#OAuth

Posts about oauth. ← All posts

A2AADKAI GovernanceAIGPAMLAPI DesignAWSAadhaarAccountingAgentsAnomaly DetectionArchitectureAuditAudit LogAzureBCPBankingBedrockBenchmarksBhashiniBigQueryCRAGCareerCase StudyClinical Decision SupportCloud ArchitectureCloud KMSCloud RunComplianceConcurrencyConfigCost OptimisationCryptographyCultureCures ActDSLData ResidencyDatabase DesignDatabase MigrationDatabase SecurityDataflowDatastreamDeploymentDesign PatternDevOpsDevice FlowDistributed SystemsElevenLabsEngineeringEntity ResolutionEnvoyEvaluationFHIRFREE-AIFinOpsFinTechFraudGCPGDPRGKEGOMEMLIMITGSoCGeminiGenieGitHubGoGo 1.23Google CloudGoogle Cloud NextGovernanceGraphQLGraphRAGHIPAAHITLHL7 v2Healthcare ITHyDEIAPPISO 27001IdempotencyIdentity FederationIncident ResponseIndic LanguagesIntegrationJWTKMSKYCKafkaKnowledge GraphKubernetesLLMLLM OpsLatencyLendingLessons LearnedLoggingMARAML EngineeringMemoryMentorshipMicroservicesMiddlewareMigrationMulti-AgentMulti-Agent AIMulti-CloudMulti-LanguageMultilingualNPCINetworkingOAuthOPAOTelObservabilityOpen BankingOpen SourceOpenTelemetryOperationsOperatorsOpinionOrchestrationPAMPCSEPKCEPasskeysPatternsPaymentsPerformancePolicyPolicy as CodePostgreSQLPrivacy EngineeringProductionPrometheusProtocolsProvider AbstractionPub/SubPythonRAGRBACRBIRFC 8693RedisRegulationReliabilityReservationsResilienceRetrievalRetrospectiveSAMLSLOSOC 2SPIFFESPIRESQLSRESagaSaudi ArabiaSchemaSecuritySecurity Command CenterSelf-RAGService MeshSoftware ArchitectureSpannerSpeakingState ManagementStdlibStorageTata GroupTerraformTestingTier PromotionToken BudgetingToolsUAEUPIVertex AIVoice AIVotingWebAuthnWorkflowWorkload IdentityWorkload Identity FederationWritingZero-Trustembed.FSerrgroupgRPCiter.SeqmTLSslog
· Engineering ·5 min read

OAuth 2.1 + PKCE for a single-page app

PKCE is the load-bearing mitigation against authorization-code interception. The Go implementation is short; the parts every SPA gets wrong are documented here.

GoOAuthPKCESecurity
· Engineering ·5 min read

RFC 8693 token exchange — the nurse Alice scenario

Dual-identity tokens for the agent → MCP server → upstream API chain. Subject stays the user; Actor identifies the agent acting on the user's behalf. Walked through with a worked clinical example.

GoOAuthRFC 8693AgentsSecurity