Aaron Parecki

  • Articles
  • Notes
  • Photos

#oauth

  • Aaron Parecki

    Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

    OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

    In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

    Portland, Oregon
    #oauth #oauth2
    Sat, Feb 4, 2017 11:35am -08:00
  • Los Angeles (LAX) to San Francisco (SFO)
    March 19, 2023 from 8:35am to 10:05am (-0700)
    Alaska Flight 3480
    San Francisco (SFO) to Tokyo (NRT)
    March 19, 2023 at 1:25pm (-0700) until Mar 20 at 4:45pm (+0900)
    Japan Airlines Flight 57
    Narita Intl in Tokyo
    #ietf #oauth
    permalink
  • Japan
    Mar
    19
    Mar
    …
    Mar
    31
    March 19-31, 2023
    13 days
    Yokohama
    Yokohama, Kanagawa, JP
    #ietf #oauth
    permalink
  • Portland (PDX) to Los Angeles (LAX)
    March 18, 2023 from 6:15pm to 8:45pm (-0800)
    Alaska Flight 3470
    Los Angeles Intl in Los Angeles
    #ietf #oauth
    permalink
  • Aaron Parecki
    It's been a while since I've set up an Amazon Echo device. Do I need to come over there and teach some Amazon folks about the OAuth Device Flow? There is a better way than making me type my password on this screen!
    Portland, Oregon, USA • 45°F
    41 likes 8 reposts 4 replies 1 mention
    #oauth
    Fri, Jan 27, 2023 9:20pm -08:00
  • Aaron Parecki
    It's here! My new video course "Advanced OAuth Security" is now available on Udemy!

    In this course we break down the jargon in the high-security OAuth specs like PAR, JAR, JARM, DPoP, Mutual TLS, HTTP Signatures and more!

    https://oauth2simplified.com/advanced-oauth
    Portland, Oregon, USA • 43°F
    73 likes 16 reposts 7 replies 2 mentions
    #oauth
    Thu, Dec 29, 2022 11:28am -08:00
  • Aaron Parecki
    I've got an ad spot opening up in the new year on https://oauth.net! This is *the* hub for everything about OAuth online. Text-only ads, and usually has a high clickthrough rate!

    Get in touch if you'd like to get your business in front of 150,000 people a month!
    Portland, Oregon, USA • 34°F
    6 likes 3 reposts 1 reply
    #oauth
    Wed, Dec 21, 2022 9:33am -08:00
  • OAuth WG

    OAuth for Browser-Based Apps Draft 12

    I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!
    continue reading...
    #oauth #ietf
    Tue, Dec 6, 2022 4:20pm -08:00
  • The Laws of OAuth

    The first law of OAuth states that the total number of authorized access tokens must remain constant in an isolated system.
    continue reading...
    2 replies
    #chatgpt #openai #oauth
    Fri, Dec 2, 2022 3:00pm -08:00
  • Aaron Parecki
    By popular request, I just published a version of "The Little Book of OAuth 2.0 RFCs" as a free downloadable PDF!

    https://oauth.net/books/#little-book-of-rfcs
    Portland, Oregon, USA • 39°F
    122 likes 43 reposts 10 replies 4 mentions
    #oauth
    Thu, Dec 1, 2022 3:23pm -08:00
  • Aaron Parecki
    This is your scheduled periodic reminder, for no particular reason, that now is a good time to review the third party OAuth apps that have access to your Twitter account, and remove any that you don't recognize or haven't used in a while.

    ➡ https://twitter.com/settings/connected_apps
    Portland, Oregon, USA • 43°F
    47 likes 20 reposts 5 replies
    #oauth #twitter #security
    Tue, Nov 15, 2022 6:36pm -08:00
  • London (LHR) to Portland (PDX)
    November 11, 2022 from 2:25pm (+0000) to 4:35pm (-0800)
    British Airways Flight 267
    Portland Intl in Portland
    #ietf #ietf114 #okta #oktadev #oauth
    permalink
  • IETF 114
    Nov
    5
    Nov
    …
    Nov
    11
    November 5-11, 2022
    7 days
    Hilton London Metropole
    London, England, GBR
    #ietf #ietf114 #okta #oktadev #oauth
    permalink
  • Portland (PDX) to Seattle (SEA)
    November 3, 2022 from 4:45pm to 5:41pm (-0700)
    Alaska Flight 2102
    Seattle (SEA) to London (LHR)
    November 3, 2022 at 8:28pm (-0700) until Nov 4 at 12:45pm (+0000)
    American Airlines Flight 156
    Heathrow in London
    #ietf114 #okta #ietf #oauth
    permalink
  • Aaron Parecki
    In just 30 minutes, join me and @vibronet for another OAuth Happy Hour! We'll be catching up on all the latest progress in the world of OAuth and OpenID Connect! Bring your questions or just come to hear about what's new! https://youtu.be/Bg7cr9UTP9Q
    Portland, Oregon • 59°F
    2 likes 1 repost
    #oauth
    Tue, Oct 11, 2022 10:58am -07:00
  • OktaDev https://twitter.com/oktadev
    Join @aaronpk and @vibronet for an hour of live Q&A about all things #OAuth and OpenID Connect!

    Bring your questions, or just come to learn about what's new! 💻

    📆Today, Tuesday Oct 11, 2022
    ⏰ Tue 11:30am - 12:30pm PST

    https://oktadev.events/2022/10/oauth-happy-hour-live-q-a-a2q4ofNmLvOK
    Portland, Oregon • 58°F
    #OAuth
    Tue, Oct 11, 2022 4:51pm +00:00 (liked on Tue, Oct 11, 2022 10:25am -07:00)
  • Aaron Parecki
    I'm working on a new video course, (tentatively) called "Advanced OAuth Security"!

    If you'd like to be the first to hear when it goes live, you can sign up for my email list here!

    https://oauth2simplified.com
    Portland, Oregon, USA • 68°F
    15 likes 5 replies
    #oauth
    Fri, Sep 16, 2022 2:13pm -07:00
  • OAuth WG

    New Draft of OAuth for Browser-Based Apps (Draft -11)

    With the help of a few kind folks, we've made some updates to the OAuth 2.0 for Browser-Based Apps draft as discussed during the last IETF meeting in Philadelphia.
    continue reading...
    #oauth #oauth2
    Thu, Sep 15, 2022 6:04pm -07:00
  • Aaron Parecki
    Just published a new version of OAuth 2.0 for Browser-Based Apps!

    https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html

    If you have feelings about tokens in browsers, please feel free to chime in on the discussion! You can comment on the mailing list or open issues on the GitHub repo linked from the doc!
    Portland, Oregon, USA • 67°F
    19 likes 3 reposts 1 reply
    #oauth
    Tue, Sep 13, 2022 11:26am -07:00
  • IRC × OAuth 2.0 · emersion (emersion.fr)
    #oauth
    Tue, Sep 13, 2022 10:19am -07:00
  • Aaron Parecki https://aaronparecki.com/   •   Aug 23
    The way I like to think about it is:

    If the client knows when the AT will (likely) expire, it can proactively refresh the token.

    There is nothing the client can do differently if it knows when the RT will (likely) expire.
    Aaron Parecki
    Yes, the client needs to be able to handle unexpected expiration of both the AT and RT, which tbh is more an argument that the AS should never return expires_in than an argument that it should return it for both tokens.
    Seattle, Washington, USA • 79°F
    1 like 1 reply
    #oauth
    Tue, Aug 23, 2022 4:49pm -07:00
next

Hi, I'm Aaron Parecki, Senior Security Architect at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2023 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv