DEV Community

The Changelog

OAuth, "It's complicated."

Today we’re joined by Aaron Parecki, co-founder of IndieWebCamp and maintainer of OAuth, for a deep dive on the state of OAuth 2.0 and what’s next in OAuth 2.1. We cover the complications of OAuth, RFCs like Proof Key for Code Exchange, also known as PKCE, OAuth for browser-based apps, and next generation specs like the Grant Negotiation and Authorization Protocol, also known as GNAP. The conversation begins with how Aaron experiements with the IndieWeb as a showcase of what’s possible.

Discuss on Changelog News

Join Changelog++ to support our work, get closer to the metal, and make the ads disappear!

Sponsors

  • Gitpod – Spin up fresh, ephemeral automated dev environments, in the cloud, in seconds. Their free tier is open to every developer with a GitLab, GitHub, and/or Bitbucket account. Learn more at gitpod.io
  • Retool – Retool is a low-code platform built specifically for developers that makes it fast and easy to build internal tools. Instead of building internal tools from scratch, the world’s best teams, from startups to Fortune 500s, are using Retool to power their internal apps. Learn more and try it for free at retool.com/changelog
  • Square – Develop on the platform that sellers trust! Use API Explorer to interact with, test, or play with your applications in Square. You can build, view, and send HTTP requests that call Square APIs with API Explorer. Get started with Square, check out the API Explorer, or the API Explorer docs.
  • Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com

Featuring

Notes and Links

Episode source