Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• IRC × OAuth 2.0 · emersion (emersion.fr)

  Tue, Sep 13, 2022 10:19am -07:00 #oauth
• Aaron Parecki https://aaronparecki.com/   •   Aug 23

  The way I like to think about it is:
  
  If the client knows when the AT will (likely) expire, it can proactively refresh the token.
  
  There is nothing the client can do differently if it knows when the RT will (likely) expire.
  

  Yes, the client needs to be able to handle unexpected expiration of both the AT and RT, which tbh is more an argument that the AS should never return expires_in than an argument that it should return it for both tokens.

  Seattle, Washington, USA • 79°F

  1 like 1 reply

  Tue, Aug 23, 2022 4:49pm -07:00 #oauth
• Dan Moore https://twitter.com/mooreds

  A little #oauth #ietf existential humor to lighten your day, courtesy of @__b_c

  

  Portland, Oregon • 72°F

  Tue, Aug 23, 2022 4:44pm +00:00 (liked on Tue, Aug 23, 2022 10:42am -07:00) #oauth #ietf
• Let websites framebust out of native apps | Holovaty.com (www.holovaty.com)

  Sun, Aug 14, 2022 6:20am -07:00 #apps #security #oauth
• 

  Throwback to the OAuth WG dinner at #IETF114 in Philadelphia!
  
  Tag yourself if I missed you!
  
  @vibronet @timcappalli @__b_c @PieterKasselman @hpsin_ @selfissued @rifaat_sy and @kristinayasuda even tho she arrived just after this photo

  

  Portland, Oregon, USA • 73°F

  12 likes

  Fri, Aug 12, 2022 12:12pm -07:00 #ietf #oauth #ietf114
• 

  In case you needed a reminder about why we care so much about OAuth/OIDC flows being used in the system browser and not embedded browsers, Instagram injects their own tracking code in every web page you visit inside Instagram https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

  Austin, Texas, USA • 99°F

  53 likes 20 reposts 9 replies

  Wed, Aug 10, 2022 1:46pm -05:00 #instagram #oauth
• Dr. Fett https://twitter.com/dfett42

  I had a very productive week at #ietf114! Got a ton of things done esp. in #OAuth WG - SD-JWT went to call for adoption, security BCP advanced, and @__b_c pushed DPoP forward. Looking forward to London in November!

  Portland, Oregon • 67°F

  Mon, Aug 1, 2022 12:47pm +00:00 (liked on Mon, Aug 1, 2022 7:16am -07:00) #ietf114 #OAuth
• Philadelphia (PHL) to Seattle (SEA)

  July 29, 2022 from 6:20pm (-0400) to 9:20pm (-0700)

  Alaska Flight 23

  Seattle (SEA) to Portland (PDX)

  July 29, 2022 from 10:45pm to 11:37pm (-0700)

  Alaska Flight 239

  

  Portland Intl in Portland

  permalink #okta #oktadev #ietf #oauth
• Vittorio https://twitter.com/vibronet

  One of the #oauth sessions at #IETF114 I was looking forward to- @hpsin_ presenting on token theft as observed in @github

  

  Philadelphia, Pennsylvania • 87°F

  Mon, Jul 25, 2022 3:20pm +00:00 (liked on Mon, Jul 25, 2022 11:36am -04:00) #oauth #IETF114
• Vittorio https://twitter.com/vibronet

  Customary update about #OAuth 2.1 from @aaronpk - at #IETF114.
  Great progress!

