Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• [OAUTH-WG] OAuth Status (www.ietf.org)

  Mon, Jan 12, 2015 1:24pm -08:00 #oauth #oauth2
• OAuth 2.0 and Sign-In (www.cloudidentity.com)

  OAuth 2.0 is not a sign-in protocol. Sign-in can be implemented by augmenting OAuth, and people routinely do so...

  Sat, Jan 3, 2015 7:49pm -08:00 #oauth #oauth2 #authentication #internet
• SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers (securityintelligence.com)

  Sun, Dec 7, 2014 9:36am -08:00 #oauth #security #oauth2

• A Little Twitter Developer History

  Back in the early days of Twitter, I noticed that several tweets I was seeing showed "via _____" next to the date, which linked to the application that was used to post the tweet. I thought "hey that's a clever way to give credit to applications" and thought it would be a good way to get people to discover the Twitter app I was creating at the time.

  continue reading...

  Sun, Nov 23, 2014 4:30pm -08:00 #twitter #oauth
• 

  Continuing last weekend's documentation of all the un-specified parts of OAuth 2.0, things were going pretty well until I hit the "Security Considerations" section, which basically recommends but doesn't require a whole bunch of things. Basically this means an API can be fully OAuth 2.0 compliant and also completely insecure.
  
  If you want to know more, keep an eye out for this blog post. Or hire me as an independent OAuth consultant and I'd gladly spend a day with you.

  Portland, Oregon, USA

  14 likes 6 replies

  Sat, Nov 22, 2014 7:23pm -08:00 #oauth2 #oauth
• Justin Richer http://bspk.io/

  The article on OAuth and Authentication that I helped write/edit is online now: http://oauth.net/articles/authentication/ (thanks to @aaronpk for publishing!)

  2 mentions

  Sun, Nov 2, 2014 11:22pm -05:00 (reposted on Sun, Nov 2, 2014 8:25pm -08:00) #oauth #oauth2
• 

  Launched some updates to the documentation at http://oauth.net/documentation/ with the OAuth group tonight! Will hopefully have more improvements to the site soon! #iiw

  San Francisco, California, USA

  3 likes 1 repost

  Wed, May 7, 2014 2:18am -07:00 #iiw #oauth
• OAuth meeting minutes (www.ietf.org)

  Wed, Mar 5, 2014 8:29am -08:00 #ietf #oauth #oauth2
• Kevin Marks 🏠kevinmarks.com xoxo.zone/@KevinMarks https://twitter.com/kevinmarks   •   Feb 27

  @cdixon obligatory sixteen year old dilbert http://dilbert.com/strips/comic/1996-01-11/
  

  @kevinmarks @cdixon What we really need is OAuth for payments. Generate an authorization for a specific amount and give the authorization to the recipient.

  Portland, Oregon, USA

  3 likes 1 repost

  Wed, Feb 26, 2014 10:45pm -08:00 #oauth
• Jason Cooper https://twitter.com/JLCooper2   •   Dec 10

  @aaronpk What licence is the OAuth logo used on http://oauth.net available as? (We are wanting to use it on a poster)
  

  @JLCooper2 Feel free! The logo is released under the Creative Commons Attribution ShareAlike 3.0 license. http://creativecommons.org/licenses/by-sa/3.0/

  Portland, OR, USA

  Tue, Dec 10, 2013 2:37pm -08:00 #oauth
• Speed Geeking: An Intro to OAuth 2

  Jul

  9

  July 9, 2013 3:30pm (-0700)

  San Diego, California, USA

  Esri User Conference

  permalink #oauth #oauth2 #esri #esriuc #speedgeeking
• Speed Geeking: An Intro to OAuth 2

  Jul

  9

  July 9, 2013 3:30pm - 5:00pm (-0700)

  Esri User Conference

  San Diego, California

  1 RSVP

  permalink #esri #esriuc #speedgeeking #oauth #oauth2
• https://twitter.com/a_hershberger/status/344122172282925057
  

  @a_hershberger Yes, most implementations require the client ID and secret. At the very least you'd need to require client ID to identify the client. Of course don't send the secret if it's coming from a mobile device. #oauth2

  Redlands, CA, USA

  Mon, Jun 10, 2013 12:54pm -07:00 #oauth2 #oauth
• The State of OAuth 2

  Jan

  7

  January 7, 2013 6:30pm (-0800)

  Portland, Oregon, USA

  State of the Auth

  permalink #oauth #oauth2
• https://twitter.com/kenkeiter/status/285166880501678081
  

  @kenkeiter Yea, you have to make a bunch of decisions even after reading the spec, Bearer/MAC are split into their own docs too. Also check out http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified for a simplified version.

  Portland, OR, USA

  Sat, Dec 29, 2012 3:38pm -08:00 #oauth2 #oauth

• OAuth 2 Simplified

  This post describes OAuth 2 in a simplified format to help developers and service providers implement the protocol.

  continue reading...

  2 mentions

  Sun, Jul 29, 2012 9:30am -07:00 #oauth #oauth2 #standards #web #authentication
• 

  RT @edanuff: Worth keeping in mind - #OAuth2 as implemented by FB, Google, Foursquare, etc. works and is *much* easier to use than OAuth1

  Fri, Jul 27, 2012 9:53am -07:00 #oauth2 #oauth
• 

  RT @OReillyMedia: Webcast starts in 30mins w/ @aaronpk "The Current State of OAuth 2" #OAuth2 join us http://oreillynet.com/pub/e/2185

  Fri, Jul 27, 2012 9:30am -07:00 #oauth2 #oauth
• 

  If you're at #OSCON, I'm starting my "Introduction to OAuth 2" talk in 10 minutes, room F150!

  Portland, OR

  Fri, Jul 20, 2012 10:50am -07:00 #oscon #oauth2 #oauth
• The Current State of OAuth 2

  Jul

  19

  July 19, 2012 10:00pm (-0700)

  Portland

  OSCON (O'Reilly)

  View Slides

  permalink #oauth2 #oauth #oscon