Aaron Parecki · May 2, 2019 · 3:25 PM UTC

Aaron Parecki · May 2, 2019 · 3:25 PM UTC

Aaron Parecki

Aaron Parecki @aaronpk

2 May 2019

Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now: ✅ good random number generators ✅ secure hashing functions Just missing a good base64 encoding function. (Check out the ugly hack in the post.) developer.okta.com/blog/2019…

Is the OAuth 2.0 Implicit Flow Dead?

In this post, we'll look at what's changing in the Implicit Flow and why.

developer.okta.com

May 2, 2019 · 3:25 PM UTC

Even André Fiskvik · May 3, 2019 · 10:47 PM UTC

Even André Fiskvik

@grEvenX

3 May 2019

Replying to @aaronpk @oauth_2

In the process of changing how we authorize the users in our web app and I’m wondering what route to take. Do you know about any simple proxy-like services for Oauth 2 Auth code flow (not OIDC) that can keep sessions and handle Auth for any SPA ?

Aaron Parecki · May 4, 2019 · 4:46 PM UTC

Aaron Parecki @aaronpk

4 May 2019

Plenty of server-side frameworks can do this, I'm not sure about something as a service though. Also not sure if you'd really want to go down the path of offloading that kind of thing to a different site either.

more replies

Sebastian Lasse | @sl007@digitalcourage.social · May 2, 2019 · 8:22 PM UTC

Sebastian Lasse | @sl007@digitalcourage.social @sl007

2 May 2019

Replying to @aaronpk @oauth_2

This could save you 4 characters ;)) return btoa(encodeURIComponent(str) .replace(/%([0-9A-F]{2})/g, (m, p1) => String.fromCharCode(parseInt(('0x'+p1), 16))));