Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• OAuth: When Things Go Wrong

  Feb

  5

  February 5, 2019 3:50pm - 4:40pm (-0500)

  O'Reilly Software Architecture Conference

  O'Reilly Software Architecture Conference

  View Slides

  Watch Video

  permalink #oauth #oktadev
• O'Reilly Software Architecture Conference

  Feb

  5

  Feb

  6

  February 5-6, 2019
  

  New York Hilton Midtown

  New York, New York, US

  permalink #okta #oauth
• 

  I'm giving a talk on #OAuth at #OReillySACon tomorrow! 3:50pm in Sutton North. I'll have books and cat stickers to give out afterwards too! https://conferences.oreilly.com/software-architecture/sa-ny/public/schedule/detail/75121

  

  New York, New York, USA • 48°F

  22 likes 7 reposts 1 reply

  Mon, Feb 4, 2019 8:28pm -05:00 #okta #oktadev #oreillysacon #oauth
• Portland (PDX) to Newark (EWR)

  February 4, 2019 from 7:45am (-0800) to 4:00pm (-0500)

  Alaska Flight 54

  

  Newark Liberty Intl in Newark

  permalink #okta #oauth
• An alternative way to secure SPAs (with ASP.NET Core, OpenID Connect, OAuth 2.0 and ProxyKit) | leastprivilege.com (leastprivilege.com)

  Mon, Feb 4, 2019 6:56am -08:00 #oauth #spa
• Steve Hutchinson https://twitter.com/IdentityHutch

  Nice rebuttal by @scottbrady91 from @rskltd to Okta's “Nobody Cares About #OAuth or #OpenID Connect.” I agree that developers should care and #identity professionals should elevate the discourse. @idpro_org @openid #OIDC https://www.scottbrady91.com/OAuth/Why-Developers-Do-Care-About-OAuth-and-OpenID-Connect

  Portland, Oregon • 42°F

  Mon, Jan 28, 2019 3:57pm +00:00 (liked on Mon, Jan 28, 2019 8:04am -08:00) #OAuth #OpenID #identity #OIDC
• Scott Brady https://twitter.com/scottbrady91

  Why Developers Do Care About OAuth and OpenID Connect https://www.scottbrady91.com/OAuth/Why-Developers-Do-Care-About-OAuth-and-OpenID-Connect @oktadev @openid #oauth

  Portland, Oregon • 42°F

  Mon, Jan 28, 2019 1:22pm +00:00 (liked on Mon, Jan 28, 2019 8:03am -08:00) #oauth
• Why Developers Do Care About OAuth and OpenID Connect - Scott Brady (www.scottbrady91.com)

  Mon, Jan 28, 2019 8:02am -08:00 #oauth #okta
• Chaining Tricky OAuth Exploitation To Stored XSS – Rohan Aggarwal – Medium (medium.com)

  Sun, Jan 27, 2019 4:48pm -08:00 #oauth #security #xss
• 

  If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps

  San Francisco, California, USA • 59°F

  13 likes 10 reposts 3 replies

  Tue, Jan 22, 2019 4:09pm -08:00 #oauth #oauth2 #api #security
• The State of the Implicit Flow in OAuth2 | brockallen (brockallen.com)

  Thu, Jan 3, 2019 2:27pm -08:00 #oauth #oauth2
• 

  A pretty good step-by-step walkthrough of the @oauth2 PKCE flow by @afitnerd https://developer.okta.com/blog/2018/12/13/oauth-2-for-native-and-mobile-apps
  
  and yes it's pronounced "pixie"

  Springfield Gardens, New York • 50°F

  2 likes 3 reposts 1 reply 1 mention

  Fri, Dec 14, 2018 12:19pm -05:00 #oauth #pkce
• New York (JFK) to Los Angeles (LAX)

  December 14, 2018 from 7:10am (-0500) to 10:36am (-0800)

  Alaska Flight 420

  Los Angeles (LAX) to Portland (PDX)

  December 14, 2018 from 11:00am to 1:35pm (-0800)

  Alaska Flight 1795

  

  Portland Intl in Portland

  permalink #oauth #okta
• 

  Take 3 minutes to learn how OAuth access tokens are like a hotel keycard! 🔐💳
  https://www.youtube.com/watch?v=BNEoKexlmA4 (Filmed last week at my hotel!)

  10 likes 7 reposts 1 reply

  Thu, Dec 13, 2018 2:54pm -05:00 #oauth
• What is going on with OAuth 2.0? And why you should not use it for authentication. (medium.com)

  Thu, Dec 13, 2018 1:16pm -05:00 #oauth
• Seattle (SEA) to Portland (PDX)

  December 11, 2018 from 6:55pm to 7:46pm (-0800)

  Alaska Flight 2627

  Portland (PDX) to New York (JFK)

  December 11, 2018 at 9:22pm (-0800) until Dec 12 at 5:27am (-0500)

  Alaska Flight 450

  

  John F Kennedy Intl in New York

  permalink #okta #w3c #oauth
• W3C Workshop on Strong Authentication & Identity

  Dec

  10

  Dec

  11

  December 10-11, 2018
  

  Microsoft Building 27

  Redmond, Washington, US

  permalink #oauth #openid
• Portland (PDX) to Seattle (SEA)

  December 9, 2018 from 9:20pm to 10:19pm (-0800)

  Alaska Flight 2268

  

  Seattle Tacoma Intl in Seattle

  permalink #okta #w3c #oauth
• Tom Scavo https://twitter.com/trscavo

  The #OAuth implicit flow is taking a beating right now. See: OAuth 2.0 Security Best Current Practice https://tools.ietf.org/html/draft-ietf-oauth-security-topics-10 and OAuth 2.0 for Browser-Based Apps https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-01

  Los Angeles, California • 52°F

  Thu, Dec 6, 2018 11:49pm +00:00 (liked on Thu, Dec 6, 2018 5:03pm -08:00) #OAuth
• NFC Card Emulation with ACR122u(PN532) (salmg.net)

  Sun, Dec 2, 2018 3:04pm -08:00 #nfc #security #oauth