Aaron Parecki

#oauth2

• OAuth

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  continue reading...

  #oauth #oauth2

  Sat, Feb 4, 2017 11:35am -08:00

• Alexander Clouter / oauth2-worker · GitLab (gitlab.com)

  #oauth #spa #oauth2

  Fri, Sep 4, 2020 2:23pm -07:00
• APIsecurity.io https://twitter.com/apisecurityio

  OAuth 2.1 is now an official IETF OAuth working group draft: https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
  OAuth 2.1 is not a new standard but rather security best practices for #OAuth2. So no risk breaking compat, can be adopted right away.
  See @aaronpk talking about it here: https://youtu.be/sUEBatNmsbY

  Portland, Oregon • 63°F

  #OAuth2

  Mon, Aug 3, 2020 1:00pm +00:00 (liked on Mon, Aug 3, 2020 6:28am -07:00)
• APIsecurity.io https://twitter.com/apisecurityio

  Want to experiment with different #OAuth2 and #OIDC flows? Check out @aaronpk's OAuth 2.0 Playground: https://www.oauth.com/playground/ and @PhilippeDeRyck's Flow Simulator: https://pragmaticwebsecurity.com/articles/oauthoidc/oauth-flow-simulator.html

  Portland, Oregon • 57°F

  #OAuth2 #OIDC

  Tue, Jul 14, 2020 1:00pm +00:00 (liked on Tue, Jul 14, 2020 6:01am -07:00)
• Matt Raible https://twitter.com/mraible

  I'm proud to say that @oktadev is sponsoring this event! @aaronpk and I will be speaking too. #oauth2 #jhipster
  
  Hope to see you there!

  Portland, Oregon • 51°F

  #oauth2 #jhipster

  Mon, Apr 13, 2020 4:54pm +00:00 (liked on Mon, Apr 13, 2020 9:55am -07:00)
• OAuth WG

  First Draft of OAuth 2.1

  I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.

  continue reading...

  61 likes 27 reposts 2 replies 4 mentions

  #oauth #oauth2 #ietf #oauth21

  Wed, Mar 11, 2020 5:22pm -07:00
• Mark W. Schumann https://twitter.com/MarkWSchumann

  Excellent explanation by @aaronpk of @okta of why PKCE is important in #OAuth2. I feel like @nbarbettini, the guy on the left asking these questions.
  
  https://oauth.net/2/grant-types/implicit/

  Portland, Oregon • 43°F

  #OAuth2

  Sat, Jan 11, 2020 10:55pm +00:00 (liked on Sat, Jan 11, 2020 8:04pm -08:00)
• 

  Some more info on OAuth 2.1 from the @oktadev blog:
  
  OAuth 2.1: How many RFCs does it take to change a light bulb?
  
  https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs

  Portland, Oregon • 46°F

  31 likes 5 reposts 7 replies 1 mention

  #oauth #oauth2

  Fri, Dec 13, 2019 10:29am -08:00
• Matt Raible https://twitter.com/mraible

  With OAuth 2.1:
  
  "...there should be no need to document the most secure way to implement OAuth, since that should be the only option available when you read the spec." 👍 #oauth2

  Portland, Oregon • 49°F

  #oauth2

  Fri, Dec 13, 2019 2:44am +00:00 (liked on Thu, Dec 12, 2019 6:45pm -08:00)

• It's Time for OAuth 2.1

  

  Trying to understand OAuth often feels like being trapped inside a maze of specs, trying to find your way out, before you can finally do what you actually set out to do: build your application.

  continue reading...

  105 likes 58 reposts 1 bookmark 2 replies 23 mentions

  #oauth #oauth2 #oauth21

  Thu, Dec 12, 2019 6:10pm -08:00

• It's an OAuth week!

  

  Now is your chance to join and ask me your OAuth questions!

  continue reading...

  5 likes 3 reposts 1 mention

  #oauth #oauth2

  Mon, Dec 9, 2019 1:28pm -08:00
• 

  If you missed my talk from @APIdaysAU last month, I just posted the video online!
  
