Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
Not that I've been able to find! Also can't find their userinfo or introspection endpoints. I also had to guess their authorization endpoint because it's not in their docs.
1
So far there's no docs on what you can do with the access token. I suspect using it may require also including the client_secret which is a signed JWT, or who knows. Here's the working code: github.com/aaronpk/sign-in-w…
If you're interested, here is my sample code I was able to use to get an access token and ID token from Apple
github.com/aaronpk/sign-in-w…
1
9
28
They have some docs here developer.apple.com/sign-in-… but their docs are missing quite a bit right now. I had to guess at some endpoints and things.
1
6
I just tried it out and it's OAuth + OpenID Connect with a little bit of Apple uniqueness sprinkled in.
3
weirdnesses:
* Their token endpoint requires setting a User-Agent header, otherwise responds with an HTML error
* Client secrets are a signed JWT using ECDSA + SHA256
* An email address isn't returned even when requesting the `email` scope
2
9
Initial test of the "Sign in with Apple" API:
* It's more or less based on OAuth + OIDC
* Their documentation is missing a lot of key info to use it right now, I had to guess at a lot of things
* The `sub` claim includes some sort of unique user identifier, not an email
4
20
65
To anyone who thought partial redirect URL matching in @OAuth_2 is "good enough," read this thread. Complete Periscope account takeover just by viewing a tweet. hackerone.com/reports/110293 #oauth
1
3
11
If you're in Toronto you should come to my #OAuth talk tomorrow! 🔐 regionalevents.okta.com/okta…
We'll have food and drinks, and we're giving copies of my book to everyone who attends! 📚
1
8
Just stumbled across this tweet from a few years ago and realized you are in Toronto! I'm here for an OAuth workshop tomorrow and you're welcome to join if you'd like! regionalevents.okta.com/okta…
1
Sorry I don't have a button for that but I can do it manually for you.
But lots of people use that API key from JS so it's not necessarily meant to be a secret anyway. Let me know if you want me to change yours tho.
1
1
I can never remember, but it's a pretty typical Laravel app so you can look for docs on how to set up a Laravel app in Apache or IIS!
3
I haven't installed Aperture on anything except nginx myself, but it should only require one htaccess rule to get it going. Feel free to hop in the indieweb chat if you need help!
1
1