  

  Philadelphia, Pennsylvania • 87°F

  Mon, Jul 25, 2022 2:58pm +00:00 (liked on Mon, Jul 25, 2022 11:18am -04:00) #OAuth #IETF114
• Vittorio https://twitter.com/vibronet

  The #IETF114 #oauth WG meeting is going to be a tour de force.
  I think I’ll have to rap thru the deck to make it in 10 - perhaps I can convince @__b_c to beatbox 😛

  

  Philadelphia, Pennsylvania • 97°F

  Sun, Jul 24, 2022 6:44pm +00:00 (liked on Sun, Jul 24, 2022 4:36pm -04:00) #IETF114 #oauth
• 

  Heading to Philly for #IETF114! Come find me and say hi! My agenda:
  
  Mon 10-12 OAuth WG
  Tue 10-11:30 OAuth Side Meeting
  Wed 10-11:30 OAuth Side Meeting
  Wed 2-3:30 SCIM Side Meeting
  Thu 10-12 GNAP WG
  Thu 2-3:30 OAuth Side Meeting
  Thu 4-5:30 SCIM Side Meeting
  Fri 12:30-2:30 SCIM WG

  Alaska Flight 32 SEA to PHL in Seattle, Washington, USA

  12 likes 2 reposts 1 reply

  Sat, Jul 23, 2022 2:48pm -05:00 #ietf #ietf114 #oauth #gnap #scim
• Portland (PDX) to Seattle (SEA)

  July 23, 2022 from 5:00am to 6:03am (-0700)

  Alaska Flight 240

  Seattle (SEA) to Philadelphia (PHL)

  July 23, 2022 from 8:55am (-0700) to 5:10pm (-0400)

  Alaska Flight 32

  

  Philadelphia Intl in Philadelphia

  permalink #okta #oktadev #ietf #oauth
• Vittorio https://twitter.com/vibronet

  The identity conferences density in Q2 is ridiculous- @secworkshop, @RSAConference, #EIC2022, @Identiverse - we owe you an update, bit time!
  Join @aaronpk and yours truly at our customary #OAuth Happy Hour to get a digest of the most salient news

  Tempe, Arizona • 109°F

  Wed, Jul 20, 2022 11:47pm +00:00 (liked on Wed, Jul 20, 2022 5:46pm -07:00) #EIC2022 #OAuth
• 

  I can't believe it's already been 3 months since @vibronet and I last hosted an OAuth Happy Hour! Join us tomorrow at 2:30 Pacific to catch up on all the news from the OAuth Security Workshop, #EIC2022, and Identiverse! https://youtu.be/A2l3yNmxOxA

  Tempe, Arizona, USA • 108°F

  10 likes 3 reposts 2 mentions

  Wed, Jul 20, 2022 4:07pm -07:00 #oauth #eic2022
• 

  Made a new illustration to use in my slide decks.
  
  I often talk about choosing where on the security vs usability dial you want your systems to be, so I figured it was time to have a visual for that.

  

  Houston, Texas, USA • 100°F

  20 likes 10 replies

  Tue, Jul 19, 2022 4:51pm -05:00 #security #oauth
• Auckland, New Zealand

  Jul

  1

  Jul

  …

  Jul

  13

  July 1-13, 2022
  13 days

  Auckland

  Auckland, Auckland, NZ

  permalink #owasp #oauth #okta #oktadev
• WTF OAuth https://twitter.com/wtf_oauth

  FAPI: the S stands for "secure" #identiverse #oauth

  Aurora, Colorado • 61°F

  Wed, Jun 22, 2022 5:39am +00:00 (liked on Tue, Jun 21, 2022 11:41pm -06:00) #identiverse #oauth
• The State of OAuth

  Jun

  21

  June 21, 2022 4:30pm - 4:55pm (-0600)

  Gaylord Rockies Resort & Convention Center

  Aurora, Colorado, US

  Identiverse 2022

  Watch Video

  permalink #oauth #identiverse
• 

  I'm excited to be here at #Identiverse to give an update on the State of OAuth! 👋 Just a couple hours from now! Come say hi!
  
  📅 Tues, June 21 - 4:30 pm - 4:55 pm MDT
  
  https://identiverse.com/idv2022/session/841427/

  

  Aurora, Colorado, USA • 77°F

  16 likes 1 repost

  Tue, Jun 21, 2022 2:58pm -06:00 #oauth #identiverse