Aaron Parecki

#Oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• 

  Inspired by a question from @thisismissem.social, I wrote up a document describing how to apply DPoP (RFC9449) to the OAuth Device Flow (RFC8628).
  
  https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/

  Portland, Oregon, USA • 55°F

  5 likes 2 reposts

  Sat, Sep 20, 2025 7:18am -07:00 #oauth #dpop #ietf
• 

  The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification!

  This specification provides a mechanism for an application to use an identity assertion to obtain an access token for a third-party API by coordinating through a common enterprise identity provider

  This is the basis of Cross App Access (XAA), providing IT admins better visibility and control of app-to-app connections by configuring the connections in their enterprise IdP.

  While it will still be a while before it is an RFC, this is an important step in the standards process, as this is the first time the document is "official"! This signifies that the working group agrees that the problem is worth solving, and agrees on the general direction of the spec.

  Thanks to everyone for your contributions and feedback so far!

  And thanks to my co-authors Karl McGuinness and Brian Campbell!

  Portland, Oregon, USA • 77°F

  1 like

  Mon, Sep 8, 2025 5:00pm -07:00 #oauth #ietf #okta #xaa
• 

  Had a great time talking about OAuth for MCP at Microsoft Channel 9!

  

  Redmond, Washington, USA

  Tue, Jul 29, 2025 11:59am -07:00 #oauth #mcp #365
• IETF 123 Madrid

  Jul

  21

  Jul

  …

  Jul

  25

  July 21-25, 2025
  5 days

  Meliá Castilla

  Madrid, Comunidad de Madrid, ES

  permalink #ietf #oauth #okta
• Seattle (SEA) to Portland (PDX)

  July 11, 2025 from 6:02pm to 6:58pm (-0700)

  Alaska Flight 3461

  

  Portland Intl in Portland

  permalink #okta #oauth #mcp
• OAuth/MCP Working Meeting

  Jul

  11

  July 11, 2025 9:00am - 4:00pm (-0700)

  1918 Eighth Avenue

  Seattle, Washington, US

  permalink #oauth #okta #mcp
• Portland (PDX) to Seattle (SEA)

  July 11, 2025 from 7:10am to 8:06am (-0700)

  Alaska Flight 2081

  

  Seattle Tacoma Intl in Seattle

  permalink #okta #oauth #mcp
• Seattle, WA

  Jul

  11

  July 11, 2025 7:00am - 7:00pm (-0700)

  1918 Eighth Avenue

  Seattle, Washington, US

  permalink #okta #mcp #oauth
• 

  The latest version of the MCP spec is now officially 2025-06-18! Congrats to everyone in the MCP community involved in making this happen!
  
  Key updates to the authorization section:
  
  ⚙️ MCP Servers are no longer responsible for issuing access tokens or handling user authentication
  🛡️ A dedicated Authorization Server separate from the MCP Server handles user authentication and issuing access tokens
  🔍 RFC9728 Protected Resource Metadata enables the MCP client to dynamically discover the MCP Server's authorization server
  👉 RFC8707 Resource Indicators are required as a security measure
  
  Thanks to everyone who contributed to the many discussions to update the authorization part of the spec to be more compatible with existing OAuth systems!
  
  David Soria Parra, Paul Carleton, Den Delimarsky, Nate Barbettini, William Dawson, Jared Hanson, Karl McGuinness, Darin McAdams, Jean-François LOMBARDO and apologies if I forgot to mention you, those threads were extremely long!
  
  #modelcontextprotocol #mcp #oauth #ai

  Portland, Oregon, USA • 70°F

  4 likes 4 reposts 3 replies

  Wed, Jun 18, 2025 7:07pm -07:00 #modelcontextprotocol #mcp #oauth #ai
• 

  Presenting "The State of OAuth" at Identiverse

  

  Portland, Oregon, USA

  Wed, Jun 4, 2025 2:08pm -07:00 #oauth #identiverse #365 #okta
• The State of OAuth 2025

  Jun

  4

  June 4, 2025 2:00pm - 2:25pm (-0700)

  Mandalay Bay Convention Center

  Las Vegas, Nevada, US

  Identiverse 2025

  View Slides

  permalink #oauth
• Identiverse

  Jun

  3

  Jun

  …

  Jun

  6

  June 3-6, 2025
  4 days

  Mandalay Bay Convention Center

  Las Vegas, Nevada, US

  permalink #okta #openid #identity #oauth #identiverse
• Portland (PDX) to Las Vegas (LAS)

  June 2, 2025 from 10:55am to 1:13pm (-0700)

  Alaska Flight 757

  

  Mc Carran Intl in Las Vegas

  permalink #okta #identiverse #oauth
• Las Vegas

  Jun

  2

  Jun

  …

  Jun

  6

  June 2-6, 2025
  5 days

  Mandalay Bay Convention Center

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth
• San Francisco (SFO) to Portland (PDX)

  May 23, 2025 from 8:30pm to 10:16pm (-0700)

  Alaska Flight 2464

  

  Portland Intl in Portland

  permalink #okta #mcp #oauth
• Intro to OAuth for MCP Servers

  May

  23

  May 23, 2025 10:00am - 10:30am (-0700)

  San Francisco, California

  MCP Dev Summit

  Watch Video

  permalink #oauth #mcp
• MCP Developers Summit

  May

  23

  May 23, 2025 8:00am - 6:00pm (-0700)

  Convene 100 Stockton

  San Francisco, California, US

  permalink #oauth #mcp #okta
• San Francisco

  May

  20

  May

  …

  May

  23

  May 20-23, 2025
  4 days

  Okta

  San Francisco, California, US

  permalink #okta #mcp #oauth

• Enterprise-Ready MCP

  

  I've seen a lot of complaints about how MCP isn't ready for the enterprise.

  continue reading...

  2 likes 1 mention

  Mon, May 12, 2025 10:01pm -07:00 #mcp #oauth
• 

  In two weeks I'll be speaking at the MCP Dev Summit in San Francisco! It's going to be a great day packed with back to back sessions.
  
  In less than a year, the MCP project has quickly reshaped how developers are building AI agents. My talk, "Intro to OAuth for MCP Servers", will cover the basics of the new MCP authorization protocol and set the stage for building secure MCP servers.
  
  https://mcpdevsummit.ai/#agenda

  Portland, Oregon, USA • 70°F

  4 likes 1 reply

  Fri, May 9, 2025 12:33pm -07:00 #mcp #oauth #okta #ai