Aaron Parecki

#oauth2

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• OktaDev https://twitter.com/oktadev

  Stop by the @okta booth at @devnexus to take our developer challenge! You can win an @oauth_2 book by @aaronpk or a @jhipster_book from @mraible. #oauth2 #jhipster #oktadevchallenge #hackforabook

  

  Portland, Oregon • 35°F

  Thu, Mar 7, 2019 3:30pm +00:00 (liked on Thu, Mar 7, 2019 8:48am -08:00) #oauth2 #jhipster #oktadevchallenge #hackforabook
• Josh Grossman 👻 https://twitter.com/JoshCGrossman

  "I'll just implement my own #OAuth2 authorisation server, how hard could it be?" - a client
  #AppSec

  

  New York, New York • 50°F

  Tue, Feb 5, 2019 12:32pm +00:00 (liked on Tue, Feb 5, 2019 8:25am -05:00) #OAuth2 #AppSec
• 

  If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps

  San Francisco, California, USA • 59°F

  13 likes 10 reposts 3 replies

  Tue, Jan 22, 2019 4:09pm -08:00 #oauth #oauth2 #api #security
• Vittorio https://twitter.com/vibronet

  Did you hear about the latest #OAuth2 security BPC and what it proposes for securing SPAs? Get a backgrounder on why it's time to consider retiring the implicit flow and how @Auth0 can help in this article https://auth0.com/blog/oauth2-implicit-grant-and-spa/

  

  Portland, Oregon • 41°F

  Tue, Jan 8, 2019 5:28pm +00:00 (liked on Tue, Jan 8, 2019 9:45am -08:00) #OAuth2
• Brock Allen https://twitter.com/BrockLAllen

  The State of the Implicit Flow in OAuth2 https://brockallen.com/2019/01/03/the-state-of-the-implicit-flow-in-oauth2/ #oauth2 #oidc #aspnetcore

  Portland, Oregon • 53°F

  Thu, Jan 3, 2019 9:54pm +00:00 (liked on Thu, Jan 3, 2019 2:30pm -08:00) #oauth2 #oidc #aspnetcore
• The State of the Implicit Flow in OAuth2 | brockallen (brockallen.com)

  Thu, Jan 3, 2019 2:27pm -08:00 #oauth #oauth2
• 

  Alright, I think we can call it. Between @tlodderstedt's OAuth Security Best Practices and OAuth 2.0 for Browser Apps, the Implicit Flow is dead.
  
  https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09
  
  https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-00
  
  https://medium.com/@torsten_lodderstedt/why-you-should-stop-using-the-oauth-implicit-grant-2436ced1c926

  Portland, Oregon, USA • 36°F

  4 likes 5 reposts 2 mentions

  Fri, Nov 9, 2018 8:57am -08:00 #oauth #oauth2
• Moving On from OAuth 2? – Justin Richer – Medium (medium.com)

  Tue, Oct 23, 2018 10:47am -07:00 #oauth #oauth2 #iiw
• Jim Shingler https://twitter.com/jshingler

  @aaronpk talking #Oauth2 and #OIDC at #cardinalhealth great meeting thanks @okta

  

  Columbus, Ohio • 72°F

  1 mention

  Thu, Oct 11, 2018 12:04am +00:00 (liked on Wed, Oct 10, 2018 8:23pm -04:00) #Oauth2 #OIDC #cardinalhealth
• 

  Next week I'll be hosting a workshop on @OAuth2 in Germany as part of Nürnberg Web Week festival @nueww! It's filling up fast but there are still some spots left! https://nuernberg.digital/festival/programm/2018/understanding-and-implementing-oauth-2-0-mit-aaron-parecki-42/

  Columbus, Ohio, USA • 72°F

  11 likes 6 reposts 3 replies

  Wed, Oct 10, 2018 7:32pm -04:00 #oauth #oauth2
• OAuth.io https://try.oauth.io

  We will be talking about 'The Many Flavors of OAuth' at @APIdaysGlobal San Francisco about #oauth2 and briefly covering identity layers #openidconnect #oidc and #IndieAuth. We have a few tickets to giveaway. Please register with code 'Soonhin' at https://www.apidays.co/sanfrancisco. See you!

  Portland, Oregon • 95°F

  Mon, Jul 30, 2018 1:47am +00:00 (liked on Sun, Jul 29, 2018 7:44pm -07:00) #oauth2 #openidconnect #oidc #IndieAuth
• 

  OAuth for the Open Web
  
  A little about the challenges of using #OAuth2 in a distributed setting for WordPress, GitLab, Mastodon, and more. Spoiler: it's not all bad news. Let's make this happen!
  
  https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web

  Portland, Oregon, USA • 72°F

  61 likes 31 reposts 6 replies 2 mentions

  Sat, Jul 7, 2018 9:41am -07:00 #oauth2

• OAuth for the Open Web

  

  OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.

  continue reading...

  Sat, Jul 7, 2018 9:30am -07:00 #indieauth #oauth #oauth2 #indieweb
• 

  Just finished part 3 in my blog post series about #OAuth2 grant types. This one is about when to use the Password Grant. Spoiler: you probably shouldn't. https://developer.okta.com/blog/2018/06/29/what-is-the-oauth2-password-grant

  Portland, Oregon, USA • 59°F

  6 likes 3 reposts 1 reply

  Mon, Jul 2, 2018 12:24pm -07:00 #oauth2
• 

  Slides and video from my @OAuth_2 talk at #cloudnativepdx last night are posted! https://speakerdeck.com/aaronpk/oauth-all-the-things-an-introduction-to-oauth https://www.youtube.com/watch?v=wA4kqKFua2Q

  Portland, Oregon, USA • 66°F

  18 likes 8 reposts

  Thu, Jun 21, 2018 2:16pm -07:00 #oauth #oauth2 #cloudnativepdx
• 

  I've been getting a lot of questions about the @OAuth_2 Implicit Grant Type, so I wrote up some details on it here: https://developer.okta.com/blog/2018/05/24/what-is-the-oauth2-implicit-grant-type #oauth

  Portland, Oregon • 63°F

  2 likes 2 reposts

  Fri, May 25, 2018 11:35am -07:00 #oauth #oauth2
• 

  I'm going to be hosting a workshop on @OAuth_2 this fall in Nürnberg, Germany! 🔐 Only 15 spots available, so sign up now! https://colloq.io/events/tollwerkstatt-workshops/2018/nurnberg/2

  Portland, Oregon • 65°F

  3 likes 4 reposts

  Fri, Apr 27, 2018 10:26am -07:00 #oauth2
• Adam Lewis https://twitter.com/lewiada   •   Apr 24

  We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.
  

  BCP for public UA clients:
  
  • use the authorization code flow
  • omit client secret
  • strict redirect URI validation
  
  Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps

  Portland, Oregon • 71°F

  3 likes 1 repost 6 replies

  Tue, Apr 24, 2018 10:57am -07:00 #oauth2
• OktaDev http://developer.okta.com

  This post by @aaronpk breaks down the #oauth2 Authorization Code grant type step by step: https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type

  Portland, Oregon • 55°F

  Tue, Apr 10, 2018 10:40am -07:00 (liked on Tue, Apr 10, 2018 10:41am -07:00) #oauth2
• 

  I wrote some words about the #oauth2 Authorization Code grant type! https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type

  Portland, Oregon • 55°F

  Tue, Apr 10, 2018 10:37am -07:00 #oauth2