46°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#oauth2

  • Aaron Parecki

    Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

    OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

    In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

    Portland, Oregon
    #oauth #oauth2
    Sat, Feb 4, 2017 11:35am -08:00
  • Internet ID Workshop https://twitter.com/idworkshop
    Belated Thanks! Get the latest on Oauth2 from Aaron Parecki @aaronpk One of our featured 101 Sessions Presenters at #IIW today!
    #OAuth2 #OAuth
    Portland, Oregon • 60°F
    #IIW #OAuth2 #OAuth
    Tue, Oct 20, 2020 9:56pm +00:00 (liked on Tue, Oct 20, 2020 2:58pm -07:00)
  • Alexander Clouter / oauth2-worker · GitLab (gitlab.com)
    #oauth #spa #oauth2
    Fri, Sep 4, 2020 2:23pm -07:00
  • APIsecurity.io https://twitter.com/apisecurityio
    OAuth 2.1 is now an official IETF OAuth working group draft: https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
    OAuth 2.1 is not a new standard but rather security best practices for #OAuth2. So no risk breaking compat, can be adopted right away.
    See @aaronpk talking about it here: https://youtu.be/sUEBatNmsbY
    Portland, Oregon • 63°F
    #OAuth2
    Mon, Aug 3, 2020 1:00pm +00:00 (liked on Mon, Aug 3, 2020 6:28am -07:00)
  • APIsecurity.io https://twitter.com/apisecurityio
    Want to experiment with different #OAuth2 and #OIDC flows? Check out @aaronpk's OAuth 2.0 Playground: https://www.oauth.com/playground/ and @PhilippeDeRyck's Flow Simulator: https://pragmaticwebsecurity.com/articles/oauthoidc/oauth-flow-simulator.html
    Portland, Oregon • 57°F
    #OAuth2 #OIDC
    Tue, Jul 14, 2020 1:00pm +00:00 (liked on Tue, Jul 14, 2020 6:01am -07:00)
  • Matt Raible https://twitter.com/mraible
    I'm proud to say that @oktadev is sponsoring this event! @aaronpk and I will be speaking too. #oauth2 #jhipster

    Hope to see you there!
    Portland, Oregon • 51°F
    #oauth2 #jhipster
    Mon, Apr 13, 2020 4:54pm +00:00 (liked on Mon, Apr 13, 2020 9:55am -07:00)
  • OAuth WG

    First Draft of OAuth 2.1

    I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.
    continue reading...
    61 likes 27 reposts 2 replies 4 mentions
    #oauth #oauth2 #ietf #oauth21
    Wed, Mar 11, 2020 5:22pm -07:00
  • Mark W. Schumann https://twitter.com/MarkWSchumann
    Excellent explanation by @aaronpk of @okta of why PKCE is important in #OAuth2. I feel like @nbarbettini, the guy on the left asking these questions.

    https://oauth.net/2/grant-types/implicit/
    Portland, Oregon • 43°F
    #OAuth2
    Sat, Jan 11, 2020 10:55pm +00:00 (liked on Sat, Jan 11, 2020 8:04pm -08:00)
  • Aaron Parecki
    Some more info on OAuth 2.1 from the @oktadev blog:

    OAuth 2.1: How many RFCs does it take to change a light bulb?

    https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
    Portland, Oregon • 46°F
    31 likes 5 reposts 7 replies 1 mention
    #oauth #oauth2
    Fri, Dec 13, 2019 10:29am -08:00
  • Matt Raible https://twitter.com/mraible
    With OAuth 2.1:

    "...there should be no need to document the most secure way to implement OAuth, since that should be the only option available when you read the spec." 👍 #oauth2
    Portland, Oregon • 49°F
    #oauth2
    Fri, Dec 13, 2019 2:44am +00:00 (liked on Thu, Dec 12, 2019 6:45pm -08:00)
  • It's Time for OAuth 2.1

    Trying to understand OAuth often feels like being trapped inside a maze of specs, trying to find your way out, before you can finally do what you actually set out to do: build your application.
    continue reading...
    106 likes 58 reposts 1 bookmark 2 replies 23 mentions
    #oauth #oauth2 #oauth21
    Thu, Dec 12, 2019 6:10pm -08:00
  • It's an OAuth week!

