Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• 

  Shoutout to the #osw2020 organizers for putting together an extremely successful virtual event! 🎉 Even if it did mean I had to be awake and on camera by 5am the last three days. 😴 Still had a great bunch of #OAuth discussions!

  Portland, Oregon • 70°F

  10 likes 1 repost 1 reply

  Fri, Jul 24, 2020 3:05pm -07:00 #osw2020 #oauth
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  OAuth 2.1 becomes the simpler & more secure #OAuth. A bunch of existing RFCs and drafts roll into one, so easier to follow too. Presented by @aaronpk at the #osw2020

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:57pm +00:00 (liked on Wed, Jul 22, 2020 8:16am -07:00) #OAuth #osw2020
• OAuth 2.1

  Jul

  22

  July 22, 2020 7:30am - 8:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• 

  My view today for the OAuth Security Workshop! #osw2020

  

  Portland, Oregon • 64°F

  17 likes 2 reposts 2 replies

  Wed, Jul 22, 2020 6:31am -07:00 #oauth #osw2020
• Protecting Single-Page Apps using OAuth

  Jul

  22

  July 22, 2020 5:30am - 6:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  Today @aaronpk will be presenting #OAuth 2.1. The core OAuth grants are getting consolidated, security gets hardened with PKCE #osw2020 https://barcamptools.eu/oauth-security-workshop-2020/events/0d0423b6-5924-4e6f-8b3b-63edbbe0ae59/oauth_2_1

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 8:56am +00:00 (liked on Wed, Jul 22, 2020 4:52am -07:00) #OAuth #osw2020
• OAuth Security Workshop

  Jul

  22

  Jul

  23

  Jul

  24

  July 22-24, 2020
  3 days

  Scandic Nidelven

  Trondheim, Trøndelag, NOR

  permalink #oauth #okta
• 

  I'm going live with @afitnerd in 5 minutes to talk about OAuth, online security, and also chat about yesterday's massive #TwitterHack! Join us, and bring your OAuth questions! https://youtu.be/dJl5wNAPm-w

  Portland, Oregon, USA

  3 likes 1 repost

  Thu, Jul 16, 2020 12:55pm -07:00 #oauth #twitter #security #twitterhack
• An offensive guide to the Authorization Code grant (postvidia.com)

  Tue, Jul 14, 2020 4:58pm -07:00 #oauth #security
• The State of OAuth

  Jun

  30

  June 30, 2020 10:20am - 10:45am (-0700)

  Online

  Interface by API Days

  View Slides

  permalink #oauth
• 

  I'm going live in 10 minutes talking about the State of OAuth at @APIDaysGlobal!
  
  Register for free → https://www.apidays.co/interface

  Portland, Oregon • 63°F

  5 likes 1 repost

  Tue, Jun 30, 2020 10:09am -07:00 #oauth
• Why AnyList Won’t Be Supporting Sign In with Apple - AnyList Blog (blog.anylist.com)

  Mon, Jun 29, 2020 9:21pm -07:00 #apple #oauth
• 

  sneak peek of an image I made for a talk tomorrow
  
  can you guess what it's about?

  

  Portland, Oregon • 73°F

  14 likes 1 repost 10 replies

  Mon, Jun 29, 2020 6:37pm -07:00 #oauth #gollum
• Interface by API Days

  Jun

  30

  Jul

  1

  June 30 through July 1, 2020
  

  Online

  permalink #apidays #oauth

• The Real Cause of the Sign In with Apple Zero-Day

  

  The zero-day bug in Sign In with Apple actually had nothing to do with the OAuth or OpenID Connect part of the Sign In with Apple exchange, and very little to do even with JWTs. Let's take a closer look to see what actually happened.

  continue reading...

  37 likes 19 reposts 1 bookmark 9 replies 25 mentions

  Sun, May 31, 2020 1:49pm -07:00 #oauth #oidc #apple #siwa #security #zeroday
• 

  Going live with @afitnerd in 10 minutes to talk about all things #OAuth and OpenID Connect! I think we might even have a demo of a pretty sneaky attack to show off!
  
  https://youtu.be/moQidjdV5cw

  Portland, Oregon • 56°F

  2 likes 2 reposts

  Thu, May 21, 2020 12:49pm -07:00 #oauth #oidc
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  Mon, May 18, 2020 4:04pm -07:00 #oauth #security #pkce #openid #nonce
• The Wondeful World of OAuth: Bug Bounty Edition - A Bug’z Life - Medium (medium.com)

  Sun, May 17, 2020 10:39pm -07:00 #oauth #security
• 

  About to go live at another #OAuth Happy Hour! We'll be talking about security, sharing the latest updates from the last IETF meeting, and answering your OAuth questions!
  
  https://youtu.be/E4msDjZMRZc

  Portland, Oregon • 56°F

  2 likes

  Thu, May 14, 2020 12:49pm -07:00 #oauth
• Why avoiding LocalStorage for tokens is the wrong solution (pragmaticwebsecurity.com)

  Mon, May 11, 2020 3:34pm -07:00 #oauth #xss #localstorage #security