
Maho Pacheco 🦝🍻
@mapache@hachyderm.io
@mapache@hachyderm.io
@arichtman@eigenmagic.net
Oauth working for Kubernetes authentication and authorization.
Very satisfying, if fiddly.
@arichtman@eigenmagic.net
Cool blog spotto
#Kubernetes #OIDC #Oauth #k8s #Proxmox #Talos #TalosLinux #ArgoCD
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@hollo@hollo.social
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY
requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
@thisismissem.bsky.social@bsky.brid.gy
@thisismissem.bsky.social@bsky.brid.gy
@thisismissem@hachyderm.io
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:
@aj@id1.in
I don't want to create a new account for every software / server. Where is the #OAuth thing for #ActivityPub?
#Mastodon #PixelFed #Lemmy
@johnleonard@mastodon.social
Vulnerability in Google’s OAuth System exposes millions to risk
Researchers warn that unused domains could grant unauthorised access to sensitive SaaS accounts
@qiita@rss-mstdn.studiofreesia.com
OAuth 2.0の認可エンドポイントにおける脆弱な実装例と対策について考える
https://qiita.com/task4233/items/3af1b3d2690b44979659?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
@qiita@rss-mstdn.studiofreesia.com
@qiita@rss-mstdn.studiofreesia.com
@stefan@stefanbohacek.online
Has anyone made a good, reliable "log in with your fediverse account" library/service, ideally for node.js, yet?
@bnewbold@social.coop
We got a blog post out summarizing our launch of OAuth for AT Protocol, and what work remains. This has been a huge project, led by Matthieu, with input from a bunch of standards folks and devs.
This tries to solve the same basic challenge that ActivityPub has, and builds on work by @thisismissem and @aaronpk at the IETF (OAuth client metadata documents). Would be great if social web protocols end up aligning on the general shape of a solution and care share code+review.
@cheeaun@mastodon.social
Gosh this PKCE stuff goes back to 2020.
Reads:
- Dropbox: https://dropbox.tech/developers/pkce--what-and-why-
- Postman: https://blog.postman.com/pkce-oauth-how-to/
- Mastodon OAuth PKCE extension PR: https://github.com/mastodon/mastodon/pull/31129
- Mastodon OAuth documentation PR: https://github.com/mastodon/documentation/pull/1445
@neilmadden@infosec.exchange
Welcome to my new followers. I have taken possession of your souls, for which I am eternally grateful.
By way of #introduction, here are a few things that I am sometimes known for:
I wrote the book API Security in Action published by Manning. It covers a lot about modern application security, JWTs, OAuth, Kubernetes, and is secretly a tutorial on cryptography in disguise.
I discovered the “Psychic Signatures” critical vulnerability in Java’s implementation of ECDSA signature verification (CVE-2022-21449).
My blog has made its way onto Hacker News a few times.
I’m fairly active in the #OAuth working group at the IETF. I used to be the Security Architect for ForgeRock (now part of Ping Identity).
In my past I have mostly been a software engineer. I also have a PhD in computer science, for what it’s worth, but only my bank calls me Dr and my daughter thinks I’m lying about that.
These days I run a company, Illuminated Security, that provides AppSec and Applied Cryptography consultancy, review, bespoke development, and training. I’m always happy to answer emails (eventually!) on most topics.