    Now is your chance to join and ask me your OAuth questions!
    continue reading...
    5 likes 3 reposts 1 mention
    #oauth #oauth2
    Mon, Dec 9, 2019 1:28pm -08:00
  • Aaron Parecki
    If you missed my talk from @APIdaysAU last month, I just posted the video online!

    Securing Your APIs with #OAuth 2.0: https://youtu.be/PfvSD6MmEmQ
    Amsterdam, Noord-Holland, NLD • 63°F
    13 likes 2 reposts 2 mentions
    #oauth #apidays #apidaysau #oauth2
    Tue, Oct 1, 2019 1:58pm +02:00
  • Matt Raible https://twitter.com/mraible
    What's going on with the OAuth 2.0 Implicit flow? From my awesome colleagues @aaronpk and @nbarbettini! https://youtu.be/CHzERullHe8 #oauth2 #implicitflow
    Portland, Oregon
    #oauth2 #implicitflow
    Tue, Jun 11, 2019 1:37am +00:00 (liked on Mon, Jun 10, 2019 6:50pm -07:00)
  • Arindam Mukherjee https://twitter.com/ErrInDam
    If you've struggled to understand how #OAuth2 works, this one should help:

    https://aaronparecki.com/oauth-2-simplified/
    Portland, Oregon
    1 mention
    #OAuth2
    Sun, May 19, 2019 9:04am +00:00 (liked on Sun, May 19, 2019 9:20am -07:00)
  • OktaDev https://twitter.com/oktadev
    Stop by the @okta booth at @devnexus to take our developer challenge! You can win an @oauth_2 book by @aaronpk or a @jhipster_book from @mraible. #oauth2 #jhipster #oktadevchallenge #hackforabook
    Portland, Oregon • 35°F
    #oauth2 #jhipster #oktadevchallenge #hackforabook
    Thu, Mar 7, 2019 3:30pm +00:00 (liked on Thu, Mar 7, 2019 8:48am -08:00)
  • Josh Grossman 👻 https://twitter.com/JoshCGrossman
    "I'll just implement my own #OAuth2 authorisation server, how hard could it be?" - a client
    #AppSec
    New York, New York • 50°F
    #OAuth2 #AppSec
    Tue, Feb 5, 2019 12:32pm +00:00 (liked on Tue, Feb 5, 2019 8:25am -05:00)
  • Aaron Parecki
    If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps
    San Francisco, California, USA • 59°F
    13 likes 10 reposts 3 replies
    #oauth #oauth2 #api #security
    Tue, Jan 22, 2019 4:09pm -08:00
  • Vittorio https://twitter.com/vibronet
    Did you hear about the latest #OAuth2 security BPC and what it proposes for securing SPAs? Get a backgrounder on why it's time to consider retiring the implicit flow and how @Auth0 can help in this article https://auth0.com/blog/oauth2-implicit-grant-and-spa/
    Portland, Oregon • 41°F
    #OAuth2
    Tue, Jan 8, 2019 5:28pm +00:00 (liked on Tue, Jan 8, 2019 9:45am -08:00)
  • Brock Allen https://twitter.com/BrockLAllen
    The State of the Implicit Flow in OAuth2 https://brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/ #oauth2 #oidc #aspnetcore
    Portland, Oregon • 53°F
    #oauth2 #oidc #aspnetcore
    Thu, Jan 3, 2019 9:54pm +00:00 (liked on Thu, Jan 3, 2019 2:30pm -08:00)
  • The State of the Implicit Flow in OAuth2 | brockallen (brockallen.com)
    #oauth #oauth2
    Thu, Jan 3, 2019 2:27pm -08:00
next

Hi, I'm Aaron Parecki, co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and am the editor of several W3C specifications. I help people learn about video production and livestreaming.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • 🎥 YouTube
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Sleep
  • Trips
  • Videos
  • Contact
© 1999-2021 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons