Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• Hands-On Introduction to OAuth 2.0

  Oct

  14

  October 14, 2019 9:00am - 12:00pm (-0700)

  O'Reilly Webinar

  permalink #oauth #oreilly
• Ricky Mondello https://twitter.com/rmondello   •   Oct 4

  Yes, and one of my goals is to, while adhering to Apple’s business practices and style, get involved where I can. I’d really appreciate it if you could publicly or privately let me know about venues you think would be relevant to my team.
  

  Yes, come to the next Internet Identity Workshop, or even the next OAuth group's meeting! (November in Singapore) We would all gladly welcome any engagement by Apple in this space!

  Portland, Oregon • 63°F

  1 like 1 repost

  Sun, Oct 6, 2019 1:11pm -07:00 #oauth #apple
• Amsterdam (AMS) to Frankfurt (FRA)

  October 3, 2019 from 10:05am to 11:10am (+0200)

  Lufthansa Flight 987

  Frankfurt (FRA) to Chicago (ORD)

  October 3, 2019 from 1:35pm (+0200) to 3:50pm (-0500)

  United Flight 906

  Chicago (ORD) to Portland (PDX)

  October 3, 2019 from 7:45pm (-0500) to 10:16pm (-0700)

  United Flight 518

  

  Portland Intl in Portland

  1 mention

  permalink #oauth #indiewebcamp #viewsourceconf
• A Look at OAuth 2.0 (lostindetails.com)

  Thu, Oct 3, 2019 8:40am +02:00 #oauth
• 

  If you missed my talk from @APIdaysAU last month, I just posted the video online!
  
  Securing Your APIs with #OAuth 2.0: https://youtu.be/PfvSD6MmEmQ

  Amsterdam, Noord-Holland, NLD • 63°F

  13 likes 2 reposts 2 mentions

  Tue, Oct 1, 2019 1:58pm +02:00 #oauth #apidays #apidaysau #oauth2
• View Source Conference

  Sep

  30

  Oct

  1

  September 30 through October 1, 2019
  

  Amsterdam Theater

  Amsterdam, Noord-Holland, NL

  1 mention

  permalink #viewsourceconf #oauth
• OAuth WG

  New OAuth for Browser-Based Apps draft -04

  Hi all,

  continue reading...

  Thu, Sep 26, 2019 3:45pm +02:00 #oauth
• IndieWebCamp and View Source Conference

  Sep

  25

  Oct

  3

  September 25 through October 3, 2019
  9 days

  Amsterdam

  Amsterdam, North Holland, NL

  permalink #indiewebcamp #oauth #viewsourceconf
• Portland (PDX) to Chicago (ORD)

  September 25, 2019 from 6:52am (-0700) to 12:46pm (-0500)

  United Flight 228

  Chicago (ORD) to Frankfurt (FRA)

  September 25, 2019 at 2:30pm (-0500) until Sep 26 at 5:55am (+0200)

  United Flight 944

  

  Frankfurt Main in Frankfurt

  1 mention

  permalink #oauth #indiewebcamp #viewsourceconf
• Torsten Lodderstedt https://twitter.com/tlodderstedt

  Inspired by psd2 & open banking I just published two drafts defining OAuth extensions for a simple and secure way to support complex, fine-grained authorization data https://medium.com/oauth-2/rich-oauth-2-0-authorization-requests-87870e263ecb
  @__b_c @davidgtonge @_panva @_nat_en @justin__richer
  #psd2 #oauth #OpenBanking

  United Flight 99 MEL to LAX

  Sat, Sep 21, 2019 6:54pm +00:00 (liked on Sun, Sep 22, 2019 7:41am +00:00) #psd2 #oauth #OpenBanking
• Archive (mailarchive.ietf.org)

  Sun, Sep 22, 2019 6:47am +00:00 #oauth #implicit
• 

  I'll be giving a talk at @APIDaysAU at 1:30pm today! "Securing your APIs with OAuth".
  
  There will be cats, because I know OAuth can be scary at times.
  
  https://www.apidays.co/melbourne

  Melbourne, Victoria, AUS • 74°F

  7 likes 1 repost

  Fri, Sep 20, 2019 11:59am +10:00 #oauth
• Securing Your APIs with OAuth 2.0

  Sep

  19

  September 19, 2019 1:30pm - 2:00pm (+1000)

  API Days Melbourne

  API Days Melbourne

  View Slides

  Watch Video

  permalink #oauth #api #oktadev #security
• e-sushi https://twitter.com/originalesushi

  Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!

  

  Sydney, New South Wales • 52°F

  Sun, Mar 31, 2019 11:27pm +00:00 (liked on Tue, Sep 17, 2019 12:04pm +10:00) #infosec #facebook #oauth #security
• Amateur Slacker https://twitter.com/noop_noob   •   Aug 26

  "The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)"
  
  from https://developers.google.com/identity/protocols/OAuth2
  
  I'm confused.
  

  Good find... that is a really confusing sentence. I'm going to try to track that down and see if they can remove it.

  Portland, Oregon, USA

  1 like 2 replies

  Mon, Aug 26, 2019 2:31pm -07:00 #oauth
• Sign In with Apple - Apple Forums (forums.developer.apple.com)

  Fri, Aug 23, 2019 11:45am -07:00 #apple #appleid #oauth #okta
• Sébastien LM https://twitter.com/slemarchand

  Many thanks to @oktadev and @aaronpk for the book "OAuth 2.0 Simplified" #OAuth #Contest

  

  Portland, Oregon

  Wed, Aug 21, 2019 6:42pm +00:00 (liked on Thu, Aug 22, 2019 6:55am -07:00) #OAuth #Contest
• Heather Downing https://twitter.com/quorralyne

  Had a great time auditing @aaronpk's #OAuth & #OIDC workshop today. We have such knowledgeable people on the Dev Advocate team at @oktadev 🥰

  

  Portland, Oregon

  Tue, Aug 20, 2019 1:15am +00:00 (liked on Mon, Aug 19, 2019 8:26pm -07:00) #OAuth #OIDC
• 

  Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.
  
  https://twitter.com/atomicbird/status/1163478833326108673

  Santa Ana, California, USA

  18 likes 9 reposts 6 replies

  Mon, Aug 19, 2019 2:29pm -07:00 #apple #oauth #openid #oidc
• 

  :sigh: another day, another website that hardcodes their @oauth_2 client secret in JavaScript 🤦‍♂️

  Oregon City, Oregon, USA

  10 likes 4 replies

  Thu, Aug 1, 2019 10:36am -07:00 #oauth