Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  #oauth #oauth2

  Sat, Feb 4, 2017 11:35am -08:00

• Los Angeles (LAX) to San Francisco (SFO)

  March 19, 2023 from 8:35am to 10:05am (-0700)

  Alaska Flight 3480

  San Francisco (SFO) to Tokyo (NRT)

  March 19, 2023 at 1:25pm (-0700) until Mar 20 at 4:45pm (+0900)

  Japan Airlines Flight 57

  

  Narita Intl in Tokyo

  #ietf #oauth

  permalink
• Japan

  Mar

  19

  Mar

  …

  Mar

  31

  March 19-31, 2023
  13 days

  Yokohama

  Yokohama, Kanagawa, JP

  #ietf #oauth

  permalink
• Portland (PDX) to Los Angeles (LAX)

  March 18, 2023 from 6:15pm to 8:45pm (-0800)

  Alaska Flight 3470

  

  Los Angeles Intl in Los Angeles

  #ietf #oauth

  permalink
• 

  It's been a while since I've set up an Amazon Echo device. Do I need to come over there and teach some Amazon folks about the OAuth Device Flow? There is a better way than making me type my password on this screen!

  

  Portland, Oregon, USA • 45°F

  41 likes 8 reposts 4 replies 1 mention

  #oauth

  Fri, Jan 27, 2023 9:20pm -08:00
• 

  It's here! My new video course "Advanced OAuth Security" is now available on Udemy!
  
  In this course we break down the jargon in the high-security OAuth specs like PAR, JAR, JARM, DPoP, Mutual TLS, HTTP Signatures and more!
  
  https://oauth2simplified.com/advanced-oauth

  

  Portland, Oregon, USA • 43°F

  73 likes 16 reposts 7 replies 2 mentions

  #oauth

  Thu, Dec 29, 2022 11:28am -08:00
• 

  I've got an ad spot opening up in the new year on https://oauth.net! This is *the* hub for everything about OAuth online. Text-only ads, and usually has a high clickthrough rate!
  
  Get in touch if you'd like to get your business in front of 150,000 people a month!

  Portland, Oregon, USA • 34°F

  6 likes 3 reposts 1 reply

  #oauth

  Wed, Dec 21, 2022 9:33am -08:00
• OAuth WG

  OAuth for Browser-Based Apps Draft 12

  I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!

  continue reading...

  #oauth #ietf

  Tue, Dec 6, 2022 4:20pm -08:00

• The Laws of OAuth

  The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system.

  continue reading...

  2 replies

  #chatgpt #openai #oauth

  Fri, Dec 2, 2022 3:00pm -08:00
• 

  By popular request, I just published a version of "The Little Book of OAuth 2.0 RFCs" as a free downloadable PDF!
  
  https://oauth.net/books/#little-book-of-rfcs

  

  Portland, Oregon, USA • 39°F

  122 likes 43 reposts 10 replies 4 mentions

  #oauth

  Thu, Dec 1, 2022 3:23pm -08:00
• 

  This is your scheduled periodic reminder, for no particular reason, that now is a good time to review the third party OAuth apps that have access to your Twitter account, and remove any that you don't recognize or haven't used in a while.
  
  ➡ https://twitter.com/settings/connected_apps

  Portland, Oregon, USA • 43°F

  47 likes 20 reposts 5 replies

  #oauth #twitter #security

  Tue, Nov 15, 2022 6:36pm -08:00
• London (LHR) to Portland (PDX)

  November 11, 2022 from 2:25pm (+0000) to 4:35pm (-0800)

  British Airways Flight 267

  

  Portland Intl in Portland

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• IETF 114

  Nov

  5

  Nov

  …

  Nov

  11

  November 5-11, 2022
  7 days

  Hilton London Metropole

  London, England, GBR

  #ietf #ietf114 #okta #oktadev #oauth

  permalink
• Portland (PDX) to Seattle (SEA)

  November 3, 2022 from 4:45pm to 5:41pm (-0700)

  Alaska Flight 2102

  Seattle (SEA) to London (LHR)

  November 3, 2022 at 8:28pm (-0700) until Nov 4 at 12:45pm (+0000)

  American Airlines Flight 156

  

  Heathrow in London

  #ietf114 #okta #ietf #oauth

  permalink
• 

  In just 30 minutes, join me and @vibronet for another OAuth Happy Hour! We'll be catching up on all the latest progress in the world of OAuth and OpenID Connect! Bring your questions or just come to hear about what's new! https://youtu.be/Bg7cr9UTP9Q

  Portland, Oregon • 59°F

  2 likes 1 repost

  #oauth

  Tue, Oct 11, 2022 10:58am -07:00
• OktaDev https://twitter.com/oktadev

  Join @aaronpk and @vibronet for an hour of live Q&A about all things #OAuth and OpenID Connect!
  
  Bring your questions, or just come to learn about what's new! 💻
  
  📆Today, Tuesday Oct 11, 2022
  ⏰ Tue 11:30am - 12:30pm PST
  
  https://oktadev.events/2022/10/oauth-happy-hour-live-q-a-a2q4ofNmLvOK

  Portland, Oregon • 58°F

  #OAuth

  Tue, Oct 11, 2022 4:51pm +00:00 (liked on Tue, Oct 11, 2022 10:25am -07:00)
• 

  I'm working on a new video course, (tentatively) called "Advanced OAuth Security"!
  
  If you'd like to be the first to hear when it goes live, you can sign up for my email list here!
  
  https://oauth2simplified.com

  Portland, Oregon, USA • 68°F

  15 likes 5 replies

  #oauth

  Fri, Sep 16, 2022 2:13pm -07:00
• OAuth WG

  New Draft of OAuth for Browser-Based Apps (Draft -11)

  With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.

  continue reading...

  #oauth #oauth2

  Thu, Sep 15, 2022 6:04pm -07:00
• 

  Just published a new version of OAuth 2.0 for Browser-Based Apps!
  
  https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html
  
  If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!

  Portland, Oregon, USA • 67°F

  19 likes 3 reposts 1 reply

  #oauth

  Tue, Sep 13, 2022 11:26am -07:00
• IRC × OAuth 2.0 · emersion (emersion.fr)

  #oauth

  Tue, Sep 13, 2022 10:19am -07:00
• Aaron Parecki https://aaronparecki.com/   •   Aug 23

  The way I like to think about it is:
  
  If the client knows when the AT will (likely) expire, it can proactively refresh the token.
  
  There is nothing the client can do differently if it knows when the RT will (likely) expire.
  

  Yes, the client needs to be able to handle unexpected expiration of both the AT and RT, which tbh is more an argument that the AS should never return expires_in than an argument that it should return it for both tokens.

  Seattle, Washington, USA • 79°F

  1 like 1 reply

  #oauth

  Tue, Aug 23, 2022 4:49pm -07:00