Social 📸 Photography

Alvin Ashcraft 🐿️MCP Gets OAuth: Understanding the New Authorization Specification | MCP Dev Days.<a href="https://www.youtube.com/watch?v=EXxIeOfJsqA" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=EXxIeOfJsqA</a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a> <a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#modelcontextprotocol</a> <a href="https://hachyderm.io/tags/aiagents" class="mention hashtag" rel="nofollow noopener" target="_blank">#aiagents</a>

Third spruce tree on the leftWhen you get the option to `Sign in with Google/Microsoft/Facebook` you're really using <a href="https://mas.to/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a>. Aside from those platforms knowing what you're doing everywhere all the time, there are compelling reasons for both 3rd party services and users. (not many, but a few). But if you DO link your <a href="https://mas.to/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> / <a href="https://mas.to/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> / <a href="https://mas.to/tags/Facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#Facebook</a> account to some other service, there's never anyway to UNLINK it, and that's just lazy cowardly product management, $0.02. Oh and its deliberate.<a href="https://awadwatt.com/tezoatlipoca/poor-software-product-management-chronicles-e-auth-i-auth-oauth-fuck-off" rel="nofollow noopener" translate="no" target="_blank">https://awadwatt.com/tezoatlipoca/poor-software-product-management-chronicles-e-auth-i-auth-oauth-fuck-off</a>

Wladimir MuftySetting up a sector-wide <a href="https://social.edu.nl/tags/PeerTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#PeerTube</a> pilot instance on behalf of Dutch higher ed & research using <a href="https://social.edu.nl/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSO</a> via <a href="https://social.edu.nl/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#SAML</a>, so no local usernames/passwords…Anyone with experience uploading videos using the <a href="https://social.edu.nl/tags/REST" class="mention hashtag" rel="nofollow noopener" target="_blank">#REST</a> <a href="https://social.edu.nl/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#API</a> for system integration purposes? No classic <a href="https://social.edu.nl/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> flow here… or is it possible?!💚➡️ <a href="https://social.edu.nl/tags/Framasoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Framasoft</a> <a href="https://social.edu.nl/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fediverse</a> <a href="https://social.edu.nl/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://social.edu.nl/tags/Education" class="mention hashtag" rel="nofollow noopener" target="_blank">#Education</a> <a href="https://social.edu.nl/tags/Science" class="mention hashtag" rel="nofollow noopener" target="_blank">#Science</a> <a href="https://social.edu.nl/tags/askfedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#askfedi</a>👩🏽‍🎓 <a href="https://video.edu.nl/" rel="nofollow noopener" translate="no" target="_blank">https://video.edu.nl/</a>

Alvin Ashcraft 🐿️OAuth 2.0 Access Tokens and the Principle of Least Privilege | by Andrea Chiarelli.<a href="https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/" rel="nofollow noopener" translate="no" target="_blank">https://auth0.com/blog/oauth2-access-tokens-and-principle-of-least-privilege/</a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#authorization</a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> <a href="https://hachyderm.io/tags/auth0" class="mention hashtag" rel="nofollow noopener" target="_blank">#auth0</a>

OpenStreetMap Ops TeamIf you manage a web application that uses OpenStreetMap.org authentication or independently use the OpenStreetMap-website code, please see our recent security notice: <a href="https://operations.osmfoundation.org/2025/07/11/security-notice.html" rel="nofollow noopener" translate="no" target="_blank">https://operations.osmfoundation.org/2025/07/11/security-notice.html</a> <a href="https://en.osm.town/tags/OpenStreetMap" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenStreetMap</a> <a href="https://en.osm.town/tags/OSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSM</a> <a href="https://en.osm.town/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://en.osm.town/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a>

Alvin Ashcraft 🐿️OAuth in the MCP C# SDK: Simple, Secure, Standard | by Den Delimarsky.<a href="https://den.dev/blog/mcp-csharp-sdk-authorization/" rel="nofollow noopener" translate="no" target="_blank">https://den.dev/blog/mcp-csharp-sdk-authorization/</a><a href="https://hachyderm.io/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> <a href="https://hachyderm.io/tags/csharp" class="mention hashtag" rel="nofollow noopener" target="_blank">#csharp</a> <a href="https://hachyderm.io/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#dotnet</a> <a href="https://hachyderm.io/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#auth</a> <a href="https://hachyderm.io/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a> <a href="https://hachyderm.io/tags/modelcontextprotocol" class="mention hashtag" rel="nofollow noopener" target="_blank">#modelcontextprotocol</a>

