#OAuth

Posts about oauth. ← All posts

A2AADKAGTAIAI GovernanceAIGPAMLAPI DesignAWSAadhaarAccountingAgentsAnomaly DetectionArchitectureArdan LabsAuditAudit LogAzureBCPBankingBedrockBenchmarksBhashiniBigQueryCRAGCachingCareerCase StudyClinical Decision SupportCloud ArchitectureCloud KMSCloud RunCoding AgentsCommunicationComplianceConcurrencyConfigCost OptimisationCryptographyCultureCures ActDSLData ResidencyDatabase DesignDatabase MigrationDatabase SecurityDataflowDatastreamDebuggingDeploymentDesign PatternDevOpsDeveloper ExperienceDevice FlowDistributed SystemsDoclingElevenLabsEmbeddingsEngineeringEntity ResolutionEnvoyEvaluationFHIRFREE-AIFinOpsFinTechFoundationsFraudGCPGDPRGKEGOMEMLIMITGSoCGeminiGenieGitHubGoGo 1.23GoMLXGoogle CloudGoogle Cloud NextGovernanceGrafanaGraphQLGraphRAGHIPAAHITLHL7 v2Healthcare ITHyDEIAPPISO 27001IdempotencyIdentity FederationIncident ResponseIndic LanguagesIngestionIntegrationJWTJupyterKMSKYCKafkaKnowledge GraphKubernetesLLMLLM OpsLLM-as-JudgeLatencyLendingLessons LearnedLocal AILoggingMAFMARAMCPML EngineeringMagenticMemoryMentorshipMicroservicesMiddlewareMigrationMulti-AgentMulti-Agent AIMulti-CloudMulti-LanguageMultilingualNPCINetworkingOAuthOPAOTelOWASPObservabilityOllamaOpen BankingOpen SourceOpenTelemetryOperationsOperatorsOpinionOrchestrationPAMPCSEPDFPKCEPasskeysPatternsPaymentsPerformancePipelinePolicyPolicy as CodePostgreSQLPrivacy EngineeringProductionPrometheusPrompt InjectionPromptingProtocolsProvider AbstractionPub/SubPythonRAGRBACRBIREPLRFC 8693ReactRedisRefactorRegistryRegulationReliabilityReservationsResilienceRetrievalRetrospectiveSAMLSLOSOC 2SPIFFESPIRESQLSRESSESagaSaudi ArabiaSchemaSecuritySecurity Command CenterSelf-RAGService MeshSoftware ArchitectureSpannerSpeakingState ManagementStdlibStorageStreamingTata GroupTerraformTestingTier PromotionToken BudgetingTool CallingToolsUAEUPIUXVectorsVertex AIVideoVisionVoice AIVotingWebAuthnWhisperWorkflowWorkflowsWorkload IdentityWorkload Identity FederationWritingZero-Trustembed.FSerrgroupgRPCiter.SeqmTLSpgvectorslog
· Engineering

OAuth 2.1 + PKCE for a single-page app

PKCE is the load-bearing mitigation against authorization-code interception. The Go implementation is short; the parts every SPA gets wrong are documented here.

GoOAuthPKCESecurity
· Engineering

RFC 8693 token exchange — the nurse Alice scenario

Dual-identity tokens for the agent → MCP server → upstream API chain. Subject stays the user; Actor identifies the agent acting on the user's behalf. Walked through with a worked clinical example.

GoOAuthRFC 8693AgentsSecurity