Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  #oauth #oauth2

  Sat, Feb 4, 2017 11:35am -08:00

• Japan

  Mar

  19

  Mar

  …

  Mar

  31

  March 19-31, 2023
  13 days

  Yokohama

  Yokohama, Kanagawa, JP

  #ietf #oauth

  permalink
• OAuth WG

  OAuth for Browser-Based Apps Draft 12

  I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!

  continue reading...

  #oauth #ietf

  Tue, Dec 6, 2022 4:20pm -08:00

• The Laws of OAuth

  The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system.

  continue reading...

  2 replies

  #chatgpt #openai #oauth

  Fri, Dec 2, 2022 3:00pm -08:00
• 

  By popular request, I just published a version of "The Little Book of OAuth 2.0 RFCs" as a free downloadable PDF!
  
  https://oauth.net/books/#little-book-of-rfcs

  

  Portland, Oregon, USA • 39°F

  106 likes 35 reposts 10 replies 4 mentions

  #oauth

  Thu, Dec 1, 2022 3:23pm -08:00
• 

  This is your scheduled periodic reminder, for no particular reason, that now is a good time to review the third party OAuth apps that have access to your Twitter account, and remove any that you don't recognize or haven't used in a while.
  
  ➡ https://twitter.com/settings/connected_apps

  Portland, Oregon, USA • 43°F

  47 likes 20 reposts 5 replies

  #oauth #twitter #security

  Tue, Nov 15, 2022 6:36pm -08:00
• London (LHR) to Portland (PDX)

  November 11, 2022 from 2:25pm (+0000) to 4:35pm (-0800)

  British Airways Flight 267

  

  Portland Intl in Portland

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• IETF 114

  Nov

  5

  Nov

  …

  Nov

  11

  November 5-11, 2022
  7 days

  Hilton London Metropole

  London, England, GBR

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• Portland (PDX) to Seattle (SEA)

  November 3, 2022 from 4:45pm to 5:41pm (-0700)

  Alaska Flight 2102

  Seattle (SEA) to London (LHR)

  November 3, 2022 at 8:28pm (-0700) until Nov 4 at 12:45pm (+0000)

  American Airlines Flight 156

  

  Heathrow in London

  #ietf114 #okta #ietf #oauth

  permalink
• 

  In just 30 minutes, join me and @vibronet for another OAuth Happy Hour! We'll be catching up on all the latest progress in the world of OAuth and OpenID Connect! Bring your questions or just come to hear about what's new! https://youtu.be/Bg7cr9UTP9Q

  Portland, Oregon • 59°F

  2 likes 1 repost

  #oauth

  Tue, Oct 11, 2022 10:58am -07:00
• OktaDev https://twitter.com/oktadev

  Join @aaronpk and @vibronet for an hour of live Q&A about all things #OAuth and OpenID Connect!
  
  Bring your questions, or just come to learn about what's new! 💻
  
  📆Today, Tuesday Oct 11, 2022
  ⏰ Tue 11:30am - 12:30pm PST
  
  https://oktadev.events/2022/10/oauth-happy-hour-live-q-a-a2q4ofNmLvOK

  Portland, Oregon • 58°F

  #OAuth

  Tue, Oct 11, 2022 4:51pm +00:00 (liked on Tue, Oct 11, 2022 10:25am -07:00)
• 

  I'm working on a new video course, (tentatively) called "Advanced OAuth Security"!
  
  If you'd like to be the first to hear when it goes live, you can sign up for my email list here!
  
  https://oauth2simplified.com

  Portland, Oregon, USA • 68°F

  15 likes 5 replies

  #oauth

  Fri, Sep 16, 2022 2:13pm -07:00
• OAuth WG

  New Draft of OAuth for Browser-Based Apps (Draft -11)

  With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.

  continue reading...

  #oauth #oauth2

  Thu, Sep 15, 2022 6:04pm -07:00
• 

  Just published a new version of OAuth 2.0 for Browser-Based Apps!
  
  https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html
  
  If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!

  Portland, Oregon, USA • 67°F

  19 likes 3 reposts 1 reply

  #oauth

  Tue, Sep 13, 2022 11:26am -07:00
• IRC × OAuth 2.0 · emersion (emersion.fr)

  #oauth

  Tue, Sep 13, 2022 10:19am -07:00
• Aaron Parecki https://aaronparecki.com/   •   Aug 23

  The way I like to think about it is:
  
  If the client knows when the AT will (likely) expire, it can proactively refresh the token.
  
  There is nothing the client can do differently if it knows when the RT will (likely) expire.
  

  Yes, the client needs to be able to handle unexpected expiration of both the AT and RT, which tbh is more an argument that the AS should never return expires_in than an argument that it should return it for both tokens.

  Seattle, Washington, USA • 79°F

  1 like 1 reply

  #oauth

  Tue, Aug 23, 2022 4:49pm -07:00
• Dan Moore https://twitter.com/mooreds

  A little #oauth #ietf existential humor to lighten your day, courtesy of @__b_c

  

  Portland, Oregon • 72°F

  #oauth #ietf

  Tue, Aug 23, 2022 4:44pm +00:00 (liked on Tue, Aug 23, 2022 10:42am -07:00)
• Let websites framebust out of native apps | Holovaty.com (www.holovaty.com)

  #apps #security #oauth

  Sun, Aug 14, 2022 6:20am -07:00
• 

  Throwback to the OAuth WG dinner at #IETF114 in Philadelphia!
  
  Tag yourself if I missed you!
  
  @vibronet @timcappalli @__b_c @PieterKasselman @hpsin_ @selfissued @rifaat_sy and @kristinayasuda even tho she arrived just after this photo

  

  Portland, Oregon, USA • 73°F

  12 likes

  #ietf #oauth #ietf114

  Fri, Aug 12, 2022 12:12pm -07:00
• 

  In case you needed a reminder about why we care so much about OAuth/OIDC flows being used in the system browser and not embedded browsers, Instagram injects their own tracking code in every web page you visit inside Instagram https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

  Austin, Texas, USA • 99°F

  53 likes 20 reposts 9 replies

  #instagram #oauth

  Wed, Aug 10, 2022 1:46pm -05:00
• Dr. Fett https://twitter.com/dfett42

  I had a very productive week at #ietf114! Got a ton of things done esp. in #OAuth WG - SD-JWT went to call for adoption, security BCP advanced, and @__b_c pushed DPoP forward. Looking forward to London in November!

  Portland, Oregon • 67°F

  #ietf114 #OAuth

  Mon, Aug 1, 2022 12:47pm +00:00 (liked on Mon, Aug 1, 2022 7:16am -07:00)