Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• OAuth 2.0 Debugger (oauthdebugger.com)

  

  Thu, Oct 12, 2017 9:10pm -07:00 #oauth #oauth2 #resources #okta
• Portland (PDX) to San Francisco (SFO)

  October 12, 2017 from 6:40am to 8:22am (-0700)

  Virgin America Flight 1022

  

  San Francisco Intl in San Francisco

  permalink #okta #oauth
• pdxdevops https://twitter.com/pdxdevops   •   Sep 27

  We're seeking speakers for Oct 25th! Can be a talk you've done elsewhere. Don't be shy!
  

  @pdxdevops I'd be happy to give a talk on OAuth 2! Based on my book and blog post https://aaronparecki.com/oauth-2-simplified/ https://oauth2simplified.com

  Portland, Oregon, USA

  1 reply

  Wed, Oct 4, 2017 1:42pm -07:00 #oauth
• Las Vegas (LAS) to Portland (PDX)

  August 31, 2017 from 10:30am to 12:39pm (-0700)

  Alaska Flight 627

  

  Portland Intl in Portland

  permalink #oktane #oauth
• 

  If you're at #oktane17 grab a free copy of my book at the Okta store! They're already flying off the shelves :-) #oauth2simplified

  

  ARIA Convention Center in Las Vegas, Nevada, USA

  10 likes 2 replies

  Tue, Aug 29, 2017 11:20am -07:00 #oktane17 #oauth2simplified #oauth #okta #oauth2
• Oktane 2017

  Aug

  28

  Aug

  29

  Aug

  30

  August 28-30, 2017
  3 days

  Aria Resort

  Las Vegas, NV

  permalink #okta #oktane #oauth #oktane17
• 

  They're here! You can pick up my book at the developer lounge or in the expo hall at #oktane17
  
  https://oauth2simplified.com

  

  Las Vegas, Nevada, USA

  27 likes 8 reposts 2 replies

  Mon, Aug 28, 2017 5:08pm -07:00 #oauth #oktane17
• Portland (PDX) to Seattle (SEA)

  August 27, 2017 from 2:15pm to 3:14pm (-0700)

  Alaska Flight 3473

  Seattle (SEA) to Las Vegas (LAS)

  August 27, 2017 from 4:00pm to 6:21pm (-0700)

  Alaska Flight 684

  

  Mc Carran Intl in Las Vegas

  permalink #oktane #oauth
• Matthew Turland http://matthewturland.com   •   Aug 25

  I really wish banks had an equivalent of OAuth. I now have to wait 7-14 business days (excluding holidays) for a replacement debit card.
  

  @elazar for real. I still can't believe I'm expected to enter my bank credentials and security questions in third party apps too #oauth

  Portland, Oregon, USA

  1 reply

  Fri, Aug 25, 2017 10:06am -07:00 #oauth
• 

  Ever find yourself confused about #OAuth? My new book "OAuth 2.0 Simplified" will be released next month! https://oauth2simplified.com

  

  Portland, Oregon, USA

  20 likes 8 reposts

  Fri, Aug 25, 2017 9:55am -07:00 #oauth #oktane #oktane17
• 

  Ever find yourself confused about #OAuth? My new book "OAuth 2.0 Simplified" will be released next month! https://oauth2simplified.com

  Portland, Oregon, USA

  Fri, Aug 25, 2017 9:52am -07:00 #oauth #oktane #oktane17 #OAuth
• 

  Great example of why the character set for the @OAuth_2 Device Flow should be limited. The spec suggests only consonants #oauth #oauth2 #HBO

  

  Portland, Oregon, USA

  5 likes 3 reposts 1 reply

  Thu, Aug 24, 2017 10:59am -07:00 #oauth #oauth2 #HBO
• 

  It's real now! Here's a sneak peek of the cover of my new book "OAuth 2.0 Simplified", released at the end of this month! #oauth #oauth2

  

  Portland, Oregon

  62 likes 27 replies

  Wed, Aug 16, 2017 6:04pm -07:00 #oauth #oauth2
• Impact of iOS 11 no longer providing shared cookies between Safari, Safari View Controller instances · Issue #120 · openid/AppAuth-iOS (github.com)

  

  Fri, Jul 28, 2017 12:46pm -07:00 #ios #ios11 #oauth
• William Denniss https://twitter.com/WilliamDenniss

  Don't present an OAuth authorization request that looks like this. Use incremental auth to ask for permissions in context. #OAuth #IETF99

  

  Portland, Oregon

  Tue, Jul 18, 2017 1:27pm +00:00 (liked on Fri, Jul 28, 2017 12:27pm -07:00) #OAuth #IETF99
• https://mailarchive.ietf.org/arch/msg/oauth/h0ivzMZBHjXGi6HqcB0LYdR4skw

  OAuth Working Group
  

  I've seen this done a few ways:
  
  • The Device Flow: https://tools.ietf.org/html/draft-ietf-oauth-device-flow which is what you see on browserless devices like the Apple TV logging in to a cable provider from your phone. A short code is generated and displayed on the screen, you launch a browser on your phone and enter the code. This would work just as well from the command line on the same device.
  • I've also seen apps use the authorization flow, by displaying the authorization URL on the command line prompt and instructing the user to open it in a browser. The redirect URI is a hosted web page that displays the authorization code and instructs the user to paste it back at the terminal.
  • The command line app can launch an HTTP server on localhost and use that as the redirect URL for the authorization code flow. This option ends up being the most seamless since it works like a traditional flow without any special instructions to the user.

  Portland, Oregon, USA

  Sun, Jun 11, 2017 8:59pm -07:00 #oauth #oauth2
• Google Docs phishing attack underscores OAuth security risks | ITworld (www.itworld.com)

  

  Fri, May 5, 2017 12:04pm -07:00 #oauth #press #inthewild

• Day 59: Updated the Logo on IndieAuth.com's GitHub Login #100DaysOfIndieWeb

  This evening, Tantek pointed out to me that while he was logging in to the wiki via IndieAuth.com for the first time on a new computer, there was something a little strange about the IndieAuth.com flow...

  continue reading...

  1 like 1 mention

  Fri, Feb 17, 2017 8:56pm -08:00 #100daysofindieweb #indieauth.com #oauth
• 

  When I see an access token that begins with "eyJ", I base64-decode the middle part to see what data they store in it. #oauth #jwt #security

  

  Portland, Oregon, USA

  14 likes 3 reposts 1 reply

  Tue, Jan 31, 2017 8:09am -08:00 #oauth #jwt #security
• Oakland (OAK) to Portland (PDX)

  January 25, 2017 from 9:03am to 10:58am (-0800)

  Alaska Flight 2644

  

  Portland Intl in Portland

  permalink #oauth #consulting