Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• Wurreka https://twitter.com/wurreka

  As a member of the IETF OAuth Working Group, @aaronpk covers the latest best practices around #OAuth security. Join him LIVE at #GIDS #WEB Thu, 01st Oct, as he examines a few recent high-profile #WebSecurity breaches & discusses how they relate to OAuth: https://www.wurreka.com/ict/virtual-conference/web/session/hacking-oauth

  Portland, Oregon • 73°F

  Thu, Sep 17, 2020 12:30am +00:00 (liked on Wed, Sep 16, 2020 5:30pm -07:00) #OAuth #GIDS #WEB #WebSecurity
• What's New in OAuth and OpenID Connect

  Sep

  16

  September 16, 2020 11:20am - 11:50am (+1000)

  Online

  API Days Live Australia

  View Slides

  permalink #apidays #security #oauth #openid
• API Days Live Australia

  Sep

  14

  Sep

  15

  Sep

  16

  September 14-16, 2020
  3 days

  Online

  permalink #apidays #oauth #security
• Alexander Clouter / oauth2-worker · GitLab (gitlab.com)

  Fri, Sep 4, 2020 2:23pm -07:00 #oauth #spa #oauth2
• How to Think About OAuth Security

  Sep

  2

  September 2, 2020 11:00am - 11:45am (-0700)

  Online

  Disclosure

  View Slides

  permalink #oauth #security
• Disclosure

  Sep

  2

  September 2, 2020 9:00am - 6:00pm (-0700)

  Online

  permalink #okta #oauth #security
• 

  I'm giving a talk about OAuth security at #DisclosureConf tomorrow! It's not too late to register! https://developer.okta.com/blog/2020/09/01/aaron-parecki-disclosure-conf-2020

  Portland, Oregon • 71°F

  9 likes 5 reposts 1 reply 1 mention

  Tue, Sep 1, 2020 8:33am -07:00 #security #oauth #disclosureconf
• What's New in OAuth 2.1

  Aug

  19

  August 19, 2020 10:50am - 11:15am (+0800)

  Online

  API Days Live Singapore

  permalink #oauth #openid #security #apidays
• API Days Live Singapore

  Aug

  18

  Aug

  19

  Aug

  20

  August 18-20, 2020
  3 days

  Online

  permalink #apidays #oauth #security
• OktaDev https://twitter.com/oktadev

  Okta now has first-class support for Sign in with Apple! 🍎 Follow this guide to configure Apple as an external IdP in your Okta Developer account! 🚀 https://developer.okta.com/docs/guides/add-an-external-idp/apple/create-an-app-at-idp/ #OAuth #OIDC

  Portland, Oregon • 64°F

  Wed, Aug 12, 2020 6:44pm +00:00 (liked on Wed, Aug 12, 2020 11:46am -07:00) #OAuth #OIDC
• Connect2id https://twitter.com/connect2id

  We set out to give an overview of #OAuth 2.1, for developers already familiar with OAuth 2.0 as well as newcomers @DickHardt @aaronpk @tlodderstedt http://c2id.co/8q

  

  Portland, Oregon • 61°F

  Thu, Aug 6, 2020 6:03pm +00:00 (liked on Thu, Aug 6, 2020 11:16am -07:00) #OAuth
• Least privilege with less effort: Macaroon access tokens in AM 7.0 – Neil Madden (neilmadden.blog)

  "The only problem was it turned out that even if you did have the secret key you often couldn’t use the token either, because it was just too hard to get request signing to work reliably. Some brave souls periodically try and revive this idea."

  Thu, Jul 30, 2020 10:54am -07:00 #oauth #signing
• 

  OAuth 2.1 has officially been adopted by the IETF OAuth working group! 🎉
  
  https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
  
  I'll be chatting about this and many other updates from last week's security workshop today during OAuth Happy Hour! Join me and bring your questions!
  
  https://www.youtube.com/watch?v=sUEBatNmsbY

  Portland, Oregon • 71°F

  36 likes 11 reposts 3 replies 1 mention

  Thu, Jul 30, 2020 8:51am -07:00 #oauth
• Blort™ (Unofficial) 🚫 https://social.tchncs.de/@Blort   •   Jul 25

  @aaronpk
  So, have you heard of any progress on the horizon towards a self hostable identity/authorization login service yet?

  Still waiting for the day that logging into another Fediverse service is as easy as logging into a new website with Facebook...(or at least that we can see progress towards something like it...) #Mozilla #Persona looked good. Not sure if #ReclaimID is going anywhere. I'd love to hear about it if something is moving forward somewhere...

  (Not sure if #Oauth related or not)
  

  I'm doing a talk at #APConf about exactly this... how the fediverse can use #OAuth to achieve exactly this goal! https://conf.activitypub.rocks/

  Portland, Oregon • 67°F

  Fri, Jul 24, 2020 8:00pm -07:00 #apconf #oauth
• 

  Shoutout to the #osw2020 organizers for putting together an extremely successful virtual event! 🎉 Even if it did mean I had to be awake and on camera by 5am the last three days. 😴 Still had a great bunch of #OAuth discussions!

  Portland, Oregon • 70°F

  10 likes 1 repost 1 reply

  Fri, Jul 24, 2020 3:05pm -07:00 #osw2020 #oauth
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  OAuth 2.1 becomes the simpler & more secure #OAuth. A bunch of existing RFCs and drafts roll into one, so easier to follow too. Presented by @aaronpk at the #osw2020

  

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 2:57pm +00:00 (liked on Wed, Jul 22, 2020 8:16am -07:00) #OAuth #osw2020
• OAuth 2.1

  Jul

  22

  July 22, 2020 7:30am - 8:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• 

  My view today for the OAuth Security Workshop! #osw2020

  

  Portland, Oregon • 64°F

  17 likes 2 reposts 2 replies

  Wed, Jul 22, 2020 6:31am -07:00 #oauth #osw2020
• Protecting Single-Page Apps using OAuth

  Jul

  22

  July 22, 2020 5:30am - 6:00am (-0700)

  Online

  OAuth Security Workshop

  View Slides

  permalink #oauth #security
• Vladimir Dzhuvinov 🇪🇺 🇧🇬 https://twitter.com/dzhuvi

  Today @aaronpk will be presenting #OAuth 2.1. The core OAuth grants are getting consolidated, security gets hardened with PKCE #osw2020 https://barcamptools.eu/oauth-security-workshop-2020/events/0d0423b6-5924-4e6f-8b3b-63edbbe0ae59/oauth_2_1

  Portland, Oregon • 64°F

  Wed, Jul 22, 2020 8:56am +00:00 (liked on Wed, Jul 22, 2020 4:52am -07:00) #OAuth #osw2020