Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• What's New with OAuth and OpenID Connect?

  Apr

  1

  April 1, 2020 12:00pm - 1:00pm (-0700)

  Online

  Oktane20 Live

  View Slides

  Watch Video

  permalink #oauth #oidc #oktane #oktane20
• Oktane20

  Apr

  1

  Apr

  2

  April 1-2, 2020
  

  Online

  

  permalink #okta #oktane #oktane20 #oauth
• 

  Just published a talk I gave at a virtual conference: How to Hack OAuth
  
  It's been fun to be able to "speak" at conferences in a highly edited format instead of winging it on stage! I hope it's more fun to watch as a viewer too!
  
  https://www.youtube.com/watch?v=aU9RsE4fcRM

  Portland, Oregon • 42°F

  23 likes 4 reposts 1 mention

  Tue, Mar 31, 2020 11:16am -07:00 #oktadev #oauth
• IETF 107

  Mar

  21

  Mar

  …

  Mar

  27

  March 21-27, 2020
  7 days

  Vancouver

  Vancouver, British Columbia, CA

  permalink #ietf #ietf107 #oauth #gnap
• How to Hack OAuth

  Mar

  20

  March 20, 2020 6:35am - 7:05am (-0700)

  Online

  Spring Live

  View Slides

  Watch Video

  permalink #oauth
• 

  Going live in about an hour at Spring Live, doing a talk on how to hack OAuth!
  
  Join here ➡️ https://connect.tanzu.vmware.com/Spring_Live.html
  
  Welcome to the new world of virtual conferences!

  

  Portland, Oregon • 53°F

  8 likes 3 reposts 2 replies 1 mention

  Fri, Mar 20, 2020 5:54am -07:00 #oauth
• Spring Live Conference

  Mar

  19

  Mar

  20

  March 19-20, 2020
  

  Online

  permalink #oauth
• 

  The first draft of OAuth 2.1 is out! Thanks so much to @tlodderstedt and @DickHardt for their work on this!
  
  https://aaronparecki.com/2020/03/11/14/oauth-2-1

  Portland, Oregon • 54°F

  61 likes 27 reposts 2 replies 1 mention

  Wed, Mar 11, 2020 5:32pm -07:00 #oauth
• OAuth WG

  First Draft of OAuth 2.1

  I'm happy to share that Dick and Torsten and I have published a first draft of OAuth 2.1. We've taken the feedback from the discussions on the list and incorporated that into the draft.

  continue reading...

  61 likes 27 reposts 2 replies 4 mentions

  Wed, Mar 11, 2020 5:22pm -07:00 #oauth #oauth2 #ietf #oauth21
• Apple Relaxes Sign in with Apple Guidelines - Dick Hardt - Medium (medium.com)

  Sun, Mar 8, 2020 9:23am -07:00 #apple #oauth
• Alexander Clouter / oauth2-worker · GitLab (gitlab.com)

  Thu, Mar 5, 2020 6:37pm -06:00 #oauth #javascript #spa
• 

  The second video in my "OAuth in Five Minutes" series is up!
  
  🎥 "What's the difference between confidential and public clients?"
  
  https://www.youtube.com/watch?v=5cQNwifDq1U

  Portland, Oregon • 54°F

  20 likes 6 reposts 2 replies

  Thu, Feb 27, 2020 12:47pm -08:00 #oauth #video #okta #oktadev
• OAuth WG

  Implicit flow in the Security BCP draft -14

  Hi all, I'm reading through the latest draft of the Security BCP, and

  continue reading...

  Wed, Feb 12, 2020 3:43pm -08:00 #oauth #ietf #implicit
• Dr. Fett https://twitter.com/dfett42

  Version -14 of the #OAuth 2.0 #Security Best Current Practices Draft is out! https://tools.ietf.org/html/draft-ietf-oauth-security-topics-14

  Alaska Flight 386 PDX to SFO in Albany, Oregon • 43°F

  Mon, Feb 10, 2020 6:44pm +00:00 (liked on Mon, Feb 10, 2020 5:49pm -08:00) #OAuth #Security
• Hands-On Introduction to OAuth 2.0

  Feb

  3

  February 3, 2020 11:00am - 2:00pm (-0800)

  O'Reilly Webinar

  permalink #oauth #oreilly #webinar
• 

  @github any update on when users will be able to edit OAuth scopes?
  
  This page says it's coming in the future https://developer.github.com/v3/guides/basics-of-authentication/#checking-granted-scopes
  
  This page says it's currently possible https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#requested-scopes-and-granted-scopes
  
  I tried a test case and it doesn't appear to be live yet.

  1 like 1 repost 1 reply

  Fri, Jan 24, 2020 8:32am -08:00 #oauth #github #scope
• Hardening Refresh Tokens (leastprivilege.com)

  Wed, Jan 22, 2020 6:49am -08:00 #oauth #security
• 

  Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 https://youtu.be/KT8ybowdyr0

  Portland, Oregon, USA • 44°F

  8 likes 3 reposts 2 replies 2 mentions

  Tue, Jan 21, 2020 7:52am -08:00 #oauth #okta
• 

  oh no, please tell me this help article from Facebook is just way out of date...
  
  https://www.facebook.com/help/249817848463304
  
  "Why am I being asked to enter my email login information while trying to reset my Facebook password?"
  
  They can't still be doing this, right?

  Portland, Oregon • 43°F

  3 likes 1 reply

  Fri, Jan 17, 2020 2:46pm -08:00 #facebook #oauth #security
• 

  I often talk about the tradeoffs between local and remote access token validation in my OAuth presentations. This blog post by my coworker is a nice demonstration of that in PHP! https://developer.okta.com/blog/2020/01/15/protecting-a-php-api-with-oauth

  Portland, Oregon • 42°F

  1 like 2 reposts

  Fri, Jan 17, 2020 1:21pm -08:00 #oauth #php