Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• Zagreb (ZAG) to London (LHR)

  July 27, 2026 from 2:20pm (+0200) to 4:20pm (+0100)

  British Airways Flight 6775

  London (LHR) to Portland (PDX)

  July 28, 2026 from 3:40pm (+0100) to 5:40pm (-0700)

  British Airways Flight 6956

  

  Portland Intl in Portland

  permalink #ietf #okta #oauth #openid
• IETF 126 Vienna

  Jul

  19

  Jul

  …

  Jul

  24

  July 19-24, 2026
  6 days

  Hilton Vienna Park

  Wien, Wien, AT

  permalink #ietf #oauth #okta
• Portland (PDX) to London (LHR)

  July 18, 2026 at 7:30pm (-0700) until Jul 19 at 1:00pm (+0100)

  British Airways Flight 266

  London (LHR) to Vienna (VIE)

  July 19, 2026 from 7:20pm (+0100) to 10:30pm (+0200)

  British Airways Flight 728

  

  Schwechat in Vienna

  permalink #ietf #oauth #okta
• Vienna

  Jul

  18

  Jul

  …

  Jul

  28

  July 18-28, 2026
  11 days

  Vienna

  Vienna, Vienna, AT

  permalink #ietf #oauth #okta
• San Jose (SJC) to Portland (PDX)

  May 1, 2026 from 9:38am to 11:28am (-0700)

  Alaska Flight 2274

  

  Portland Intl in Portland

  permalink #iiw #okta #oauth #openid
• Internet Identity Workshop

  Apr

  28

  Apr

  29

  Apr

  30

  April 28-30, 2026
  3 days

  Computer History Museum

  Mountain View, California, US

  permalink #iiw #oauth #openid #okta
• Portland (PDX) to San Jose (SJC)

  April 27, 2026 from 9:07pm to 10:59pm (-0700)

  Alaska Flight 3344

  

  Norman Y Mineta San Jose Intl in San Jose

  permalink #iiw #oauth #openid #okta
• Mountain View

  Apr

  27

  Apr

  …

  Apr

  30

  April 27-30, 2026
  4 days

  Mountain View

  Mountain View, California, US

  permalink #iiw #oauth #openid #okta
• IETF 125 Shenzhen

  Mar

  14

  Mar

  …

  Mar

  20

  March 14-20, 2026
  7 days

  Futian Shangri-La, Shenzhen

  Shen Zhen Shi, Guang Dong Sheng, CN

  permalink #ietf #oauth
• Shenzhen

  Mar

  9

  Mar

  …

  Mar

  22

  March 9-22, 2026
  14 days

  Shenzhen

  Shenzhen, Guangdong Province, CN

  permalink #ietf #oauth
• Portland (PDX) to San Francisco (SFO)

  March 9, 2026 from 7:05am to 9:08am (-0700)

  Alaska Flight 526

  San Francisco (SFO) to Hong Kong (HKG)

  March 9, 2026 at 12:25pm (-0800) until Mar 10 at 7:00pm (+0800)

  Cathay Pacific Flight 879

  

  Hong Kong Intl in Hong Kong

  permalink #ietf #oauth

• Making OAuth Scale Securely for MCPs - Application Security Weekly

  

  The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth’s new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this.

  continue reading...

  Tue, Dec 9, 2025 11:30am -08:00 #mcp #oauth
• 

  The new MCP spec just dropped! 🎉
  
  There's too many new things to get into everything, but there are two big changes I am most excited about 👀
  
  📝 Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control
  🔐 Enterprise-Managed Authorization extension (aka Cross App Access) - eliminate the OAuth redirect and get tokens for an MCP server by requesting them from the enterprise IdP
  
  It's been great working on this with folks like Den Delimarsky, Paul Carleton, David Soria Parra, Nick Cooper, Tyler Leonhardt, and more!
  
  Read more about what these mean for you in my full post
  👉 https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update

  Portland, Oregon • 44°F

  1 like

  Tue, Nov 25, 2025 3:11pm -08:00 #oauth #cimd #xaa #mcp
• Cross App Access extends MCP to bring enterprise-grade security to AI agent interactions (www.okta.com)

  Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth #xaa
• Arcade.dev and Anthropic advance MCP with new secure authorization flow - SiliconANGLE (siliconangle.com)

  Tue, Nov 25, 2025 2:36pm -08:00 #mcp #oauth

• Client Registration and Enterprise Management in the November 2025 MCP Authorization Spec

  

  The new MCP authorization spec is here! Today marks the one-year anniversary of the Model Context Protocol, and with it, the launch of the new 2025-11-25 specification.

  continue reading...

  1 like 1 mention

  Tue, Nov 25, 2025 1:25pm -08:00 #cimd #oauth #mcp #ai
• Montreal (YUL) to Boston (BOS)

  November 8, 2025 from 1:25pm to 2:52pm (-0500)

  Air Canada Flight 8608

  Boston (BOS) to Portland (PDX)

  November 8, 2025 from 4:46pm (-0500) to 8:07pm (-0800)

  Alaska Flight 1319

  

  Portland Intl in Portland

  permalink #ietf #okta #oauth
• 

  hacking oauth

  

  Montréal, Québec

  Thu, Nov 6, 2025 7:50pm -05:00 #oauth #ietf #365
• feature: Add support for Client ID Metadata Documents (CIMD) by chipgpt · Pull Request #13 · chipgpt/full-stack-saas-mcp (github.com)

  Mon, Nov 3, 2025 8:58pm -05:00 #oauth #cimd #mcp
• IETF 124 Montreal

  Nov

  3

  Nov

  …

  Nov

  7

  November 3-7, 2025
  5 days

  Fairmont The Queen Elizabeth

  Montréal, Québec, CA

  permalink #ietf #oauth #okta