Leanpub<p>New 📚 Release! MCP Servers with Oauth: A full introduction to MCP, from zero to deployment in one weekend by Zach Silveira <a href="https://mastodon.social/tags/books" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>books</span></a> <a href="https://mastodon.social/tags/ebooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ebooks</span></a> <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a></p><p>This book provides the fastest way to get up to speed using the latest Model Context Protocol authentication specification that was finalized in May 2025.</p><p>Find it on Leanpub!</p><p>Link: <a href="https://leanpub.com/creatingmcpserverswithoauth" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">leanpub.com/creatingmcpservers</span><span class="invisible">withoauth</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
225active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#oauth
1 post · 1 participant · 0 posts today
Leanpub<p>New 📚 Release! MCP Servers with Oauth: A full introduction to MCP, from zero to deployment in one weekend by Zach Silveira <a href="https://mastodon.social/tags/books" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>books</span></a> <a href="https://mastodon.social/tags/ebooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ebooks</span></a> <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a></p><p>This book provides the fastest way to get up to speed using the latest Model Context Protocol authentication specification that was finalized in May 2025.</p><p>Find it on Leanpub!</p><p>Link: <a href="https://leanpub.com/creatingmcpserverswithoauth" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">leanpub.com/creatingmcpservers</span><span class="invisible">withoauth</span></a></p>
Matthew Turland<p>Max Mitchell | I Read All Of Cloudflare's Claude-Generated Commits <a href="https://www.maxemitchell.com/writings/i-read-all-of-cloudflares-claude-generated-commits/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">maxemitchell.com/writings/i-re</span><span class="invisible">ad-all-of-cloudflares-claude-generated-commits/</span></a></p><p><a href="https://phpc.social/tags/Claude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Claude</span></a> <a href="https://phpc.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://phpc.social/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://phpc.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://phpc.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a></p>
Nicolas Borboën<p>"NOOOOOOOO!!!! You can't just use an LLM to write an auth library!"</p><p>"haha gpus go brrr"</p><p><a href="https://github.com/cloudflare/workers-oauth-provider/?tab=readme-ov-file#written-using-claude" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/cloudflare/workers-</span><span class="invisible">oauth-provider/?tab=readme-ov-file#written-using-claude</span></a></p><p><a href="https://social.epfl.ch/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://social.epfl.ch/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudFlare</span></a> <a href="https://social.epfl.ch/tags/oAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oAuth</span></a> <a href="https://social.epfl.ch/tags/Claude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Claude</span></a> <a href="https://social.epfl.ch/tags/GPUsGoBrrr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPUsGoBrrr</span></a> <a href="https://social.epfl.ch/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a></p>
Hollo :hollo:<p><a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Hollo" target="_blank">#<span>Hollo</span></a> 0.6.0 is coming soon!</p><p>We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:</p><p><strong>Enhanced <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/OAuth" target="_blank">#<span>OAuth</span></a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/security" target="_blank">#<span>security</span></a></strong></p><ul>
<li>RFC 8414 (OAuth metadata discovery)</li><li>RFC 7636 (<a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/PKCE" target="_blank">#<span>PKCE</span></a> support)</li><li>Improved authorization flows following RFC 9700 best practices</li>
</ul><p><strong>New features</strong></p><ul>
<li>Extended character limit (4K → 10K)</li><li>Code syntax highlighting</li><li>Customizable profile themes</li><li>EXIF metadata stripping for privacy</li>
</ul><p><strong>Important notes for update</strong></p><ul>
<li>Node.js 24+ required</li><li>Updated environment variables for asset storage</li><li>Stronger <code>SECRET_KEY</code> requirements (44+ chars)</li>