  Securing Your APIs with #OAuth 2.0: https://youtu.be/PfvSD6MmEmQ

  Amsterdam, Noord-Holland, NLD • 63°F

  13 likes 2 reposts 2 mentions

  #oauth #apidays #apidaysau #oauth2

  Tue, Oct 1, 2019 1:58pm +02:00
• Matt Raible https://twitter.com/mraible

  What's going on with the OAuth 2.0 Implicit flow? From my awesome colleagues @aaronpk and @nbarbettini! https://youtu.be/CHzERullHe8 #oauth2 #implicitflow

  Portland, Oregon

  #oauth2 #implicitflow

  Tue, Jun 11, 2019 1:37am +00:00 (liked on Mon, Jun 10, 2019 6:50pm -07:00)
• Arindam Mukherjee https://twitter.com/ErrInDam

  If you've struggled to understand how #OAuth2 works, this one should help:
  
  https://aaronparecki.com/oauth-2-simplified/

  Portland, Oregon

  1 mention

  #OAuth2

  Sun, May 19, 2019 9:04am +00:00 (liked on Sun, May 19, 2019 9:20am -07:00)
• OktaDev https://twitter.com/oktadev

  Stop by the @okta booth at @devnexus to take our developer challenge! You can win an @oauth_2 book by @aaronpk or a @jhipster_book from @mraible. #oauth2 #jhipster #oktadevchallenge #hackforabook

  

  Portland, Oregon • 35°F

  #oauth2 #jhipster #oktadevchallenge #hackforabook

  Thu, Mar 7, 2019 3:30pm +00:00 (liked on Thu, Mar 7, 2019 8:48am -08:00)
• Josh Grossman 👻 https://twitter.com/JoshCGrossman

  "I'll just implement my own #OAuth2 authorisation server, how hard could it be?" - a client
  #AppSec

  

  New York, New York • 50°F

  #OAuth2 #AppSec

  Tue, Feb 5, 2019 12:32pm +00:00 (liked on Tue, Feb 5, 2019 8:25am -05:00)
• 

  If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps

  San Francisco, California, USA • 59°F

  13 likes 10 reposts 3 replies

  #oauth #oauth2 #api #security

  Tue, Jan 22, 2019 4:09pm -08:00
• Vittorio https://twitter.com/vibronet

  Did you hear about the latest #OAuth2 security BPC and what it proposes for securing SPAs? Get a backgrounder on why it's time to consider retiring the implicit flow and how @Auth0 can help in this article https://auth0.com/blog/oauth2-implicit-grant-and-spa/

  

  Portland, Oregon • 41°F

  #OAuth2

  Tue, Jan 8, 2019 5:28pm +00:00 (liked on Tue, Jan 8, 2019 9:45am -08:00)
• Brock Allen https://twitter.com/BrockLAllen

  The State of the Implicit Flow in OAuth2 https://brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/ #oauth2 #oidc #aspnetcore

  Portland, Oregon • 53°F

  #oauth2 #oidc #aspnetcore

  Thu, Jan 3, 2019 9:54pm +00:00 (liked on Thu, Jan 3, 2019 2:30pm -08:00)
• The State of the Implicit Flow in OAuth2 | brockallen (brockallen.com)

  #oauth #oauth2

  Thu, Jan 3, 2019 2:27pm -08:00
• 

  Alright, I think we can call it. Between @tlodderstedt's OAuth Security Best Practices and OAuth 2.0 for Browser Apps, the Implicit Flow is dead.
  
  https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09
  
  https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-00
  
  https://medium.com/@torsten_lodderstedt/why-you-should-stop-using-the-oauth-implicit-grant-2436ced1c926

  Portland, Oregon, USA • 36°F

  4 likes 5 reposts 2 mentions

  #oauth #oauth2

  Fri, Nov 9, 2018 8:57am -08:00