This is the anonymized public view. Names, employers, and contact details are hidden. If you were given a personalized link, open it to see the full profile.

@ShrekOverflow avatar

@ShrekOverflow

Identity Platform Architect

A Platform Architect specializing in Identity & Access Management, AI-era authorization patterns, and developer-facing platform primitives. Experienced in OAuth 2.0, OIDC, CIBA, and serverless identity at scale. This is an anonymized overview — full details are available via personalized link.

Contact hiddenX / @ShrekOverflowGitHub (personal)GitHub (Auth0)

Experience

  1. Apr 2026 — Present

    Product Architect II

    Identity & Security Platform

    Expanding Auth0's identity model to the AI era — introducing Agent as a new first-class principal type, a native entity alongside Users and Applications with its own lifecycle, credentials, and policy enforcement.

    • Designed the Agent principal: a first-class identity entity in Auth0 that represents all types of agents — interactive, background, and autonomous — with dedicated credentials, lifecycle management, and policy enforcement. Not shoehorned into a service account or user.
    • Defined the authorization model that makes agents secure-by-design: task-scoped, just-in-time access where every tool call is an authorization decision, not a static permission grant.
    • Designed the interoperability layer (Cross-App Access / XAA) enabling agents to operate across third-party services securely, with attestation chains that show where credentials came from and how permissions were narrowed — backed by active IETF standards work.
    • Authored foundational public thinking on agent authorization: 'Agents Can Either Be Useful or Secure' (Feb 2026) and 'Handling Third-Party Access Tokens Securely in AI Agents' (Nov 2025).
    • Agent Identity
    • OAuth 2.0
    • XAA
    • First-Class Principal
    • AI Agents
    • IETF

  2. Apr 2024 — Apr 2026

    Product Architect I

    Identity & Security Platform

    Established the product architecture practice for Auth0's platform — defining the entity models, security patterns, and extensibility primitives that shipped as Token Vault, Connected Accounts, Auth for MCP, CIBA for agents, and Advanced Customizations.

    • Designed Token Vault from the ground up: user-scoped delegated access to third-party credentials, always user-bound, with a clean API surface that eliminates the confused-deputy risk of naive userId-parameter approaches.
    • Introduced Connected Accounts as a first-class Auth0 concept — external accounts as delegated-access resources, not SSO providers — enabling 'Connect External Account' flows with platform-level security controls.
    • Designed the Auth for MCP authorization model: third-party client security, CIMD/external client provisioning, resource parameter support. Invented the Custom API Client entity so an MCP server carries its own verifiable identity into Token Vault and On-Behalf-Of flows.
    • Expanded CIBA into a backchannel notification + approval model for long-running agent workflows — separating notification from the approval mechanism so it works without a native app or Guardian push path.
    • Designed Advanced Customizations for Universal Login: full developer control over the UL experience while preserving Auth0's hosted security model, attack protection, and server-side state machine, with an incremental rollout model.
    • Supported 7-figure enterprise deals and guided the most complex customer deployments to go-live.
    • OAuth 2.0
    • OIDC
    • MCP
    • Token Vault
    • CIBA
    • Universal Login
    • Product Architecture

  3. Oct 2023 — Apr 2024

    Staff Software Engineer, Auth0 Product Architecture

    Identity & Security Platform

    Transitioned from competitive intelligence into product architecture — applying deep competitive and protocol knowledge to shape Auth0's platform direction.

    • Provided technical strategy and architectural input across identity product areas including extensibility, CIAM, and emerging AI-driven use cases.
    • Maintained breadth across OAuth 2.0, OIDC, SAML, and emerging identity standards to inform product decisions.
    • OAuth 2.0
    • OIDC
    • Product Strategy
    • Technical Architecture

  4. Nov 2022 — Oct 2023

    Staff Engineer, CI, Auth0 Product Unit

    Identity & Security Platform

    Continued competitive intelligence leadership after relocating to the United States, expanding scope to Okta's combined product unit.

    • Owned the competitive intelligence function for the Auth0 product unit within the combined Okta organisation.
    • Delivered competitive analysis and battle cards across Okta's full product portfolio post-merger.
    • Supported strategic sales engagements and executive briefings with in-depth competitive positioning.
    • Competitive Intelligence
    • OAuth 2.0
    • OIDC
    • SAML 2.0
    • CIAM

  5. Jan 2022 — Nov 2022

    Staff Engineer, CI, Auth0 Product Unit

    Identity & Security Platform

    Promoted to Staff Engineer with ownership of the competitive intelligence function for the Auth0 product unit. Relocated to the United States in November 2022.

    • Promoted to Staff Competitive Intelligence Engineer — primary expert on the IaaS competitive landscape.
    • Authored and maintained the Competitive Battle Card library adopted by the global Auth0 sales organisation.
    • Performed in-depth technical teardowns of competitors across CIAM, B2B, B2C, and emerging identity standards.
    • Delivered innovative demos in emerging CIAM domains: Identity Proofing, Smart Devices, and passwordless.
    • Competitive Intelligence
    • OAuth 2.0
    • OIDC
    • CIAM
    • SAML 2.0

  6. Jun 2016 — Jan 2022

    Early Career at Auth0

    Identity & Security Platform

    Progressed through Developer Success Engineer, Solutions Engineer, Product Marketing Manager, and Specialist Solutions Engineer — building Auth0's demo platform, shipping the official Cordova SDK, establishing the developer community, and eventually owning competitive intelligence and enterprise sales architecture across EMEA.

