It's been a few days without y'all reading my ✨ Opinions ✨ so here's one about #OAuth2 client credentials, and why you shouldn't use a client secret https://www.jvt.me/posts/2021/11/09/avoid-client-secret/
Why I recommend against using client secret authentication for OAuth2 and OpenID Connect APIs.
Implementing IndieAuth Server Metadata (2 mins read).
Announcing support for OAuth Server Metadata on my IndieAuth Server.
Recommended read: Biscuit, the foundation for your authorization systems https://www.clever-cloud.com/blog/engineering/2021/04/12/introduction-to-biscuit/
Announcing my new project, tokens-pls, which allows for easier manual testing with the OAuth2 code flow for Public Clients.
How to use the PKCE extension when using the Ruby library rack-oauth2 as an OAuth2 client.
Implementing the Refresh Token Grant in my IndieAuth Server (4 mins read).
Announcing support for long-lived refresh tokens as part of my IndieAuth server.
Recommended read: The Real Cause of the Sign In with Apple Zero-Day • Aaron Parecki https://aaronparecki.com/2020/05/31/30/the-real-cause-of-the-sign-in-with-apple-zero-day
Setting up Multiple
redirect_uris on the Meetup.com API (2 mins read).
How to allow multiple
redirect_uris on your Meetup.com (OAuth2) API consumer.