Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
Photos from IndieWebCamp Düsseldorf day 1 are already posted! 📷 flickr.com/photos/tollwerk/a… Thanks to our amazing photographer @iwontsignuphere
1
5
Could be a number of things, but here's what we've seen before: indieweb.org/Wordpress_Indie…
1
Be sure to check out my behind the scenes video of how I filmed all the talks too! youtube.com/epKA84wK9ls
1
3
a run is an excellent idea, but instead I spent the day editing my behind-the-scenes video of last week's shoot: youtube.com/watch?v=epKA84wK…
1
I got a lot of questions last week at @ML4ALL about how I was able to turn around the conference videos so quickly, so I put together a little behind-the-scenes video including biking all the gear in and out! 🚲🎥🎉 youtube.com/watch?v=epKA84wK…
3
8
Plenty of server-side frameworks can do this, I'm not sure about something as a service though. Also not sure if you'd really want to go down the path of offloading that kind of thing to a different site either.
1
That's a big assumption (you don't know what browser extensions the user is using) but yes that's one way to be more confident. I wouldn't use absolute terms like "safe" though. "Less risky" maybe.
Totally depends on your risk tolerance. Browsers are always a more risky environment, so that's something to keep in mind with refresh tokens.
If you are going to issue refresh tokens to JS, definitely rotate them after every use.
1
Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now:
✅ good random number generators
✅ secure hashing functions
Just missing a good base64 encoding function. (Check out the ugly hack in the post.)
developer.okta.com/blog/2019…
2
1
3
current status: wrapped up the web standards meeting for the day, and now watching the recording of yesterday's Planning and Sustainability Commission meeting in Portland, a different kind of standards meeting.
what? I don't have too many projects *you* have too many projects
1
9
If you read the post I talk about exactly that issue and provide sample code for doing auth code + PKCE entirely in JavaScript
Just in time for #iiw I published a blog post: "Is the OAuth 2.0 Implicit Flow Dead?" developer.okta.com/blog/2019…
1
8
16
What's your preferred channel for getting feedback on this? Email? Blog posts? Issues on the site's GitHub repo?
Also if you're planning on running a session about this at #IIW please hold it on the 2nd or 3rd day since I have to miss the first day!
1
2
Finally freed my @Flickr account from Yahoo!
I don't know exactly why, but this makes me way happier to keep paying for Flickr now.
Migrate your account here: identity.flickr.com/migratio…
1
1
1
14
Only two months until IndieWeb Summit in Portland!
📅 June 29-30, 2019
📌 Portland, Oregon
🎟 2019.indieweb.org/summit
We even have a travel assistance program this year, so if you're on the fence about coming because of the cost, please take a look!
2019.indieweb.org/summit#tra…
1
1
6
Yeah I think there's some point where hiring more does make the team more productive (from 1 to 2 people for example), but much beyond that I think there are diminishing returns. Hiring people with skills other than development is a whole different story tho.
1
2