Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• 

  Ever find yourself confused about #OAuth? My new book "OAuth 2.0 Simplified" will be released next month! https://oauth2simplified.com

  Portland, Oregon, USA

  Fri, Aug 25, 2017 9:52am -07:00 #oauth #oktane #oktane17 #OAuth
• 

  Great example of why the character set for the @OAuth_2 Device Flow should be limited. The spec suggests only consonants #oauth #oauth2 #HBO

  

  Portland, Oregon, USA

  5 likes 3 reposts 1 reply

  Thu, Aug 24, 2017 10:59am -07:00 #oauth #oauth2 #HBO
• 

  It's real now! Here's a sneak peek of the cover of my new book "OAuth 2.0 Simplified", released at the end of this month! #oauth #oauth2

  

  Portland, Oregon

  62 likes 27 replies

  Wed, Aug 16, 2017 6:04pm -07:00 #oauth #oauth2
• Impact of iOS 11 no longer providing shared cookies between Safari, Safari View Controller instances · Issue #120 · openid/AppAuth-iOS (github.com)

  

  Fri, Jul 28, 2017 12:46pm -07:00 #ios #ios11 #oauth
• William Denniss https://twitter.com/WilliamDenniss

  Don't present an OAuth authorization request that looks like this. Use incremental auth to ask for permissions in context. #OAuth #IETF99

  

  Portland, Oregon

  Tue, Jul 18, 2017 1:27pm +00:00 (liked on Fri, Jul 28, 2017 12:27pm -07:00) #OAuth #IETF99
• https://mailarchive.ietf.org/arch/msg/oauth/h0ivzMZBHjXGi6HqcB0LYdR4skw

  OAuth Working Group
  

  I've seen this done a few ways:
  
  • The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow which is what you see on browserless devices like the Apple TV logging in to a cable provider from your phone. A short code is generated and displayed on the screen, you launch a browser on your phone and enter the code. This would work just as well from the command line on the same device.
  • I've also seen apps use the authorization flow, by displaying the authorization URL on the command line prompt and instructing the user to open it in a browser. The redirect URI is a hosted web page that displays the authorization code and instructs the user to paste it back at the terminal.
  • The command line app can launch an HTTP server on localhost and use that as the redirect URL for the authorization code flow. This option ends up being the most seamless since it works like a traditional flow without any special instructions to the user.

  Portland, Oregon, USA

  Sun, Jun 11, 2017 8:59pm -07:00 #oauth #oauth2
• Google Docs phishing attack underscores OAuth security risks | ITworld (www.itworld.com)

  

  Fri, May 5, 2017 12:04pm -07:00 #oauth #press #inthewild

• Day 59: Updated the Logo on IndieAuth.com's GitHub Login #100DaysOfIndieWeb

  This evening, Tantek pointed out to me that while he was logging in to the wiki via IndieAuth.com for the first time on a new computer, there was something a little strange about the IndieAuth.com flow...

  continue reading...

  1 like 1 mention

  Fri, Feb 17, 2017 8:56pm -08:00 #100daysofindieweb #indieauth.com #oauth
• 

  When I see an access token that begins with "eyJ", I base64-decode the middle part to see what data they store in it. #oauth #jwt #security

  

  Portland, Oregon, USA

  14 likes 3 reposts 1 reply

  Tue, Jan 31, 2017 8:09am -08:00 #oauth #jwt #security
• Oakland (OAK) to Portland (PDX)

  January 25, 2017 from 9:03am to 10:58am (-0800)

  Alaska Flight 2644

  

  Portland Intl in Portland

  permalink #oauth #consulting
• Portland (PDX) to Oakland (OAK)

  January 23, 2017 from 4:40pm to 6:39pm (-0800)

  Alaska Flight 2563

  

  Metropolitan Oakland Intl in Oakland

  permalink #oauth #consulting
• Jared Hanson https://twitter.com/jaredhanson   •   Oct 1

  There's an existing "oauth2-token" link rel which would be nice to use instead of "token_endpoint" https://tools.ietf.org/html/draft-wmills-oauth-lrdd-07#section-3.2
  

  @jaredhanson oh funny! I got token_endpoint from OpenID Connect: http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata I will take a look at the OAuth 2 link rels tho.

  Portland, Oregon, USA

  Sat, Oct 1, 2016 7:14am -07:00 #oauth2 #webmention #oauth
• Support Universal Links (developer.apple.com)

  

  Wed, Sep 14, 2016 10:41am -07:00 #oauth #apps #ios
• 

  a little light beach reading: "OAuth 2.0 for Native Apps" #oauth

  

  Cannon Beach, Oregon, USA

  6 likes 2 replies

  Tue, Sep 13, 2016 3:43pm -07:00 #oauth
• https://twitter.com/glenndayton/status/771107728290742272
  

  @glenndayton Thanks! Glad you like it! I just published a more thorough guide on https://oauth.com you might want to look at too!

  Portland, Oregon, USA

  2 replies

  Sun, Sep 4, 2016 9:44am -07:00 #oauth
• Las Vegas (LAS) to Portland (PDX)

  September 1, 2016 from 6:50am to 9:00am (-0700)

  Alaska Flight 629

  

  Portland Intl in Portland

  permalink #oauth #okta #oktane #oktane16
• 

  Happy to announce https://oauth.com - a guide to building OAuth 2.0 servers! #oktane16

  

  Las Vegas, Nevada, USA

  33 likes 22 reposts 2 replies 3 mentions

  Tue, Aug 30, 2016 10:01am -07:00 #oktane16 #oauth #oauth2
• Oktane 2016

  Aug

  29

  Aug

  30

  Aug

  31

  August 29-31, 2016
  3 days

  Aria Resort

  Las Vegas, NV

  permalink #okta #oktane #oauth #oktane16
• 

  Just launched a big reorganization of https://oauth.net which should make it easier to find things! 🔒 #oauth2 #oktane16

  Las Vegas, Nevada, USA

  7 likes 2 reposts

  Mon, Aug 29, 2016 11:44am -07:00 #oauth2 #oktane16 #oauth
• Portland (PDX) to Seattle (SEA)

  August 28, 2016 from 1:00pm to 1:46pm (-0700)

  Alaska Flight 2210

  Seattle (SEA) to Las Vegas (LAS)

  August 28, 2016 from 4:40pm to 6:57pm (-0700)

  Alaska Flight 604

  

  Mc Carran Intl in Las Vegas

  permalink #oauth #okta #oktane #oktane16