Hashtag
43 posts tagged with this hashtag.
Any fediverse developers with too much free time on their hands interested in helping me figure out why, when logging in with a Friendica account, I get an "Unprocessable Entity" error?
github.com
Contribute to stefanbohacek/auth-server development by creating an account on GitHub.
Any fediverse developers with too much free time on their hands interested in helping me figure out why, when logging in with a Friendica account, I get an "Unprocessable Entity" error?
github.com
Contribute to stefanbohacek/auth-server development by creating an account on GitHub.
🆕 blog! “Adding OpenStreetMap login to Auth0”
So you want to add OSM as an OAuth provider to Auth0? Here's a tip - you do not want to create a custom social connection!
Instead, you need to create an "OpenID Connect" provider. Here's how.
OpenSteetMap
As per the OAuth documentation you will need to:
Register a new app at…
👀 Read more: https://shkspr.mobi/blog/2026/02/adding-openstreetmap-login-to-auth0/
⸻
#Auth0 #developers #oauth #OpenStreetMap
shkspr.mobi
So you want to add OSM as an OAuth provider to Auth0? Here's a tip - you do not want to create a custom social connection! Instead, you need to create an "OpenID Connect" provider. Here's how. OpenSteetMap As per the OAuth documentation you will need to: Register a new app at https://www.openstreetmap.org/oauth2/applications/ Give it a name that users will recognise Give it a redirect of…
🆕 blog! “Adding OpenStreetMap login to Auth0”
So you want to add OSM as an OAuth provider to Auth0? Here's a tip - you do not want to create a custom social connection!
Instead, you need to create an "OpenID Connect" provider. Here's how.
OpenSteetMap
As per the OAuth documentation you will need to:
Register a new app at…
👀 Read more: https://shkspr.mobi/blog/2026/02/adding-openstreetmap-login-to-auth0/
⸻
#Auth0 #developers #oauth #OpenStreetMap
shkspr.mobi
So you want to add OSM as an OAuth provider to Auth0? Here's a tip - you do not want to create a custom social connection! Instead, you need to create an "OpenID Connect" provider. Here's how. OpenSteetMap As per the OAuth documentation you will need to: Register a new app at https://www.openstreetmap.org/oauth2/applications/ Give it a name that users will recognise Give it a redirect of…
In which, Blaine Cook ( @blaine ) explains "What is OAuth?" in the framing not of standards and specifications, nor in technical terms, but instead in this framing:
> “What I need is to understand why it is designed this way, and to see concrete examples of use cases that motivate the design”
https://leaflet.pub/p/did:plc:3vdrgzr2zybocs45yfhcr6ur/3mfd2oxx5v22b/
leaflet.pub
Wherein I [try to] answer a seemingly straightforward question: "WTF is OAuth, anyhow?"
New post - keyless access to AWS from GCP. Handy to avoid IAM users and long-lived access keys.
richtman.au
Tractable security
Ooooh! ID-JAG or OAuth Identity Assertion JWT Authorization Grants looks interesting: https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-01.html
Screenshot summarizing the flow for this grant from the linked internet draft document.
If you're wondering what these documents look like, here's an example:
https://cimd-service.fly.dev/clients/bafyreidxk6lscepiy3lxtev7jag67s2taiyhk3gwazfd4khivaejsfyipq
Built a little thing over the past ~20 hours:
A service for provisioning public Client ID Metadata Documents for use in development environments where you aren't publicly on the web.
cimd-service.fly.dev
In development, send this service your Client ID Metadata Document, and it will return you a URL to a publicly available copy.
Okay, so, I finally built that OAuth Client ID Metadata Service that I've been talking about on an off, and also verified it works with bluesky: cimd-service.fly.dev
I did have to change my application_type to native to use localhost redirect URIs, which was annoying.
#oauth #atproto
https://cimd-service.fly.dev/
cimd-service.fly.dev
In development, send this service your Client ID Metadata Document, and it will return you a URL to a publicly available copy.
Oauth working for Kubernetes authentication and authorization.
Very satisfying, if fiddly.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
SECRET_KEY requirements (44+ chars)Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.
Spent the past hour doing some updates to the Client ID Metadata Documents internet draft. Trying to find alignment with the Client ID Prefix internet draft and fix a few open issues. #ietf #oauth
bsky.app
Spent the past hour doing some updates to the Client ID Metadata Documents internet draft. Trying to find alignment with the Client ID Prefix internet draft and fix a few open issues. #ietf #oauth
bsky.app
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:
blog.hboeck.de
I don't want to create a new account for every software / server. Where is the #OAuth thing for #ActivityPub?
#Mastodon #PixelFed #Lemmy
Vulnerability in Google’s OAuth System exposes millions to risk
Researchers warn that unused domains could grant unauthorised access to sensitive SaaS accounts
computing.co.uk
Researchers warn that unused domains could grant unauthorised access to sensitive SaaS accounts
OAuth 2.0の認可エンドポイントにおける脆弱な実装例と対策について考える
https://qiita.com/task4233/items/3af1b3d2690b44979659?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
qiita.com
はじめに今日のWebアプリケーション開発において、認証/認可の責務をOAuth 2.0 (以下OAuthとします) およびOpenID Connect 1.0 (以下OpenID Connectと…
Has anyone made a good, reliable "log in with your fediverse account" library/service, ideally for node.js, yet?
We got a blog post out summarizing our launch of OAuth for AT Protocol, and what work remains. This has been a huge project, led by Matthieu, with input from a bunch of standards folks and devs.
This tries to solve the same basic challenge that ActivityPub has, and builds on work by @thisismissem and @aaronpk at the IETF (OAuth client metadata documents). Would be great if social web protocols end up aligning on the general shape of a solution and care share code+review.
Gosh this PKCE stuff goes back to 2020.
Reads:
- Dropbox: https://dropbox.tech/developers/pkce--what-and-why-
- Postman: https://blog.postman.com/pkce-oauth-how-to/
- Mastodon OAuth PKCE extension PR: https://github.com/mastodon/mastodon/pull/31129
- Mastodon OAuth documentation PR: https://github.com/mastodon/documentation/pull/1445
Authorization Code flow (with PKCE), from Postman's article.
Are there any known issues with Friendica's OAuth login flow? Or maybe recent breaking changes?
Suddenly getting an "Unprocessable Entity" error without having made any relevant updates to the code.
Welcome to my new followers. I have taken possession of your souls, for which I am eternally grateful.
By way of #introduction, here are a few things that I am sometimes known for:
I wrote the book API Security in Action published by Manning. It covers a lot about modern application security, JWTs, OAuth, Kubernetes, and is secretly a tutorial on cryptography in disguise.
I discovered the “Psychic Signatures” critical vulnerability in Java’s implementation of ECDSA signature verification (CVE-2022-21449).
My blog has made its way onto Hacker News a few times.
I’m fairly active in the #OAuth working group at the IETF. I used to be the Security Architect for ForgeRock (now part of Ping Identity).
In my past I have mostly been a software engineer. I also have a PhD in computer science, for what it’s worth, but only my bank calls me Dr and my daughter thinks I’m lying about that.
These days I run a company, Illuminated Security, that provides AppSec and Applied Cryptography consultancy, review, bespoke development, and training. I’m always happy to answer emails (eventually!) on most topics.
illuminated-security.com
security. illuminated.