Yaal CoopDemain c'est l'été, il est temps de faire le point sur le mécénat et les contributions à des logiciels libres commis par l'équipe de Yaal Coop ces 3 derniers mois ! Au menu, beaucoup de choses autour d'outils <a href="https://toot.aquilenet.fr/tags/oidc" class="mention hashtag" rel="nofollow noopener" target="_blank">#oidc</a> et <a href="https://toot.aquilenet.fr/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> en <a href="https://toot.aquilenet.fr/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> <a href="https://yaal.coop/blog/dernieres-contributions-logiciels-libres-printemps-2025" rel="nofollow noopener" translate="no" target="_blank">https://yaal.coop/blog/dernieres-contributions-logiciels-libres-printemps-2025</a>

Schenkl | 🏳️‍🌈🦄Kaum instlliert eins die xdg-utils in den Container, kann <a href="https://chaos.social/tags/JOSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#JOSM</a> auch den <a href="https://chaos.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> an den <a href="https://chaos.social/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browser</a> werfen.In der <a href="https://chaos.social/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a> Fehlermeldung steht natürlich nichtsdergleichen^^<a href="https://chaos.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a>

Hollo :hollo:<a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/Hollo" target="_blank">#Hollo</a> 0.6.0 is coming soon!We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:Enhanced <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/OAuth" target="_blank">#OAuth</a> <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/security" target="_blank">#security</a><ul> <li>RFC 8414 (OAuth metadata discovery)</li><li>RFC 7636 (<a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/PKCE" target="_blank">#PKCE</a> support)</li><li>Improved authorization flows following RFC 9700 best practices</li> </ul>New features<ul> <li>Extended character limit (4K → 10K)</li><li>Code syntax highlighting</li><li>Customizable profile themes</li><li>EXIF metadata stripping for privacy</li> </ul>Important notes for update<ul> <li>Node.js 24+ required</li><li>Updated environment variables for asset storage</li><li>Stronger <code>SECRET_KEY</code> requirements (44+ chars)</li> </ul> Special thanks to <a translate="no" class="h-card u-url mention" href="https://hachyderm.io/@thisismissem" rel="nofollow noopener" target="_blank">@thisismissem</a> for the extensive OAuth improvements that help keep the <a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/fediverse" target="_blank">#fediverse</a> secure and compatible! 🙏Full changelog and upgrade guide coming with the release.<a class="mention hashtag" rel="nofollow noopener" href="https://hollo.social/tags/ActivityPub" target="_blank">#ActivityPub</a>

udo m. rader ☕ 🇪🇺 🇺🇦 🐧I'm not easily swearing, but how can I put this: sending infra emails from a data center to addresses managed by <a href="https://sigmoid.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> 365 is crazy. MS dislikes <a href="https://sigmoid.social/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMTP</a> AUTH, ok, and so begins the <a href="https://sigmoid.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> journey to get the <a href="https://sigmoid.social/tags/postfix" class="mention hashtag" rel="nofollow noopener" target="_blank">#postfix</a> mail relay to embrace OAuthThe best idea so far is to write a script that acts as a proxy between postfix and MS, sending emails via the MS <a href="https://sigmoid.social/tags/GraphAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GraphAPI</a>. Undoubtedly much more secure and, just as undoubtedly, absolutely no vendor lock-in for something as simple as SMTP ... WTF!!

Joe Steinbring :thisisfine:I got n8n working with LinkedIn, Mastodon, etc. Can I get it to work with Fitbit? :blobcatthink: <a href="https://toot.works/tags/Homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#Homelab</a> <a href="https://toot.works/tags/n8n" class="mention hashtag" rel="nofollow noopener" target="_blank">#n8n</a> <a href="https://toot.works/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a>

Aaron PareckiIn two weeks I'll be speaking at the MCP Dev Summit in San Francisco! It's going to be a great day packed with back to back sessions. In less than a year, the MCP project has quickly reshaped how developers are building AI agents. My talk, "Intro to OAuth for MCP Servers", will cover the basics of the new MCP authorization protocol and set the stage for building secure MCP servers. <a href="https://mcpdevsummit.ai/#agenda" rel="nofollow noopener" target="_blank">https://mcpdevsummit.ai/#agenda</a>

