Aaron Parecki

#oauth

• 

  Hi, I'm Aaron Parecki. I write about OAuth here, and I give talks about OAuth 2.0. Below you'll find my recent posts about various OAuth-related things, including talks I'm giving. I've also written two community resources about OAuth:

  OAuth 2.0 Simplified is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level.

  In 2017, I published a longer version of this guide as a book, available on oauth.com as well as a print version. The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with Okta.

  Portland, Oregon

  Sat, Feb 4, 2017 11:35am -08:00 #oauth #oauth2

• 

  It is 2023 and I am still having to explain the dangers of the OAuth Implicit Flow because I am still finding current documentation suggesting otherwise. Time to make another video to follow up on the one from 4 years ago?

  Portland, Oregon, USA • 77°F

  9 likes 1 repost 2 replies

  Wed, Jun 7, 2023 3:09pm -07:00 #oauth
• Las Vegas (LAS) to Portland (PDX)

  June 2, 2023 from 2:30pm to 4:49pm (-0700)

  Alaska Flight 683

  

  Portland Intl in Portland

  permalink #okta #identiverse #oauth #openid
• Identiverse 2023

  May

  30

  Jun

  2

  May 30 through June 2, 2023
  4 days

  ARIA Resort & Casino

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth #openid
• Portland (PDX) to Las Vegas (LAS)

  May 30, 2023 from 10:40am to 12:54pm (-0700)

  Alaska Flight 726

  

  Mc Carran Intl in Las Vegas

  permalink #identiverse #oauth #openid #okta
• Las Vegas

  May

  30

  Jun

  2

  May 30 through June 2, 2023
  4 days

  ARIA Resort & Casino

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth #openid
• OktaDev https://twitter.com/oktadev

  Join @aaronpk at @Identiverse to learn about all the latest developments in the #OAuth specs!
  
  📅 May 31, 2023
  ⏰ 11:05 am - 11:30 am
  
  🔗 https://tinyurl.com/identiverse2023

  

  Portland, Oregon • 59°F

  Mon, May 22, 2023 8:23pm +00:00 (liked on Mon, May 22, 2023 1:24pm -07:00) #OAuth
• 

  May the 4th be with you! Brand new OAuth shirts just launched: "I find your lack of security disturbing"
  
  Available in a variety of styles and also as a hacker hoodie!
  
  https://shop.oauth.net/listing/lack-of-security-disturbing?product=46

  

  Portland, Oregon, USA • 49°F

  12 likes 4 reposts 1 reply

  Thu, May 4, 2023 11:31am -07:00 #oauth #security
• 

  Tomorrow I’ll be speaking at the @OReillyMedia Security Superstream at 8AM PDT with host @ChloeMessdaghi
  
  Get up to speed on techniques & best practices related to OAuth and API security, the OWASP Top 10, & more! Register now: https://www.oreilly.com/live-events/security-superstream-application-security/0636920083707/0636920083706/
  
  https://infosec.exchange/@ChloeMessdaghi/110186693893045342

  Portland, Oregon, USA • 50°F

  5 likes 3 reposts

  Wed, Apr 12, 2023 5:28pm -07:00 #oreilly #oauth
• Tokyo (HND) to Dallas-Fort Worth (DFW)

  March 31, 2023 from 6:15pm (+0900) to 3:33pm (-0500)

  American Airlines Flight 176

  Dallas-Fort Worth (DFW) to Portland (PDX)

  March 31, 2023 from 5:07pm (-0500) to 7:17pm (-0700)

  American Airlines Flight 1986

  

  Portland Intl in Portland

  permalink #okta #oauth #ietf
• 

  Yet another reason why Token Exchange is dangerous 🤯😱
  
  "Bing is allowed to issue Office tokens for any logged-on user"
  
  https://twitter.com/hillai/status/1641146523990753290

  神奈川県, JPN

  13 likes 4 replies 1 mention

  Thu, Mar 30, 2023 9:54am +09:00 #security #oauth
• Vittorio https://twitter.com/vibronet

  Traditional 360° of the traditional #oauth dinner at #IETF, #IETF116 in particular :)
  
  Some random tags - @_nat_en @tlodderstedt @aaronpk @dfett42 @ve7jtb @n3rd1ty @justin__richer @josephheenan

  

  • 51°F

  Tue, Mar 28, 2023 9:28am +00:00 (liked on Wed, Mar 29, 2023 6:55am +09:00) #oauth #IETF #IETF116
• 

  First #ietf116 session of the day is #OAuth complete with custom SD-JWT t-shirts 😂
  
  @kristinayasuda @dfett42

  

  西区, 神奈川県, JPN • 48°F

  19 likes 6 reposts 4 mentions

  Tue, Mar 28, 2023 9:45am +09:00 #oauth #ietf116
• IETF 116 Yokohama

  Mar

  27

  Mar

  …

  Mar

  31

  March 27-31, 2023
  5 days

  InterContinental Yokohama Grand, an IHG Hotel

  Yokohama, Kanagawa, JP

  permalink #ietf #oauth #okta
• Japan

  Mar

  19

  Mar

  …

  Mar

  31

  March 19-31, 2023
  13 days

  Yokohama

  Yokohama, Kanagawa, JP

  permalink #ietf #oauth
• Portland (PDX) to San Francisco (SFO)

  March 19, 2023 from 8:00am to 9:50am (-0700)

  Alaska Flight 1110

  San Francisco (SFO) to Tokyo (HND)

  March 19, 2023 at 3:20pm (-0700) until Mar 20 at 6:45pm (+0900)

  JAL Flight 1

  

  Tokyo Intl in Tokyo

  permalink #okta #oauth #ietf

• OAuth Support in Bluesky and AT Protocol

  

  Bluesky, a new social media platform and AT Protocol, is unsurprisingly running up against the same challenges and limitations that Flickr, Twitter and many other social media platforms faced in the 2000s: passwords!

  continue reading...

  12 likes 1 repost 10 replies 2 mentions

  Thu, Mar 9, 2023 5:09pm -08:00 #oauth #indieauth #bluesky #atproto #indieweb #indieauth
• 

  another day, another account takeover caused by an open redirector and the OAuth Implicit flow 🫠
  
  https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com

  Portland, Oregon • 40°F

  14 likes 4 reposts 1 reply

  Thu, Mar 2, 2023 10:16am -08:00 #oauth #security
• 

  I've given many talks about how mobile apps can't be deployed with a secret, and using Twitter's 2013 "hacks" as an example. I'm just going to leave this completely unrelated string of random characters here for no particular reason
  
  GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

  Portland, Oregon, USA • 43°F

  100 likes 52 reposts 10 replies

  Thu, Feb 2, 2023 8:12pm -08:00 #twitter #oauth #security
• 

  PSA: If you use Twitter to sign in to stuff, you should double check you have another way to get in to those accounts asap. With Twitter charging ??? for API access next week, you have no way of knowing whether the apps you use are going to pay that.

  Portland, Oregon, USA • 49°F

  140 likes 139 reposts 11 replies 5 mentions

  Thu, Feb 2, 2023 4:23pm -08:00 #oauth #twitter
• Leveraging Web Workers to Safely Store Access Tokens - The New Stack (thenewstack.io)

  Tue, Jan 31, 2023 5:48pm -08:00 #oauth #spa #browser