Aaron Parecki

#Oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• 

  The new MCP spec just dropped! 🎉
  
  There's too many new things to get into everything, but there are two big changes I am most excited about 👀
  
  📝 Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control
  🔐 Enterprise-Managed Authorization extension (aka Cross App Access) - eliminate the OAuth redirect and get tokens for an MCP server by requesting them from the enterprise IdP
  
  It's been great working on this with folks like Den Delimarsky, Paul Carleton, David Soria Parra, Nick Cooper, Tyler Leonhardt, and more!
  
  Read more about what these mean for you in my full post
  👉 https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update

  Portland, Oregon • 44°F

  1 like

  Tue, Nov 25, 2025 3:11pm -08:00 #oauth #cimd #xaa #mcp
• Cross App Access extends MCP to bring enterprise-grade security to AI agent interactions (www.okta.com)

  Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth #xaa
• Arcade.dev and Anthropic advance MCP with new secure authorization flow - SiliconANGLE (siliconangle.com)

  Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth

• Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec

  

  The new MCP authorization spec is here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification.

  continue reading...

  1 like 1 mention

  Tue, Nov 25, 2025 1:25pm -08:00 #cimd #oauth #mcp #ai
• Montreal (YUL) to Boston (BOS)

  November 8, 2025 from 1:25pm to 2:52pm (-0500)

  Air Canada Flight 8608

  Boston (BOS) to Portland (PDX)

  November 8, 2025 from 4:46pm (-0500) to 8:07pm (-0800)

  Alaska Flight 1319

  

  Portland Intl in Portland

  permalink #ietf #okta #oauth
• 

  hacking oauth

  

  Montréal, Québec

  Thu, Nov 6, 2025 7:50pm -05:00 #oauth #ietf #365
• feature: Add support for Client ID Metadata Documents (CIMD) by chipgpt · Pull Request #13 · chipgpt/full-stack-saas-mcp (github.com)

  Mon, Nov 3, 2025 8:58pm -05:00 #oauth #cimd #mcp
• IETF 124 Montreal

  Nov

  3

  Nov

  …

  Nov

  7

  November 3-7, 2025
  5 days

  Fairmont The Queen Elizabeth

  Montréal, Québec, CA

  permalink #ietf #oauth #okta
• Portland (PDX) to Boston (BOS)

  November 1, 2025 from 7:00am (-0700) to 3:24pm (-0400)

  Alaska Flight 358

  Boston (BOS) to Montreal (YUL)

  November 1, 2025 from 6:40pm to 8:05pm (-0400)

  Air Canada Flight 8611

  

  Pierre Elliott Trudeau Intl in Montreal

  permalink #ietf #oauth
• Montreal

  Nov

  1

  Nov

  …

  Nov

  8

  November 1-8, 2025
  8 days

  Montreal

  Montreal, Quebec, CA

  permalink #ietf #oauth
• Internet Identity Workshop

  Oct

  28

  Oct

  29

  Oct

  30

  October 28-30, 2025
  3 days

  Computer History Museum

  Mountain View, California, US

  permalink #iiw #oauth #openid #okta
• New CoPhish attack steals OAuth tokens via Copilot Studio agents (www-bleepingcomputer-com.cdn.ampproject.org)

  Sat, Oct 25, 2025 7:32pm -07:00 #oauth #xaa
• San Jose (SJC) to Portland (PDX)

  October 24, 2025 from 3:00pm to 4:46pm (-0700)

  Alaska Flight 2240

  

  Portland Intl in Portland

  permalink #okta #iiw #openid #oauth
• 

  Photos from my session about Client ID Metadata Document at IIW

  

  Mountain View, California, USA

  Wed, Oct 22, 2025 12:09pm -07:00 #iiw #oauth #365 #cimd
• Portland (PDX) to San Jose (SJC)

  October 20, 2025 from 7:01am to 8:56am (-0700)

  Alaska Flight 3256

  

  Norman Y Mineta San Jose Intl in San Jose

  permalink #okta #iiw #openid #oauth
• Mountain View

  Oct

  20

  Oct

  …

  Oct

  24

  October 20-24, 2025
  5 days

  Computer History Museum

  Mountain View, California, US

  permalink #okta #oauth #iiw #openid

• Adding Support for BlueSky to IndieLogin.com

  

  Today I just launched support for BlueSky as a new authentication option in IndieLogin.com!

  continue reading...

  76 likes 16 reposts 1 bookmark 9 replies

  Sat, Oct 11, 2025 9:49am -07:00 #oauth #bluesky #atproto #indieweb

• Client ID Metadata Document Adopted by the OAuth Working Group

  The IETF OAuth Working Group has adopted the Client ID Metadata Document specification!

  continue reading...

  2 mentions

  Wed, Oct 8, 2025 12:14pm -07:00 #oauth #ietf #cimd
• 

  So proud of all the work that went into this!

  

  Las Vegas, Nevada, USA

  Thu, Sep 25, 2025 11:58am -07:00 #xaa #okta #oktane #oauth #365
• Oktane

  Sep

  24

  Sep

  25

  Sep

  26

  September 24-26, 2025
  3 days

  CAESARS FORUM

  Las Vegas, Nevada, US

  permalink #okta #oktane #oauth #openid