</ul>
<p>Special thanks to <a translate="no" class="h-card u-url mention" href="https://hachyderm.io/@thisismissem" rel="nofollow noopener noreferrer" target="_blank">@<span>thisismissem</span></a> for the extensive OAuth improvements that help keep the <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/fediverse" target="_blank">#<span>fediverse</span></a> secure and compatible! 🙏</p><p>Full changelog and upgrade guide coming with the release.</p><p><a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/ActivityPub" target="_blank">#<span>ActivityPub</span></a></p>
Neil Madden<p>Interesting open letter from the CISO at JP Morgan Chase, calling out insecure SaaS integrations, and specifically lots of implicit/explicit criticism of <a href="https://infosec.exchange/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a>: poorly secured and broadly scoped long-lived bearer tokens are not a great idea. Hopefully we’ll see PoP (with keys in a KMS) becoming more widespread for these kinds of integrations. </p><p>(The letter is undated 😤 but I assume it’s recent - via <span class="h-card" translate="no"><a href="https://infosec.exchange/@ladynerd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ladynerd</span></a></span> on LinkedIn).</p><p><a href="https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">jpmorgan.com/technology/techno</span><span class="invisible">logy-blog/open-letter-to-our-suppliers</span></a></p>
The New Oil<p>Hackers abuse <a href="https://mastodon.thenewoil.org/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> 2.0 workflows to hijack <a href="https://mastodon.thenewoil.org/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft365</span></a> accounts</p><p><a href="https://www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Phishers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishers</span></a> abuse <a href="https://mastodon.thenewoil.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://mastodon.thenewoil.org/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> to spoof Google in <a href="https://mastodon.thenewoil.org/tags/DKIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DKIM</span></a> replay attack</p><p><a href="https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
David Reed<p>The fraction of my life I spend authenticating to System A so I can subsequently login to System B to get a token for System C is just ridiculous.</p><p><a href="https://fosstodon.org/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>devops</span></a> <a href="https://fosstodon.org/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a></p>
Erik Play2Learn<p><span class="h-card" translate="no"><a href="https://chaos.social/@netzpolitik_feed" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>netzpolitik_feed</span></a></span> Haben die <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> Kollegen schon mal von <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> gehört? Ein großer Teil der Anfrage-Verwaltung ist damit technisch schon gelöst.</p>
Emelia<p>Spent the past hour doing some updates to the Client ID Metadata Documents internet draft. Trying to find alignment with the Client ID Prefix internet draft and fix a few open issues.
<a class="hashtag" href="https://bsky.app/search?q=%23ietf" rel="nofollow noopener noreferrer" target="_blank">#ietf</a> <a class="hashtag" href="https://bsky.app/search?q=%23oauth" rel="nofollow noopener noreferrer" target="_blank">#oauth</a></p>
Emelia 👸🏻<p>Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:</p><p><a href="https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.hboeck.de/archives/909-Mi</span><span class="invisible">xing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html</span></a></p><p><a href="https://hachyderm.io/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://hachyderm.io/tags/openid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openid</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Aaron PareckiAt long last, the OAuth working group has finished the Best Current Practice for OAuth 2.0 Security and it was just published as RFC9700! This has been a long time in the works, and I'm very thankful to everyone who has helped out with it over the years! <br> <br><a href="https://www.rfc-editor.org/rfc/rfc9700.html" rel="nofollow noopener noreferrer" target="_blank"><span class="">https://</span>www.rfc-editor.org/rfc/rfc9700.html</a> <br> <br>This is one of the major inputs to OAuth 2.1, so I'm also very excited to be able to move that forward this year as well!
