Aaron Parecki

68°F

#oauth

Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

Portland, Oregon

Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

Spring Live Conference

Mar

19

Mar

20

March 19-20, 2020

Online

permalink #oauth
The first draft of OAuth 2.1 is out! Thanks so much to @tlodderstedt and @DickHardt for their work on this!

https://aaronparecki.com/2020/03/11/14/oauth-2-1

Portland, Oregon • 54°F

61 likes 27 reposts 2 replies 1 mention

Wed, Mar 11, 2020 5:32pm -07:00 #oauth
OAuth WG

First Draft of OAuth 2.1

I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.
continue reading...

61 likes 27 reposts 2 replies 4 mentions

Wed, Mar 11, 2020 5:22pm -07:00 #oauth #oauth2 #ietf #oauth21
Apple Relaxes Sign in with Apple Guidelines - Dick Hardt - Medium (medium.com)

Sun, Mar 8, 2020 9:23am -07:00 #apple #oauth
Alexander Clouter / oauth2-worker · GitLab (gitlab.com)

Thu, Mar 5, 2020 6:37pm -06:00 #oauth #javascript #spa
The second video in my "OAuth in Five Minutes" series is up!

🎥 "What's the difference between confidential and public clients?"

https://www.youtube.com/watch?v=5cQNwifDq1U

Portland, Oregon • 54°F

20 likes 6 reposts 2 replies

Thu, Feb 27, 2020 12:47pm -08:00 #oauth #video #okta #oktadev
OAuth WG

Implicit flow in the Security BCP draft -14

Hi all, I'm reading through the latest draft of the Security BCP, and
continue reading...

Wed, Feb 12, 2020 3:43pm -08:00 #oauth #ietf #implicit
Dr. Fett https://twitter.com/dfett42

Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00) #OAuth #Security
Hands-On Introduction to OAuth 2.0

Feb

3

February 3, 2020 11:00am - 2:00pm (-0800)
O'Reilly Webinar

permalink #oauth #oreilly #webinar
@github any update on when users will be able to edit OAuth scopes?

This page says it's coming in the future https://developer.github.com/v3/guides/basics-of-authentication/#checking-granted-scopes

This page says it's currently possible https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#requested-scopes-and-granted-scopes

I tried a test case and it doesn't appear to be live yet.

1 like 1 repost 1 reply

Fri, Jan 24, 2020 8:32am -08:00 #oauth #github #scope
Hardening Refresh Tokens (leastprivilege.com)

Wed, Jan 22, 2020 6:49am -08:00 #oauth #security
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 https://youtu.be/KT8ybowdyr0

Portland, Oregon, USA • 44°F

8 likes 3 reposts 2 replies 2 mentions

Tue, Jan 21, 2020 7:52am -08:00 #oauth #okta
oh no, please tell me this help article from Facebook is just way out of date...

https://www.facebook.com/help/249817848463304

"Why am I being asked to enter my email login information while trying to reset my Facebook password?"

They can't still be doing this, right?

Portland, Oregon • 43°F

3 likes 1 reply

Fri, Jan 17, 2020 2:46pm -08:00 #facebook #oauth #security
I often talk about the tradeoffs between local and remote access token validation in my OAuth presentations. This blog post by my coworker is a nice demonstration of that in PHP! https://developer.okta.com/blog/2020/01/15/protecting-a-php-api-with-oauth

Portland, Oregon • 42°F

1 like 2 reposts

Fri, Jan 17, 2020 1:21pm -08:00 #oauth #php
I'm working on a 2020 revision to my book, OAuth 2.0 Simplified!

https://oauth2simplified.com

If you find a typo or other error that I am not already aware of, I will send you an OAuth cat sticker! Send me an email or DM with details if you find something!

Portland, Oregon • 37°F

40 likes 13 reposts 1 reply

Tue, Jan 14, 2020 10:54am -08:00 #oauth
Vladimir Dzhuvinov https://twitter.com/dzhuvi

#OAuth 2.1 - time to consolidate the patchwork of specs and BCPs into one clean RFC, with all deprecated stuff removed?

Portland, Oregon • 43°F

Tue, Dec 17, 2019 5:45pm +00:00 (liked on Tue, Dec 17, 2019 2:35pm -08:00) #OAuth
Florian Weil https://twitter.com/derhess

Again a great webinar by @aaronpk about protecting your #api with #oauth https://youtu.be/8c1SOuO4mPc #webdev #auth #security #identity #coding

Portland, Oregon • 40°F

Sun, Dec 15, 2019 2:49pm +00:00 (liked on Sun, Dec 15, 2019 8:14am -08:00) #api #oauth #webdev #auth #security #identity #coding
Matt Raible https://twitter.com/mraible

OAuth's implicit flow was created before browsers supported CORS. Let's deprecate it!

Auth code flow + PKCE is the future. Cheers to #OAuth 2.1. 🎉🍻

Portland, Oregon • 48°F

Fri, Dec 13, 2019 7:04pm +00:00 (liked on Fri, Dec 13, 2019 11:04am -08:00) #OAuth
Some more info on OAuth 2.1 from the @oktadev blog:

OAuth 2.1: How many RFCs does it take to change a light bulb?

https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs

Portland, Oregon • 46°F

31 likes 5 reposts 7 replies 2 mentions

Fri, Dec 13, 2019 10:29am -08:00 #oauth #oauth2
Thomas Vitale https://twitter.com/vitalethomas

OAuth 2.1 - “There should be no need to document the most secure way to implement OAuth, since that should be the only option available when you read the spec.” #OAuth #AuthZ #AppSec @aaronpk https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1

Portland, Oregon • 43°F

Fri, Dec 13, 2019 4:09pm +00:00 (liked on Fri, Dec 13, 2019 8:10am -08:00) #OAuth #AuthZ #AppSec

older