64°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#jwt

  • How (not) to sign a JSON object | Latacora (www.latacora.com)
    Thu, Jan 25, 2024 2:32pm -08:00 #json #crypto #jwt #canonicalization
  • François' Blog - Generate a JSON Web Key Set from PHP for RSA Keys (www.tuxed.net)
    Wed, Feb 23, 2022 3:54pm -08:00 #php #jwk #jwt #openid #oidc
  • Tagged “vaccine passports” (educatedguesswork.org)
    Wed, Nov 24, 2021 11:14am -08:00 #vaccine #covid #standards #jwt #passport
  • Mike Jones https://twitter.com/selfissued
    Congratulations to @vibronet for RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens https://www.rfc-editor.org/rfc/rfc9068.html! He noticed a bunch of parties doing nearly the same thing, thought "time for a standard", and made it happen! #IETF #RFC #OAuth #JWT
    Portland, Oregon • 55°F
    Fri, Oct 22, 2021 1:00am +00:00 (liked on Thu, Oct 21, 2021 9:24pm -07:00) #IETF #RFC #OAuth #JWT
  • How I Found An alg=none JWT Vulnerability in the NHS Contact Tracing App | zofrex.com (www.zofrex.com)
    Wed, Oct 21, 2020 7:48am -07:00 #jwt #security
  • JWTs helping combat fraudulent and unwanted telephone calls (self-issued.info)
    Wed, Feb 12, 2020 3:40pm -08:00 #jwt #security #phone
  • Aaron Parecki
    I'm not gonna say JSON Web Tokens are *bad* (if used properly), but I'm also not gonna say they're *great* either.

    Here's an interesting alternative though: PASETO

    https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto
    Brighton, England • 58°F
    14 likes 1 repost 1 reply
    Thu, Oct 17, 2019 6:25pm +01:00 #jwt #json #paseto #security #oktadev
  • PASETO (paseto.io)
    Fri, Jul 13, 2018 12:38pm -07:00 #json #jwt #jws
  • Aaron Parecki
    When I see an access token that begins with "eyJ", I base64-decode the middle part to see what data they store in it. #oauth #jwt #security
    Portland, Oregon, USA
    14 likes 3 reposts 1 reply
    Tue, Jan 31, 2017 8:09am -08:00 #oauth #jwt #security
  • Stop using JWT for sessions - joepie91's Ramblings (cryto.net)
    Mon, Jun 13, 2016 1:22pm -07:00 #jwt #security
  • Critical vulnerabilities in JSON Web Token libraries (auth0.com)
    Wed, Apr 1, 2015 11:13am -05:00 #jwt #security
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv