https://speakerdeck.com/aaronpk 2020-03-31 11:37:47 -0400 Wed, 22 Oct 2025 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-for-mcp-internet-identity-workshop-october-2025 https://speakerdeck.com/aaronpk/oauth-for-mcp-internet-identity-workshop-october-2025 https://identiverse.com/idv25/session/?idvid=2812734 https://identiverse.com/idv25/session/?idvid=2812734 Wed, 04 Jun 2025 00:00:00 -0400 https://speakerdeck.com/aaronpk/the-state-of-oauth-2025-identiverse https://speakerdeck.com/aaronpk/the-state-of-oauth-2025-identiverse Fri, 23 May 2025 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-for-mcp https://speakerdeck.com/aaronpk/oauth-for-mcp Tue, 29 Oct 2024 00:00:00 -0400 https://speakerdeck.com/aaronpk/iiw-39-oauth-101 https://speakerdeck.com/aaronpk/iiw-39-oauth-101 Slides from my presentation on OAuth in Native Apps at the OAuth Security Workshop. Unfortunately the embedded videos don't play in the PDF version. I extracted the video clips and posted them here: https://aaronparecki.com/2024/04/11/23/oauth-native-apps-osw-2024 Slides from my presentation on OAuth in Native Apps at the OAuth Security Workshop. Unfortunately the embedded videos don't play in the PDF version. I extracted the video clips and posted them here: https://aaronparecki.com/2024/04/11/23/oauth-native-apps-osw-2024 Thu, 11 Apr 2024 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-in-native-apps-oauth-security-workshop https://speakerdeck.com/aaronpk/oauth-in-native-apps-oauth-security-workshop Presented at the OAuth Security Workshop https://events.oauth.net/2023/08/oauth-security-workshop-2023-2gZNVdvPH0XS Presented at the OAuth Security Workshop https://events.oauth.net/2023/08/oauth-security-workshop-2023-2gZNVdvPH0XS Thu, 24 Aug 2023 00:00:00 -0400 https://speakerdeck.com/aaronpk/targeted-logout-oauth-security-workshop-2023 https://speakerdeck.com/aaronpk/targeted-logout-oauth-security-workshop-2023 Ready to move beyond MVP in the journey of adding enterprise-ready identity in your SaaS app? With the must-have functionality in place, you're ready to make your app stand out, get noticed by enterprise customers, and handle user provisioning and automation that can scale! Slides from Devday23 https://developerday.com/events/devday23-wic Ready to move beyond MVP in the journey of adding enterprise-ready identity in your SaaS app? With the must-have functionality in place, you're ready to make your app stand out, get noticed by enterprise customers, and handle user provisioning and automation that can scale! Slides from Devday23 https://developerday.com/events/devday23-wic Wed, 17 May 2023 00:00:00 -0400 https://speakerdeck.com/aaronpk/enterprise-ready-going-beyond-mvp https://speakerdeck.com/aaronpk/enterprise-ready-going-beyond-mvp Currently, the security of native apps in OAuth is contingent upon registering the app's callback URL with the operating system, preferably as an app-claimed HTTPS URL. While this provides some level of assurance of the app's identity, it is by no means foolproof. Authenticating whether a particular instance of a public client in OAuth is a legitimate instance remains a challenge. This session will explore the possibility of using Apple and Android’s “app attestation” APIs as a form of OAuth client authentication. These APIs are able to leverage on-device private keys and a certificate chain to provide an additional level of confidence that the app making an HTTP request is the same code that was shipped in the app stores. Currently, the security of native apps in OAuth is contingent upon registering the app's callback URL with the operating system, preferably as an app-claimed HTTPS URL. While this provides some level of assurance of the app's identity, it is by no means foolproof. Authenticating whether a particular instance of a public client in OAuth is a legitimate instance remains a challenge. This session will explore the possibility of using Apple and Android’s “app attestation” APIs as a form of OAuth client authentication. These APIs are able to leverage on-device private keys and a certificate chain to provide an additional level of confidence that the app making an HTTP request is the same code that was shipped in the app stores. Fri, 06 May 2022 00:00:00 -0400 https://speakerdeck.com/aaronpk/app-integrity-attestations-for-oauth-oauth-security-workshop-2022 https://speakerdeck.com/aaronpk/app-integrity-attestations-for-oauth-oauth-security-workshop-2022 My presentation at the SAAG meeting at IETF 110 My presentation at the SAAG meeting at IETF 110 Thu, 11 Mar 2021 00:00:00 -0500 https://speakerdeck.com/aaronpk/intro-to-oauth-ietf-110 https://speakerdeck.com/aaronpk/intro-to-oauth-ietf-110 https://aaronparecki.com/2020/10/20/8/ https://aaronparecki.com/2020/10/20/8/ Tue, 20 Oct 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-101-internet-identity-workshop-xxxi https://speakerdeck.com/aaronpk/oauth-101-internet-identity-workshop-xxxi https://aaronparecki.com/2020/09/16/23/ https://aaronparecki.com/2020/09/16/23/ Tue, 15 Sep 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/whats-new-with-oauth-and-openid-connect-api-days-australia https://speakerdeck.com/aaronpk/whats-new-with-oauth-and-openid-connect-api-days-australia Slides from my talk at Disclosure Conference https://disclosureconference.com/ Slides from my talk at Disclosure Conference https://disclosureconference.com/ Wed, 02 Sep 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/how-to-think-about-oauth-security-disclosure-2020 https://speakerdeck.com/aaronpk/how-to-think-about-oauth-security-disclosure-2020 https://aaronparecki.com/2020/07/22/9/ https://aaronparecki.com/2020/07/22/9/ Wed, 22 Jul 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-2-dot-1-oauth-security-workshop https://speakerdeck.com/aaronpk/oauth-2-dot-1-oauth-security-workshop https://aaronparecki.com/2020/07/22/7/ https://aaronparecki.com/2020/07/22/7/ Wed, 22 Jul 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/protecting-single-page-apps-using-oauth https://speakerdeck.com/aaronpk/protecting-single-page-apps-using-oauth Presented at Interface by API Days Presented at Interface by API Days Tue, 30 Jun 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/the-state-of-oauth https://speakerdeck.com/aaronpk/the-state-of-oauth Presented at IETF 107 virtual interim meeting. https://events.oauth.net/2020/05/oauth-virtual-interim-meeting-client-intermediary-and-reciprocal-oauth-BmTavIx802Ez Presented at IETF 107 virtual interim meeting. https://events.oauth.net/2020/05/oauth-virtual-interim-meeting-client-intermediary-and-reciprocal-oauth-BmTavIx802Ez Fri, 08 May 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/oauth-2-dot-0-client-intermediary-metadata-ietf-107 https://speakerdeck.com/aaronpk/oauth-2-dot-0-client-intermediary-metadata-ietf-107 https://aaronparecki.com/2020/04/28/12/ https://aaronparecki.com/2020/04/28/12/ Tue, 28 Apr 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/how-to-hack-oauth-goto-chicago-2020 https://speakerdeck.com/aaronpk/how-to-hack-oauth-goto-chicago-2020 In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from the standards group. The latest additions to the specs enable richer experiences and better security for applications using OAuth. https://www.oktane20.com/agenda#573 In this talk you'll learn about the latest developments with the OAuth and OIDC specs directly from the standards group. The latest additions to the specs enable richer experiences and better security for applications using OAuth. https://www.oktane20.com/agenda#573 Tue, 31 Mar 2020 00:00:00 -0400 https://speakerdeck.com/aaronpk/whats-new-with-oauth-and-openid-connect https://speakerdeck.com/aaronpk/whats-new-with-oauth-and-openid-connect