Read It's Time for OAuth 2.1 by Aaron PareckiAaron Parecki (Aaron Parecki)
Trying to understand OAuth often feels like being trapped inside a maze of specs, trying to find your way out, before you can finally do what you actually set out to do: build your application. https://aaronparecki.com/2019/12/12/21/oauth-maze.png While this can be incredibly frustrating, it’s no ...
Read Your Website Is Your Passport by Desmond Rivet (Desmond Rivet)
One of the themes that crops up again and again in the IndieWeb community is that your personal domain, with its attendant website, should form the nexus of your online existence. Of course, people can and do maintain separate profiles on a variety of social media platforms, but these should be subordinate to the identity represented by your personal website, which remains everyone's one-stop-shop for all things you and the central hub out of which your other identities radiate.
Part of what this means in practice is that your domain should function as a kind of universal online passport, allowing you to sign in to various services and applications simply by entering your personal URL.
A nice little primer on authorization and authentication.

👓 Why OAuth API Keys and Secrets Aren’t Safe in Mobile Apps | Okta Developer

Read Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps (Okta Developer)
Let's take a look at two ways it's possible to hack secret API keys out of mobile apps.

An Indieweb Podcast: Episode 8 Interflux

Episode 8: Interflux

Running time: 1h 23m 35s | Download (26.2 MB) | Subscribe by RSS

Summary: David Shanske and I recap the recent IndieWeb Summit 2018 in Portland Oregon including recent developments like microsub, readers, Vouch, and even the comeback of webrings!

Huffduff this Episode

Shownotes

Recap of IndieWeb Summit 2018

Vouch(🎧 00:7:13)

The Year of the Reader (🎧 00:38:32)

Webrings (🎧 00:59:03)

Aaron Parecki posts (🎧 1:12:10)

👓 OAuth for the Open Web | Aaron Parecki

Read OAuth for the Open Web by Aaron PareckiAaron Parecki (Aaron Parecki)
OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it. While OAuth is a great framework for this, the way it has ended up being used is ...
 
Today I updated the IndieAuth plugin for WordPress, and I can now use my own website as an IndieAuth authorization endpoint (including provisioning and revoking tokens) for a multitude of things including a huge number of micropub clients.

Special thanks to David Shanske and Aaron Parecki for all their work in getting this to happen!

Reposted Aaron Parecki on Twitter (Twitter)
It never occurred to me that people would be blaming @oauth_2 for the Facebook mess. Friendly reminder that OAuth is what lets you control *which* parts of your Facebook data apps get access to, and what lets you revoke that access, which you can do here: https://www.facebook.com/settings?tab=applications