Aaron Parecki

#openid

• Clients shouldn’t peek inside access tokens – CloudIdentity (www.cloudidentity.com)

  #oauth #openid #oidc

  Wed, Apr 6, 2022 6:55pm -07:00
• François' Blog - Generate a JSON Web Key Set from PHP for RSA Keys (www.tuxed.net)

  #php #jwk #jwt #openid #oidc

  Wed, Feb 23, 2022 3:54pm -08:00
• 

  Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/

  Portland, Oregon, USA • 29°F

  1 like 1 repost 6 replies

  #gov #openid

  Wed, Feb 23, 2022 9:40am -08:00
• Torsten Lodderstedt https://twitter.com/tlodderstedt

  Meet you at the definitive place to discuss OAuth/OpenID/GNAP security with practitioners and researchers. #osw7 #oauth #openid

  Portland, Oregon • 60°F

  #osw7 #oauth #openid

  Sat, Feb 12, 2022 4:37pm +00:00 (liked on Sat, Feb 12, 2022 3:50pm -08:00)
• I don’t like Identity Tokens | leastprivilege.com (leastprivilege.com)

  #oauth #oidc #openid #token

  Fri, Oct 1, 2021 4:48pm -07:00
• 

  okay Internet, I need your suggestions:
  
  I have a static website that I can't modify, and I want to host it on some platform that I can tie to an arbitrary OpenID Connect provider so that only certain people can access it.
  
  What's the easiest way to do this?

  Portland, Oregon • 83°F

  13 likes 7 reposts 47 replies

  #oauth #openid

  Fri, Jul 23, 2021 3:16pm -07:00
• Bypassing 2FA using OpenID Misconfiguration (youst.in)

  #openid #security

  Sun, Jun 27, 2021 3:18pm -07:00
• The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)

  #sso #openid #security

  Tue, May 25, 2021 4:50pm -07:00
• FAPI – Financial Grade API (fapi.openid.net)

  #openid #fapi #security

  Wed, Apr 7, 2021 12:11pm -07:00
• openid / connect / issues / #1200 - Impact of Implicit Grant Removal in OAuth 2.1 — Bitbucket (bitbucket.org)

  #oauth #openid

  Sat, Feb 27, 2021 7:40am -08:00
• When PKCE Cannot Protect Your Confidential OAuth Client (www.hackmanit.de)

  #oauth #openid #pkce #nonce #security

  Mon, Oct 26, 2020 10:02am -07:00
• Internet Identity Workshop XXXI

  Oct

  20

  Oct

  21

  Oct

  22

  October 20-22, 2020
  3 days

  Online

  #iiw #oauth #openid #identity

  permalink
• What's New in OAuth and OpenID Connect

  Sep

  16

  September 16, 2020 11:20am - 11:50am (+1000)

  Online

  API Days Live Australia

  View Slides

  #apidays #security #oauth #openid

  permalink
• What's New in OAuth 2.1

  Aug

  19

  August 19, 2020 10:50am - 11:15am (+0800)

  Online

  API Days Live Singapore

  #oauth #openid #security #apidays

  permalink
• Hans Zandbelt https://twitter.com/hanszandbelt

  So at first Apple shortcutted OIDC protocol steps in SIWA which rendered them insecure, after fixing that they went on to add extras on top of OIDC which now renders them insecure again. It should be clear to everyone now: don't roll your own. #openid #siwa

  Portland, Oregon • 60°F

  #openid #siwa

  Sun, May 31, 2020 6:43pm +00:00 (liked on Sun, May 31, 2020 12:47pm -07:00)
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  #oauth #security #pkce #openid #nonce

  Mon, May 18, 2020 4:04pm -07:00
• 

  Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.
  
  https://twitter.com/atomicbird/status/1163478833326108673

  Santa Ana, California, USA

  18 likes 9 reposts 6 replies

  #apple #oauth #openid #oidc

  Mon, Aug 19, 2019 2:29pm -07:00
• Open Letter from the OpenID Foundation to Apple Regarding Sign in with Apple | Hacker News (news.ycombinator.com)

  #openid #appleid

  Sat, Jun 29, 2019 9:51pm -07:00
• Vidoop secures Messina and Norris – Silicon Florist (siliconflorist.com)

  #pdxtech #vidoop #openid

  Sat, Feb 2, 2019 7:18pm -08:00
• Steve Hutchinson https://twitter.com/IdentityHutch

  Nice rebuttal by @scottbrady91 from @rskltd to Okta's “Nobody Cares About #OAuth or #OpenID Connect.” I agree that developers should care and #identity professionals should elevate the discourse. @idpro_org @openid #OIDC https://www.scottbrady91.com/OAuth/Why-Developers-Do-Care-About-OAuth-and-OpenID-Connect

  Portland, Oregon • 42°F

  #OAuth #OpenID #identity #OIDC

  Mon, Jan 28, 2019 3:57pm +00:00 (liked on Mon, Jan 28, 2019 8:04am -08:00)