    • OAuth 2.0
    • OIDC
    • SAML 2.0
    • ADFS
    • Node.js
    • Swift
    • React
    • Serverless (Webtask)

  7. Before 2016

    Web Developer

    Various companies

    Cut my teeth as a web developer building sites and applications for a range of companies — the hands-on foundation that led into identity and platform work.

    • Web Development
    • JavaScript
    • PHP
    • Full-Stack

  8. 2023 — 2025

    Advisor & Engineering Contributor

    Realtime Infrastructure Startup

    Advisor since founding to a realtime WebSocket-as-a-service platform (now sunset). In 2024 stepped in hands-on to rebuild the message pipeline, scaling a single node from 200 to 20,000 messages/second — a 100x improvement — while running custom user code in a sandbox on every event.

    • Rearchitected the realtime message pipeline to push a single node from 200 to 20,000 messages/second sustained.
    • Kept per-event extensibility intact: custom user code executes in an isolated sandbox on every message without sacrificing the 100x throughput gain.
    • Realtime
    • WebSockets
    • Performance Engineering
    • Sandboxing
    • Systems Design

  9. 2025 — Present

    Independent Engineering & Research

    Independent

    Personal research and engineering at the edge of what's now possible with AI-assisted development — codec design, low-level drivers, and systems experiments, written up at arewecooked.dev.

    • GRIT (Grid Residual Image Transport): a purpose-built streaming image codec for a Thunderbolt KVM — coarse grid sample first, then residual bytes allocated by cell complexity, running on the GPU without a DSC ASIC.
    • Turbowave: a follow-on codec experiment exploring wave-based transforms for low-latency streaming.
    • A custom NCM (USB networking) driver — going below the application layer into device-level systems work.
    • A deliberate experiment in what a single engineer can ship with modern AI tooling and a clear spec.
    • Codec Design
    • GPU
    • Systems Programming
    • Drivers
    • AI-Assisted Engineering

Skills

Identity & Protocols

  • OAuth 2.0
  • OpenID Connect
  • SAML 2.0
  • CIBA
  • ADFS
  • Zero Trust
  • CIAM
  • Identity Proofing

Product Architecture

  • Agent Identity
  • Token Vault
  • MCP Authorization
  • Cross-App Access (XAA)
  • Universal Login
  • Entity Modeling
  • API Design
  • Security Modeling

Engineering

  • Node.js
  • TypeScript
  • Swift / iOS
  • React
  • AWS Lambda
  • Serverless
  • GPU / Systems (GRIT)

Practice

  • Product Architecture
  • Competitive Intelligence
  • Developer Experience
  • Technical Strategy
  • Enterprise Sales Support
  • Technical Writing
  • Community Building

Projects

LatestTinkerPledge

Co-founder · tinkerpledge.org · 2026 — current

A movement to get companies to give people AI for their whole life — not as a productivity mandate, but as a human benefit. People-first framing, no mandates, with a proposal generator that helps anyone make the case to their team. Built with Eva.

  • Movement
  • AI for Everyone
  • Product
  • Writing

On Agent Authorization (Public Writing)

Technical writing · Feb 2026

Why the features that make AI agents useful are the same ones that make them dangerous — and why the answer isn't restricting agents but changing the curve entirely through task-based, context-aware authorization.

  • AI Agents
  • Authorization
  • Security
  • Technical Writing

On Secure Token Delegation (Public Writing)

Technical writing · Nov 2025

Why the naive userId-parameter pattern for credential storage is a confused-deputy risk by design, and how a credential-based delegation model eliminates it cryptographically.

  • Token Vault
  • OAuth 2.0
  • AI Agents
  • Security
  • Technical Writing

Solving Identity Management in Modern Applications

Published book · Apress, Jan 2020

A comprehensive guide presenting the identity management landscape to developers building modern applications. Covers OAuth 2.0, SAML, OpenID Connect, WSFed, and practical architecture patterns — with an accompanying reference application.

  • OAuth 2.0
  • SAML
  • OIDC
  • WSFed
  • React
  • Node.js

Sign In with Apple — Day-Zero Implementation

Technical writing · Jun 2019

Demonstrated serverless extensibility by implementing Sign In with Apple support within days of its launch. Documented the nuances and challenges of the protocol for the developer community.

  • OIDC
  • Serverless (Webtask)
GRIT — Grid Residual Image Transport

arewecooked.dev · 2025

A purpose-built streaming image codec for a Thunderbolt KVM. GRIT sends a coarse grid sample first, then allocates residual bytes by cell complexity, running entirely on the GPU without a DSC ASIC — outperforming ProRes and HEVC on both game and desktop content, and going automatically lossless on 3K desktop frames.

  • Codec Design
  • GPU
  • Systems Programming
  • Streaming
Turbowave

arewecooked.dev · 2025

A follow-on codec experiment exploring wave-based transforms for low-latency streaming — pushing on the ideas GRIT opened up.

  • Codec Design
  • Signal Processing
  • Streaming
Custom NCM Driver

arewecooked.dev · 2025

A custom NCM (USB networking control model) driver — going below the application layer into device-level systems programming, written up with the rest of the tinkering at arewecooked.dev.

  • Drivers
  • USB / NCM
  • Systems Programming