Maarten BalliauwJust did a big rewrite of a docs page on dynamic identity providers in Duende <a href="https://mastodon.online/tags/identityserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#identityserver</a>.That was fun to dive in, and makes me appreciate the thought put in to designing both <a href="https://mastodon.online/tags/aspnetcore" class="mention hashtag" rel="nofollow noopener" target="_blank">#aspnetcore</a> and IdentityServer itself.<a href="https://docs.duendesoftware.com/identityserver/ui/login/dynamicproviders/" rel="nofollow noopener" translate="no" target="_blank">https://docs.duendesoftware.com/identityserver/ui/login/dynamicproviders/</a><a href="https://mastodon.online/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#dotnet</a> <a href="https://mastodon.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.online/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a>(also big thanks to <a href="https://mastodon.social/@khalidabuhakmeh" class="u-url mention" rel="nofollow noopener" target="_blank">@khalidabuhakmeh</a> for the fantastic preview images on new docs pages)

Efani⚠️ Phishers have found a clever way to spoof Google — and their emails pass all security checks.A new DKIM replay phishing attack abuses Google’s own OAuth infrastructure to send fake messages that look 100% legitimate, including passing DKIM authentication.What happened: - A phishing email was sent from “no-reply@google.com” - It appeared in the user’s inbox alongside real Google security alerts - The message linked to a fake support portal hosted on sites[dot]google[dot]com — a Google-owned domain - The attacker used Google OAuth to trigger a real security alert to their inbox, then forwarded it to victims Why this matters: - DKIM only verifies the headers, not the envelope — allowing this spoof to work - The phishing site was nearly indistinguishable from Google’s actual login portal - Because the message was signed by Google and hosted on a Google domain, it bypassed most users’ suspicions - Similar tricks have been used with PayPal and other platforms, raising broader concerns Google has since acknowledged the issue and is working on a fix. But this attack is a reminder:Even the most secure-looking emails can be fraudulent. Even Google-signed emails can be weaponized.🛡️ At <a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener" target="_blank">@Efani</a>, we advocate for layered defense — because no one layer is ever enough.<a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> <a href="https://infosec.exchange/tags/DKIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#DKIM</a> <a href="https://infosec.exchange/tags/EmailSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmailSecurity</a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#EfaniSecure</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a>

teufelswerkCyberkriminelle nutzen aktuell gefälschte OAuth-Anwendungen, die sich als bekannte Dienste wie Adobe Acrobat, Adobe Drive oder DocuSign ausgeben. Ziel dieser Angriffe ist es, sich Zugriff auf Microsoft-365-Konten zu erschleichen. Im Beitrag erfährst du auch, wie du dich vor solchen Angriffen schützen kannst.<a href="https://teufelswerk.net/achtung-vor-boesartigen-adobe-und-docusign-oauth-apps-so-schuetzt-du-dein-microsoft-365-konto/" rel="nofollow noopener" translate="no" target="_blank">https://teufelswerk.net/achtung-vor-boesartigen-adobe-und-docusign-oauth-apps-so-schuetzt-du-dein-microsoft-365-konto/</a><a href="https://social.tchncs.de/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://social.tchncs.de/tags/scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#scam</a> <a href="https://social.tchncs.de/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.tchncs.de/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> <a href="https://social.tchncs.de/tags/Adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Adobe</a> <a href="https://social.tchncs.de/tags/DocuSign" class="mention hashtag" rel="nofollow noopener" target="_blank">#DocuSign</a> <a href="https://social.tchncs.de/tags/microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoft365</a> <a href="https://social.tchncs.de/tags/office365" class="mention hashtag" rel="nofollow noopener" target="_blank">#office365</a>

