Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋

Portland, Oregon
Joined April 2008
Filter
Exclude
Time range
-
Near
Photos from IndieWebCamp Düsseldorf day 1 are already posted! 📷 flickr.com/photos/tollwerk/a… Thanks to our amazing photographer @iwontsignuphere
1
5
Cool we will head over! It was closed when we got there
Replying to @TechLifeWeb
Could be a number of things, but here's what we've seen before: indieweb.org/Wordpress_Indie…
1
Be sure to check out my behind the scenes video of how I filmed all the talks too! youtube.com/epKA84wK9ls
1
3
Replying to @photojoseph
a run is an excellent idea, but instead I spent the day editing my behind-the-scenes video of last week's shoot: youtube.com/watch?v=epKA84wK…
1
I got a lot of questions last week at @ML4ALL about how I was able to turn around the conference videos so quickly, so I put together a little behind-the-scenes video including biking all the gear in and out! 🚲🎥🎉 youtube.com/watch?v=epKA84wK…
3
8
Replying to @grEvenX @oauth_2
Plenty of server-side frameworks can do this, I'm not sure about something as a service though. Also not sure if you'd really want to go down the path of offloading that kind of thing to a different site either.
1
Replying to @nicokaiser
That's a big assumption (you don't know what browser extensions the user is using) but yes that's one way to be more confident. I wouldn't use absolute terms like "safe" though. "Less risky" maybe.
Replying to @nicokaiser
Totally depends on your risk tolerance. Browsers are always a more risky environment, so that's something to keep in mind with refresh tokens. If you are going to issue refresh tokens to JS, definitely rotate them after every use.
1
Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now: ✅ good random number generators ✅ secure hashing functions Just missing a good base64 encoding function. (Check out the ugly hack in the post.) developer.okta.com/blog/2019…
2
1
3
current status: wrapped up the web standards meeting for the day, and now watching the recording of yesterday's Planning and Sustainability Commission meeting in Portland, a different kind of standards meeting. what? I don't have too many projects *you* have too many projects
1
9
Replying to @nicokaiser @oauth_2
If you read the post I talk about exactly that issue and provide sample code for doing auth code + PKCE entirely in JavaScript
Just in time for #iiw I published a blog post: "Is the OAuth 2.0 Implicit Flow Dead?" developer.okta.com/blog/2019…
1
8
16
Replying to @justin__richer
What's your preferred channel for getting feedback on this? Email? Blog posts? Issues on the site's GitHub repo? Also if you're planning on running a session about this at #IIW please hold it on the 2nd or 3rd day since I have to miss the first day!
1
2
Finally freed my @Flickr account from Yahoo! I don't know exactly why, but this makes me way happier to keep paying for Flickr now. Migrate your account here: identity.flickr.com/migratio…
1
1
1
14
Only two months until IndieWeb Summit in Portland! 📅 June 29-30, 2019 📌 Portland, Oregon 🎟 2019.indieweb.org/summit We even have a travel assistance program this year, so if you're on the fence about coming because of the cost, please take a look! 2019.indieweb.org/summit#tra…
1
1
6
Replying to @evanpro
Yeah I think there's some point where hiring more does make the team more productive (from 1 to 2 people for example), but much beyond that I think there are diminishing returns. Hiring people with skills other than development is a whole different story tho.
1
2
Saying you can speed up software development by hiring more developers is like saying you can get planes to fly faster by adding more pilots.
3
7
1
29