Aaron Parecki

#oauth

Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

Portland, Oregon

Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

Alright, if you are curious about "Sign In with Apple," I walk through exactly how it works and what it looks like in this post.

https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple

#WWDC19 #OAuth #AppleID

Portland, Oregon, USA

98 likes 46 reposts 4 replies 5 mentions

Tue, Jun 4, 2019 12:43pm -07:00 #wwdc19 #oauth #appleid
Chris https://mrkapowski.com/

Aaron already has an example of Sign-in With Apple up and running, because of course he has 👍

Portland, Oregon

Tue, Jun 4, 2019 9:25am +01:00 (liked on Tue, Jun 4, 2019 6:16am -07:00) #apple #oauth #open-source #signin with apple
Reading all these tweets of people freaking out about Apple requiring apps to use "Sign In with Apple" and feeling another "authentication is not authorization" rant coming. Lots of misunderstanding of sign-in vs accessing APIs. #WWDC19 #OAuth

Portland, Oregon, USA

7 likes 2 reposts 2 replies 1 mention

Mon, Jun 3, 2019 9:12pm -07:00 #wwdc19 #oauth
Initial test of the "Sign in with Apple" API:

• It's more or less based on OAuth + OIDC
• Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
• The `sub` claim includes some sort of unique user identifier, not an email

Portland, Oregon, USA

74 likes 23 reposts 8 replies

Mon, Jun 3, 2019 2:21pm -07:00 #oauth
Well this is exciting. 🍎🔐 #AppleID #OAuth #WWDC2019 #WWDC

Portland, Oregon, USA

9 likes 1 repost 2 replies

Mon, Jun 3, 2019 1:38pm -07:00 #appleid #oauth #wwdc2019 #wwdc
at The Rec Room

Toronto, ON, Canada • Tue, May 28, 2019 11:00am

43.64111 -79.386763

Setting up for my talk today! #okta #oauth

Toronto, ON, Canada

78 Coins

Tue, May 28, 2019 11:00am -04:00 #okta #oauth
To anyone who thought partial redirect URL matching in @OAuth_2 is "good enough," read this thread. Complete Periscope account takeover just by viewing a tweet. https://hackerone.com/reports/110293 #oauth

Toronto, Ontario, CAN

13 likes 6 reposts 2 replies

Mon, May 27, 2019 4:54pm -04:00 #oauth
If you're in Toronto you should come to my #OAuth talk tomorrow! 🔐 https://regionalevents.okta.com/oktaapiworkshoptoronto

We'll have food and drinks, and we're giving copies of my book to everyone who attends! 📚

Toronto, Ontario, CAN

9 likes 1 repost 2 replies

Mon, May 27, 2019 3:46pm -04:00 #oauth
Ready to head home after a fun week of #IndieWebCamp, #BTConf, #a11yClub, and teaching two #OAuth workshops. ⁣
⁣Thanks so much to everyone who helped make all of that happen!
⁣
⁣Had a great time back in Düsseldorf and looking forward to coming back next year! ⁣
⁣#travel #condor #lufthansa #longhaulflight #frankfurtairport

Frankfurt Airport in Frankfurt am Main, Hessen, DEU

beyondtellerrand.com indieweb.org

26 likes 2 replies

Thu, May 16, 2019 10:50am +02:00 #indiewebcamp #btconf #a11yclub #oauth #travel #condor #lufthansa #longhaulflight #frankfurtairport
Duesseldorf (DUS) to Frankfurt (FRA)

May 16, 2019 from 8:35am to 9:25am (+0200)

Lufthansa Flight 075

Frankfurt (FRA) to Portland (PDX)

May 16, 2019 from 11:45am (+0200) to 1:40pm (-0700)

Condor Flight 2090

Portland Intl in Portland

1 mention

permalink #indiewebcamp #oauth
OAuth 2.0 Workshop

May

15

May 15, 2019 10:00am - 2:00pm (+0200)

trivago N.V.

Düsseldorf, Nordrhein-Westfalen, DE

1 mention

permalink #oauth #oktadev
Validating OAuth 2.0 Access Tokens with NGINX and NGINX Plus - NGINX (www.nginx.com)

Tue, May 14, 2019 4:12pm +02:00 #nginx #oauth
Portland (PDX) to Frankfurt (FRA)

May 9, 2019 at 3:35pm (-0700) until May 10 at 11:10am (+0200)

Condor Flight 2091

Frankfurt (FRA) to Duesseldorf (DUS)

May 10, 2019 from 1:05pm to 1:55pm (+0200)

Lufthansa Flight 078

Dusseldorf in Duesseldorf

1 mention

permalink #indiewebcamp #oauth
Düsseldorf

May

9

May

…

May

16

May 9-16, 2019
8 days

Düsseldorf

Düsseldorf, North Rhine-Westphalia, DE

permalink #indiewebcamp #oauth #btconf #okta
San Jose (SJC) to Portland (PDX)

May 2, 2019 from 6:00pm to 7:45pm (-0700)

Alaska Flight 309

Portland Intl in Portland

1 mention

permalink #okta #oauth #iiw
Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now:

✅ good random number generators
✅ secure hashing functions

Just missing a good base64 encoding function. (Check out the ugly hack in the post.)

https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead#begin-the-pkce-request

Mountain View, California, USA • 49°F

5 likes 1 repost 5 replies

Thu, May 2, 2019 8:25am -07:00 #oauth #javascript #pkce
Just in time for #iiw I published a blog post: "Is the OAuth 2.0 Implicit Flow Dead?" https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead

Mountain View, California, USA • 49°F

18 likes 9 reposts 6 replies

Wed, May 1, 2019 9:30am -07:00 #oauth #iiw
Portland (PDX) to San Francisco (SFO)

May 1, 2019 from 6:00am to 7:50am (-0700)

Alaska Flight 1264

San Francisco Intl in San Francisco

1 mention

permalink #okta #iiw #oauth
Internet Identity Workshop 28

Apr

30

May

2

April 30 through May 2, 2019
3 days

Computer History Museum

Mountain View, California, US

permalink #oauth #iiw #okta
#110293 Insufficient OAuth callback validation which leads to Periscope account takeover (hackerone.com)

Fri, Apr 12, 2019 11:37pm -07:00 #oauth #twitter #security

older