60°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#OAuth

  • Aaron Parecki

    Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

    OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

    In 2017, I published a longer version of this guide as a book, available on oauth.comΒ as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

    Portland, Oregon
    Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2
  • Aaron Parecki
    Enterprise AI just got a lot more secure. Anthropic launched a beta of "Enterprise Managed Auth" in Claude, so you can now connect Claude seamlessly to MCP servers through your enterprise IdP like Okta!

    Now employees no longer have to connect MCP servers manually and wait for a series of OAuth and login prompts. Once you log in to Claude from Okta, all the preconfigured MCP servers are already connected! It's not every day you get to improve both usability and security!

    This is an application of the Cross App Access pattern, defined in the Identity Assertion JWT Authorization Grant being standardized in the OAuth working group at the IETF.

    Seeing adoption from a massive player like Claude is a huge validation of the effort! It's been fantastic to work with the folks at Anthropic over the past year on this Paul Carleton and Den Delimarsky. And of course this wouldn't be possible without the collaboration with my co-authors on the spec Karl McGuinness and Brian Campbell!

    https://claude.com/blog/enterprise-managed-auth

    https://www.youtube.com/watch?v=5kTDt9ewTwE
    San Francisco, California, USA • 66°F
    Thu, Jun 18, 2026 12:35pm -07:00 #oauth #mcp #xaa #enterprisesecurity
  • Identiverse
    Jun
    15
    Jun
    …
    Jun
    18
    June 15-18, 2026
    4 days
    Mandalay Bay
    Las Vegas, Nevada, US
    permalink #okta #identiverse #oauth #mcp
  • Portland (PDX) to Las Vegas (LAS)
    June 14, 2026 from 5:50pm to 8:15pm (-0700)
    Alaska Flight 531
    Mc Carran Intl in Las Vegas
    permalink #okta #identiverse #mcp #oauth
  • Cross-Domain API Access: Beyond the "Obvious" Shortcuts

    Cross-domain access is everywhere in today's software landscape. Whether you look at enterprise SaaS applications, AI agents interacting with user data across multiple platforms, or "integrated experiences" pulling information from a calendar, a chat tool, and a wiki—everything eventually needs to talk across boundaries.
    continue reading...
    1 like
    Wed, May 27, 2026 4:35pm -07:00 #oauth #okta #xaa #id-jag #ai
  • Aaron Parecki
    The "Agent Verified" signup flow from WorkOS is exactly what I've been telling the agent platforms they should be doing with Cross App Access! Very cool to see this launch! πŸ‘

    https://workos.com/auth-md/docs/flows/verified

    "The agent's provider β€” OpenAI, Anthropic, Cursor, or any trusted agent platform β€” attests to the user's identity at registration time. Your service verifies the attestation and issues credentials synchronously, no human interaction required."

    In Cross App Access terms:

    β€’ The "agent platform/provider" is the ID-JAG issuer, because users are already signed in to those platforms when they use agents
    β€’ The "service" is the ID-JAG consumer (the Resource AS), and issues an access token if the ID-JAG is trusted and valid

