Aaron Parecki

#openid

• Identiverse 2023

  May

  30

  Jun

  2

  May 30 through June 2, 2023
  4 days

  ARIA Resort & Casino

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth #openid
• Portland (PDX) to Las Vegas (LAS)

  May 30, 2023 from 10:40am to 12:54pm (-0700)

  Alaska Flight 726

  

  Mc Carran Intl in Las Vegas

  permalink #identiverse #oauth #openid #okta
• Las Vegas

  May

  30

  Jun

  2

  May 30 through June 2, 2023
  4 days

  ARIA Resort & Casino

  Las Vegas, Nevada, US

  permalink #identiverse #okta #oauth #openid
• Clients shouldn’t peek inside access tokens – CloudIdentity (www.cloudidentity.com)

  Wed, Apr 6, 2022 6:55pm -07:00 #oauth #openid #oidc
• François' Blog - Generate a JSON Web Key Set from PHP for RSA Keys (www.tuxed.net)

  Wed, Feb 23, 2022 3:54pm -08:00 #php #jwk #jwt #openid #oidc
• 

  Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/

  Portland, Oregon, USA • 29°F

  1 like 1 repost 6 replies

  Wed, Feb 23, 2022 9:40am -08:00 #gov #openid
• Torsten Lodderstedt https://twitter.com/tlodderstedt

  Meet you at the definitive place to discuss OAuth/OpenID/GNAP security with practitioners and researchers. #osw7 #oauth #openid

  Portland, Oregon • 60°F

  Sat, Feb 12, 2022 4:37pm +00:00 (liked on Sat, Feb 12, 2022 3:50pm -08:00) #osw7 #oauth #openid
• I don’t like Identity Tokens | leastprivilege.com (leastprivilege.com)

  Fri, Oct 1, 2021 4:48pm -07:00 #oauth #oidc #openid #token
• 

  okay Internet, I need your suggestions:
  
  I have a static website that I can't modify, and I want to host it on some platform that I can tie to an arbitrary OpenID Connect provider so that only certain people can access it.
  
  What's the easiest way to do this?

  Portland, Oregon • 83°F

  13 likes 7 reposts 47 replies

  Fri, Jul 23, 2021 3:16pm -07:00 #oauth #openid
• Bypassing 2FA using OpenID Misconfiguration (youst.in)

  Sun, Jun 27, 2021 3:18pm -07:00 #openid #security
• The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement. (sso.tax)

  Tue, May 25, 2021 4:50pm -07:00 #sso #openid #security
• FAPI – Financial Grade API (fapi.openid.net)

  Wed, Apr 7, 2021 12:11pm -07:00 #openid #fapi #security
• openid / connect / issues / #1200 - Impact of Implicit Grant Removal in OAuth 2.1 — Bitbucket (bitbucket.org)

  Sat, Feb 27, 2021 7:40am -08:00 #oauth #openid
• When PKCE Cannot Protect Your Confidential OAuth Client (www.hackmanit.de)

  Mon, Oct 26, 2020 10:02am -07:00 #oauth #openid #pkce #nonce #security
• Internet Identity Workshop XXXI

  Oct

  20

  Oct

  21

  Oct

  22

  October 20-22, 2020
  3 days

  Online

  permalink #iiw #oauth #openid #identity
• What's New in OAuth and OpenID Connect

  Sep

  16

  September 16, 2020 11:20am - 11:50am (+1000)

  Online

  API Days Live Australia

  View Slides

  permalink #apidays #security #oauth #openid
• What's New in OAuth 2.1

  Aug

  19

  August 19, 2020 10:50am - 11:15am (+0800)

  Online

  API Days Live Singapore

  permalink #oauth #openid #security #apidays
• Hans Zandbelt https://twitter.com/hanszandbelt

  So at first Apple shortcutted OIDC protocol steps in SIWA which rendered them insecure, after fixing that they went on to add extras on top of OIDC which now renders them insecure again. It should be clear to everyone now: don't roll your own. #openid #siwa

  Portland, Oregon • 60°F

  Sun, May 31, 2020 6:43pm +00:00 (liked on Sun, May 31, 2020 12:47pm -07:00) #openid #siwa
• PKCE vs. Nonce: Equivalent or Not? (danielfett.de)

  Mon, May 18, 2020 4:04pm -07:00 #oauth #security #pkce #openid #nonce
• 

  Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.
  
  https://twitter.com/atomicbird/status/1163478833326108673

  Santa Ana, California, USA

  18 likes 9 reposts 6 replies

  Mon, Aug 19, 2019 2:29pm -07:00 #apple #oauth #openid #oidc