Francis Augusto 🇳🇴/🇧🇷/:bahia:<p>A little rant about e-mail authentication: </p><p><a href="https://francisaugusto.com/2025/Email-quo-vadis-or-where-is-oidc-for-everyone/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">francisaugusto.com/2025/Email-</span><span class="invisible">quo-vadis-or-where-is-oidc-for-everyone/</span></a></p><p><span class="h-card" translate="no"><a href="https://io.mwl.io/@mwl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mwl</span></a></span> I'd love your comment on this!</p><p><a href="https://mastodon.babb.no/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> <a href="https://mastodon.babb.no/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.babb.no/tags/oauth2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth2</span></a> <a href="https://mastodon.babb.no/tags/thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thunderbird</span></a></p>
Doyensec<p>Despite being central to their security, many orgs struggle to securely implement <a href="https://infosec.exchange/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a>. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: <a href="https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.doyensec.com/2025/01/30/o</span><span class="invisible">auth-common-vulnerabilities.html</span></a></p><p><a href="https://infosec.exchange/tags/doyensec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>doyensec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a></p>
Jürgen ⁂ :gts:<p>Langsam wird es auf meiner <a href="https://servus.jyrgi.de/tags/gotosocial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoToSocial</span></a> Instanz gemütlich :neocat_comfy:.<br><br>Ich habe gerade eine Sammlung von <a href="https://servus.jyrgi.de/tags/neocat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NeoCat</span></a> :neocat: Emojis hochgeladen. Das war gar nicht so einfach, da GTS solch einen Sammel-Upload von <a href="https://servus.jyrgi.de/tags/misskey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MissKey</span></a> Emoji Archiven noch nicht unterstützt. Man kann Emojis nur einzeln per API Aufruf hochladen.<br><br>Da ich aber ein bisschen <a href="https://servus.jyrgi.de/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> kann, war das Problem relativ schnell behoben<br><br>**Ich habe zwei Scripte geschrieben:**<br><br>- Eines um mich per <a href="https://servus.jyrgi.de/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> zu authentifizieren um ein Bearer Token für die API Aufrufe zu erhalten.<br>- Ein weiteres, das die meta.json Datei von MissKey kompatiblem Emoji Archiven auswertet und dann alle Emojis im Archiv einzeln per API Aufruf hochlädt.<br><br>**Was habe ich gelernt:**<br><br>- Wie MissKey Emoji Archive aufgebaut sind.<br>- Wie man sich bei GTS per OAuth authentifiziert.<br>- Wie man Emojis aus MissKey Archiven per GTS API calls hochlädt.<br><br><a href="https://servus.jyrgi.de/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> <a href="https://servus.jyrgi.de/tags/gotosocial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoToSocial</span></a> <a href="https://servus.jyrgi.de/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://servus.jyrgi.de/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://servus.jyrgi.de/tags/customemojis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CustomEmojis</span></a></p>
crypticcelery<p>Okay, brain does not want to stop thinking about this:<br>Is it a good idea to built a self-hostable thing that supports the use of <a href="https://chaos.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> authorisation servers as “identity providers”, i.e. you can sign up/in using e.g. your fedi account? Any examples come to mind?</p><p>Besides technical considerations (like <a href="https://chaos.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a>’s non-spec app registration), of course the question of moving identities comes up and the obvious moderation topics (blocks, blocklists, …).</p><p><a href="https://chaos.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AskFedi</span></a> <a href="https://chaos.social/tags/PleaseBoost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PleaseBoost</span></a> <a href="https://chaos.social/tags/FollowerPower" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FollowerPower</span></a></p>
Neil Madden<p>And now <span class="h-card" translate="no"><a href="https://infosec.exchange/@PhilippeDeRyck" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>PhilippeDeRyck</span></a></span> breaking <a href="https://infosec.exchange/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://infosec.exchange/tags/NDCSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NDCSecurity</span></a></p>
John Leonard<p>Vulnerability in Google’s OAuth System exposes millions to risk</p><p>Researchers warn that unused domains could grant unauthorised access to sensitive SaaS accounts</p><p><a href="https://www.computing.co.uk/news/2025/security/vulnerability-in-google-oauth-system-exposes-millions-to-risk" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">computing.co.uk/news/2025/secu</span><span class="invisible">rity/vulnerability-in-google-oauth-system-exposes-millions-to-risk</span></a></p><p><a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a> <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Robert Sander<p>An <a href="https://mastodon.gurubert.de/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://mastodon.gurubert.de/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> "bug" that cannot be fixed easily:</p><p><a href="https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">trufflesecurity.com/blog/milli</span><span class="invisible">ons-at-risk-due-to-google-s-oauth-flaw</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload