, ITA

  permalink #oauth #osw

• OAuth: "grant" vs "flow" vs "grant type"

  Is it called an OAuth "grant" or a "flow"? What about "grant type"?

  continue reading...

  1 like 5 reposts

  Fri, Mar 29, 2024 8:15am -07:00 #oauth #terminology
• IETF 119 Brisbane

  Mar

  16

  Mar

  …

  Mar

  22

  March 16-22, 2024
  7 days

  Brisbane

  Brisbane, Queensland, AU

  permalink #ietf #oauth #scim
• rdar://51091611: OAuth 2.0 redirection with Universal Links should NOT require user interaction (openradar.appspot.com)

  Fri, Dec 15, 2023 4:35pm -08:00 #ios #apple #oauth
• Prague (PRG) to London (LHR)

  November 11, 2023 from 7:05am (+0100) to 8:20am (+0000)

  British Airways Flight 853

  London (LHR) to Los Angeles (LAX)

  November 11, 2023 from 10:10am (+0000) to 1:25pm (-0800)

  British Airways Flight 283

  Los Angeles (LAX) to Portland (PDX)

  November 11, 2023 from 4:20pm to 6:48pm (-0800)

  Alaska Flight 3374

  

  Portland Intl in Portland

  permalink #okta #oauth #ietf

• My IETF 118 Agenda

  The sessions I will be attending and presenting at during IETF 118 in Prague

  continue reading...

  Mon, Nov 6, 2023 1:07pm +01:00 #ietf #oauth
• Portland (PDX) to Phoenix (PHX)

  November 4, 2023 from 2:02pm to 4:43pm (-0700)

  American Airlines Flight 3231

  Phoenix (PHX) to London (LHR)

  November 4, 2023 at 8:30pm (-0700) until Nov 5 at 1:20pm (+0000)

  British Airways Flight 288

  London (LHR) to Prague (PRG)

  November 5, 2023 from 3:00pm (+0000) to 6:00pm (+0100)

  British Airways Flight 856

  

  Ruzyne in Prague

  permalink #okta #ietf #oauth
• IETF 118

  Nov

  4

  Nov

  …

  Nov

  10

  November 4-10, 2023
  7 days

  Hilton Prague Old Town

  Praha, Hlavní město Praha, CZE

  permalink #oauth #ietf #ietf118 #okta
• Prague

  Nov

  2

  Nov

  …

  Nov

  11

  November 2-11, 2023
  10 days

  Hilton Prague Old Town

  Praha, Hlavní město Praha, CZE

  permalink #ietf #ietf118 #oauth #okta
• Aaron Parecki https://aaronparecki.com/   •   Oct 26

  This is a good writeup on some sneaky vulnerabilities in OAuth implementations, but ultimately is just a simple access token injection attack: https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
  

  tl;dr: Don't accept access tokens in your redirect URI (don't use the implicit flow)
  
  PKCE solves this attack and is enforced by the server rather than relying on client developers to "verify the access token" as described in the post

  Portland, Oregon, USA • 42°F

  4 likes 2 reposts 1 reply

  Thu, Oct 26, 2023 8:51am -07:00 #oauth
• 

  This is a good writeup on some sneaky vulnerabilities in OAuth implementations, but ultimately is just a simple access token injection attack: https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

  Portland, Oregon, USA • 42°F

  6 likes 8 reposts 2 replies 1 mention

  Thu, Oct 26, 2023 8:50am -07:00 #oauth