Aaron Parecki

#oauth

Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

Portland, Oregon

#oauth #oauth2

Sat, Feb 4, 2017 11:35am -08:00

Duesseldorf (DUS) to London (LHR)

November 12, 2021 from 10:40am (+0100) to 11:20am (+0000)

British Airways Flight 0937

London (LHR) to Seattle (SEA)

November 12, 2021 from 2:30pm (+0000) to 4:30pm (-0800)

British Airways Flight 0049

Seattle (SEA) to Portland (PDX)

November 12, 2021 from 6:05pm to 6:58pm (-0800)

Alaska Flight 117

Portland Intl in Portland

#oauth #indieweb

permalink
Why Do We Really Need OAuth Anyway?

Nov

8

Nov

9

November 8-9, 2021

Capitol Theater

Düsseldorf, Nordrhein-Westfalen, DE

Beyond Tellerrand

#oauth #btconf

permalink
Beyond Tellerrand

Nov

8

Nov

9

November 8-9, 2021

Capitol Theater

Düsseldorf, Nordrhein-Westfalen, DE

#btconf #oauth

permalink
Portland (PDX) to Seattle (SEA)

November 5, 2021 from 5:10pm to 6:08pm (-0700)

Alaska Flight 2227

Seattle (SEA) to London (LHR)

November 5, 2021 at 7:25pm (-0700) until Nov 6 at 11:50am (+0000)

British Airways Flight 0048

London (LHR) to Duesseldorf (DUS)

November 6, 2021 from 1:05pm (+0000) to 3:25pm (+0100)

British Airways Flight 0940

Dusseldorf in Duesseldorf

#oauth #indieweb

permalink
Düsseldorf

Nov

5

Nov

…

Nov

12

November 5-12, 2021
8 days

Düsseldorf

Düsseldorf, North Rhine-Westphalia, DE

#indieweb #oauth

permalink
Hands-on Introduction to OAuth 2.0

Nov

1

November 1, 2021 10:00am - 2:00pm (-0700)
Online

#oauth #oreilly

permalink
beyond tellerrand https://twitter.com/btconf

Look who is back in the family: @aaronpk ! With a great talk about #OAuth. Say hello to Aaron and see the details about him and his talk here: https://beyondtellerrand.com/events/dusseldorf-2021/speakers/aaron-parecki

Portland, Oregon • 44°F

#OAuth

Thu, Oct 7, 2021 4:45pm +00:00 (liked on Thu, Oct 7, 2021 9:53am -07:00)
At the end of the day, OAuth is just a way to communicate between services and users, and as such it's easy to grasp and non-controversial.

OAuth solved a universal problem – signing into a web site – and, in doing so, created a new problem: how does a site know it's really you?

Portland, Oregon, USA • 55°F

16 likes 4 reposts 1 reply

#oauth #ai

Wed, Oct 6, 2021 6:01pm -07:00
Join me and @vibronet tomorrow for another OAuth Happy Hour! This week seems like a good week to talk about what happens when "Sign In with Facebook" is down.

📅 Oct 7 4pm Pacific

https://www.youtube.com/watch?v=B3a3-JV-dl0

Portland, Oregon, USA • 51°F

9 likes 1 mention

#oauth

Wed, Oct 6, 2021 9:28am -07:00
OAuth 2.0 https://twitter.com/oauth_2

New version available! "The OAuth 2.1 Authorization Framework" https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-04.html by @DickHardt @aaronpk @tlodderstedt #oauth #oauth2 #ietf

Portland, Oregon • 55°F

#oauth #oauth2 #ietf

Wed, Oct 6, 2021 12:51am +00:00 (liked on Tue, Oct 5, 2021 5:52pm -07:00)
I don’t like Identity Tokens | leastprivilege.com (leastprivilege.com)

#oauth #oidc #openid #token

Fri, Oct 1, 2021 4:48pm -07:00
Join me in 20 minutes over on YouTube for a conversation with @bartosz_io about the future of #OAuth! https://www.youtube.com/watch?v=WPeulphAj6I

Portland, Oregon • 53°F

8 likes 4 reposts

#oauth

Tue, Sep 28, 2021 9:41am -07:00
Bartosz.io 👉 wsa.dev https://twitter.com/bartosz_io

Today at 5 pm GMT we are streaming with @aaronpk to talk about the future of #OAuth 2.1+ 🚀

#websec #websecurity #webdev #webdevelopment
https://www.youtube.com/watch?v=WPeulphAj6I

Portland, Oregon • 52°F

#OAuth #websec #websecurity #webdev #webdevelopment

Tue, Sep 28, 2021 7:35am +00:00 (liked on Tue, Sep 28, 2021 6:07am -07:00)
ForgeRock Access Management 7.0.2 > OAuth 2.0 Guide > Authenticating Clients Using Mutual TLS (backstage.forgerock.com)

#oauth #mtls

Wed, Sep 22, 2021 4:19pm -07:00
Nat Sakimura https://twitter.com/_nat_en

I actually do not agree with the characterization that PAR is an alternative to JAR. PAR complements JAR by profiling it down to a new endpoint called PAR Endpoint at AuthZ server. JAR is normatively required by PAR. #OAuth

Portland, Oregon • 66°F

#OAuth

Wed, Sep 22, 2021 3:16am +00:00 (liked on Tue, Sep 21, 2021 9:25pm -07:00)
Twitter out here launching support for OAuth 2.0 just in time for OAuth 2.1 to come out 🤦‍♂️🤷‍♂️ https://twitter.com/twitterdev/status/1436020870875656196

Portland, Oregon, USA • 73°F

45 likes 6 reposts 10 replies

#oauth

Thu, Sep 9, 2021 8:17pm -07:00
Hands-on introduction to OAuth 2.0

Sep

2

September 2, 2021 10:00am - 2:00pm (-0700)
Online

#oauth #oreilly

permalink
For the last #DeveloperDay Labs session, I'm running a live workshop all about protecting your API with OAuth! Everyone who completes the exercise during the session will get a copy of my OAuth book! 🎉 Join me here in 5 minutes! https://developer-day.live/apis/

Portland, Oregon • 78°F

6 likes 3 reposts 2 replies

#oauth #developerday

Wed, Aug 25, 2021 3:53pm -07:00
API Tokens: A Tedious Survey · Fly (fly.io)

#oauth #security #api

Tue, Aug 24, 2021 4:36pm -07:00
Matt Raible https://twitter.com/mraible

This was an excellent session from @aaronpk and @vibronet on the past and future of OAuth!

Future stuff they mentioned:

- RAR: Rich Authorization Requests (so you can add more to consent screens)
- Sender-Constrained Access Tokens (to verify the sender)

#OAuth #DeveloperDay

Bellevue, Washington • 77°F

#OAuth #DeveloperDay

Tue, Aug 24, 2021 7:15pm +00:00 (liked on Tue, Aug 24, 2021 3:03pm -07:00)