Matthew TurlandIf you had to explain <a href="https://phpc.social/tags/OAuth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth2</a> to a relatively new SWE who only had a bit of experience interacting with public APIs from a frontend UI, are there any specific beginner-friendly online resources you'd recommend to them?<a href="https://phpc.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> <a href="https://phpc.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentication</a> <a href="https://phpc.social/tags/SoftwareEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareEngineering</a> <a href="https://phpc.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareDevelopment</a> <a href="https://phpc.social/tags/Education" class="mention hashtag" rel="nofollow noopener" target="_blank">#Education</a>

shearichardI'm presenting at the Wellington Python New Zealand meetup on Thursday evening, so if you're in town come along and cheer. The subject is integrating <a href="https://mastodon.nz/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAuth</a> into a <a href="https://mastodon.nz/tags/Django" class="mention hashtag" rel="nofollow noopener" target="_blank">#Django</a> project : what OAuth is and how it works; a good approach to integrating it into a Django project ; and what benefits it brings.Although the talk with be Django-centric I hope those attending will be able to contribute their experience of using OAuth in <a href="https://mastodon.nz/tags/Flask" class="mention hashtag" rel="nofollow noopener" target="_blank">#Flask</a>, <a href="https://mastodon.nz/tags/FastAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FastAPI</a> etc.Sign up is here : <a href="https://www.meetup.com/pythonnz-wellington/events/304242570/" rel="nofollow noopener" translate="no" target="_blank">https://www.meetup.com/pythonnz-wellington/events/304242570/</a>

C.<a href="https://mindly.social/tags/Fedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fedi</a>, looking for people with experience in <a href="https://mindly.social/tags/accessible" class="mention hashtag" rel="nofollow noopener" target="_blank">#accessible</a> software.I have a friend with serious vision issues. Not blind, but can't easily read text that isn't 6+ inches high, and his vision is degrading. He is looking for a way to deal with email -- he's a writer -- because he says Gmail is now a nightmare to use even with a screen reader.Preferred solution would be a mail program / <a href="https://mindly.social/tags/MUA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MUA</a> that runs on Windows and supports <a href="https://mindly.social/tags/OAUTH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OAUTH</a> authentication, so he can continue to use his Gmail address.What's the MUA with the best <a href="https://mindly.social/tags/accessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#accessibility</a> on Windows? Thunderbird brags about its support for screen readers and assistive technologies, so I had him try it, and he says it's almost as bad as Gmail - flashing colours, animating controls. I haven't personally touched Thunderbird in many years, so it was a surprise to me.I use a text/console mail flow that relies on a local MTA, so nothing I use is of any use in this.Thanks, appreciate any pointers.<a href="https://mindly.social/tags/mail" class="mention hashtag" rel="nofollow noopener" target="_blank">#mail</a> <a href="https://mindly.social/tags/MailProgram" class="mention hashtag" rel="nofollow noopener" target="_blank">#MailProgram</a> <a href="https://mindly.social/tags/GMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#GMail</a> <a href="https://mindly.social/tags/AssistiveTechnology" class="mention hashtag" rel="nofollow noopener" target="_blank">#AssistiveTechnology</a> <a href="https://mindly.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mindly.social/tags/blind" class="mention hashtag" rel="nofollow noopener" target="_blank">#blind</a> <a href="https://mindly.social/tags/vision" class="mention hashtag" rel="nofollow noopener" target="_blank">#vision</a> <a href="https://mindly.social/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> <a href="https://mindly.social/tags/disability" class="mention hashtag" rel="nofollow noopener" target="_blank">#disability</a>

Aaron PareckiAt long last, the OAuth working group has finished the Best Current Practice for OAuth 2.0 Security and it was just published as RFC9700! This has been a long time in the works, and I'm very thankful to everyone who has helped out with it over the years! <a href="https://www.rfc-editor.org/rfc/rfc9700.html" rel="nofollow noopener" target="_blank">https://www.rfc-editor.org/rfc/rfc9700.html</a> This is one of the major inputs to OAuth 2.1, so I'm also very excited to be able to move that forward this year as well!

Francis Augusto 🇳🇴/🇧🇷/:bahia:A little rant about e-mail authentication: <a href="https://francisaugusto.com/2025/Email-quo-vadis-or-where-is-oidc-for-everyone/" rel="nofollow noopener" translate="no" target="_blank">https://francisaugusto.com/2025/Email-quo-vadis-or-where-is-oidc-for-everyone/</a><a href="https://io.mwl.io/@mwl" class="u-url mention" rel="nofollow noopener" target="_blank">@mwl</a> I'd love your comment on this!<a href="https://mastodon.babb.no/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a> <a href="https://mastodon.babb.no/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth</a> <a href="https://mastodon.babb.no/tags/oauth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#oauth2</a> <a href="https://mastodon.babb.no/tags/thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#thunderbird</a>

Recent searches

Search options

Administered by:

Server stats:

#oauth