    You can test this out in the Cross App Access sandbox today! https://xaa.dev/
    Portland, Oregon, USA • 79°F
    Thu, May 21, 2026 7:12pm -07:00 #oauth #xaa #ai #okta
  • San Jose (SJC) to Portland (PDX)
    May 1, 2026 from 9:38am to 11:28am (-0700)
    Alaska Flight 2274
    Portland Intl in Portland
    permalink #iiw #okta #oauth #openid
  • Internet Identity Workshop
    Apr
    28
    Apr
    29
    Apr
    30
    April 28-30, 2026
    3 days
    Computer History Museum
    Mountain View, California, US
    permalink #iiw #oauth #openid #okta
  • Portland (PDX) to San Jose (SJC)
    April 27, 2026 from 9:07pm to 10:59pm (-0700)
    Alaska Flight 3344
    Norman Y Mineta San Jose Intl in San Jose
    permalink #iiw #oauth #openid #okta
  • Mountain View
    Apr
    27
    Apr
    …
    Apr
    30
    April 27-30, 2026
    4 days
    Mountain View
    Mountain View, California, US
    permalink #iiw #oauth #openid #okta
  • Cross App Access (XAA): The enterprise way to govern AI app integrations — WorkOS (workos.com)
    Wed, Apr 1, 2026 11:14am -04:00 #mcp #xaa #oauth
  • Hong Kong (HKG) to Vancouver (YVR)
    March 25, 2026 from 3:30pm (+0800) to 12:00pm (-0700)
    Cathay Pacific Flight 838
    Vancouver (YVR) to Portland (PDX)
    March 25, 2026 from 4:50pm to 6:30pm (-0700)
    Air Canada Flight 8654
    Portland Intl in Portland
    permalink #ietf #oauth
  • Nanjing (NKG) to Hong Kong (HKG)
    March 25, 2026 from 8:20am to 11:00am (+0800)
    Cathay Pacific Flight 399
    Hong Kong (HKG) to Los Angeles (LAX)
    March 25, 2026 from 12:35pm (+0800) to 10:15am (-0700)
    Cathay Pacific Flight 884
    Los Angeles (LAX) to Portland (PDX)
    March 25, 2026 from 6:06pm to 8:39pm (-0700)
    Alaska Flight 1397
    Portland Intl in Portland
    permalink #okta #ietf #oauth
  • IETF 125 Shenzhen
    Mar
    14
    Mar
    …
    Mar
    20
    March 14-20, 2026
    7 days
    Futian Shangri-La, Shenzhen
    Shen Zhen Shi, Guang Dong Sheng, CN
    permalink #ietf #oauth
  • Shenzhen
    Mar
    9
    Mar
    …
    Mar
    22
    March 9-22, 2026
    14 days
    Shenzhen
    Shenzhen, Guangdong Province, CN
    permalink #ietf #oauth
  • Portland (PDX) to San Francisco (SFO)
    March 9, 2026 from 7:05am to 9:08am (-0700)
    Alaska Flight 526
    San Francisco (SFO) to Hong Kong (HKG)
    March 9, 2026 at 12:25pm (-0700) until Mar 10 at 7:00pm (+0800)
    Cathay Pacific Flight 879
    Hong Kong Intl in Hong Kong
    permalink #ietf #oauth
  • Aaron Parecki
    If you’re struggling to get AI agents past enterprise security reviews, join me tomorrow for a session on how Cross App Access (XAA) brings managed authorization to MCP!

    I'll be joined by Sohail Pathan to show off our Cross App Access playground and give a live demo of how the protocol works!

    Tomorrow - February 18, 2026 (8 AM PT)

    πŸ‘‰ https://www.brighttalk.com/webcast/14899/661521?utm_source=apk_social&utm_medium=brighttalk&utm_campaign=661521
    Portland, Oregon • 43°F
    1 repost
    Tue, Feb 17, 2026 3:17pm -08:00 #okta #oktadev #xaa #mcp #oauth #enterprisesecurity
  • Making OAuth Scale Securely for MCPs - Application Security Weekly

    The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth’s new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.
    continue reading...
    Tue, Dec 9, 2025 11:30am -08:00 #mcp #oauth
  • Aaron Parecki
    The new MCP spec just dropped! πŸŽ‰

    There's too many new things to get into everything, but there are two big changes I am most excited about πŸ‘€

    πŸ“ Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control
    πŸ” Enterprise-Managed Authorization extension (aka Cross App Access) - eliminate the OAuth redirect and get tokens for an MCP server by requesting them from the enterprise IdP

    It's been great working on this with folks like Den Delimarsky, Paul Carleton, David Soria Parra, Nick Cooper, Tyler Leonhardt, and more!

    Read more about what these mean for you in my full post
    πŸ‘‰ https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update
    Portland, Oregon • 44°F
    1 like
    Tue, Nov 25, 2025 3:11pm -08:00 #oauth #cimd #xaa #mcp
  • Cross App Access extends MCP to bring enterprise-grade security to AI agent interactions (www.okta.com)
    Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth #xaa
  • Arcade.dev and Anthropic advance MCP with new secure authorization flow - SiliconANGLE (siliconangle.com)
    Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • πŸŽ₯ YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • βš™οΈ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2026 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv