@andychiare profile picture
Andrea Chiarelli @andychiare

Software Engineer and Technical Author i.e. Continuous Learner @auth0 by @okta | Microsoft MVP | Identity, .NET, API, Web, JavaScript, DevRel, DX

Joined January 2017
  • Tweets 3,636
  • Following 427
  • Followers 797
207 Photos and videos
Pinned Tweet
Andrea Chiarelli@andychiare
29 Jun 2025
It's not easy to describe what a developer advocate does, so I wrote this booklet to explain it to anyone who's interested (and to clarify it for myself, too). Download it now and let me know what you think! It's free! 👇 leanpub.com/i-am-a-developer…
1
13
815
Andrea Chiarelli retweeted
Auth0
@auth0
Jun 5
Token exchange isn't one thing. It's impersonation, delegation, protocol bridging, and cross-domain federation, each with different trade-offs. Here's a breakdown of when to use which. auth0.com/blog/the-many-face…

The Many Faces of OAuth 2.0 Token Exchange

A journey through the various facets of token exchange: from use cases to management complexity.

auth0.com
2
4
414
A guide to Token Exchange use cases: from impersonation to delegation and federated identity scenarios. Read more: auth0.com/blog/the-many-face…

The Many Faces of OAuth 2.0 Token Exchange

A journey through the various facets of token exchange: from use cases to management complexity.

auth0.com
13
Andrea Chiarelli retweeted
Auth0
@auth0
May 29
AI agents have two architectural layers: a deterministic core you control and a probabilistic LLM you don't. @andychiare breaks down why securing the code around your model matters more than securing the model itself: auth0.com/blog/ai-agents-hav…

AI Agents Have Two Souls. You Only Control One.

Why the code around your LLM matters more than the LLM itself: the architectural insight that changed how I think about AI agent security.

auth0.com
2
2
5
594
Stop confusing "Tools," "MCP servers," and "Skills" in AI. Their interchangeability creates terminological ambiguity, making AI agents harder to secure. The following table summarizes the differences. Learn more: auth0.com/blog/what-ai-tools… #AISecurity #LLMAgents #MCP #skills
1
1
61
Interchangeable use of "tools," "MCP servers," and "skills" by the AI community creates ambiguity with critical security implications, making architectural distinctions vital. Check out this blog post to learn more: auth0.com/blog/what-ai-tools…

What AI Tools, MCP Servers, and Skills Actually Do

Stop the confusion between AI tools, MCP, and skills. A developer's guide to the new AI agent stack, including security best practices and Auth0 integration.

auth0.com
20
I've started playing with local LLMs using LM Studio. Any suggestions for a coding-optimized model?
63
Effective AI agents balance two "souls": probabilistic LLMs and deterministic code. While LLMs get the hype, traditional code is vital for security and stability. I discuss the two souls of an AI agent in my latest blog post: auth0.com/blog/ai-agents-hav… #ai #agents #llm #security

AI Agents Have Two Souls. You Only Control One.

Why the code around your LLM matters more than the LLM itself: the architectural insight that changed how I think about AI agent security.

auth0.com
1
57
Andrea Chiarelli retweeted
Addy Osmani
@addyosmani
May 9
x.com/i/article/205074961123…

85
488
3,365
841,028
Andrea Chiarelli retweeted
David Fowler
@davidfowl
May 9
Bring @aspiredev to your existing app without rewriting it. In 13.3, aspire init adds the AppHost skeleton, then /aspireify helps wire your app into the Aspire model using project context. This doesn't change your application, it just describes. Feature by @maddymontaquila!
2
5
62
5,202
📣 I just released version 2.4.0 of Auth0 Templates for .NET! 📣 The new release includes: - .NET 10 versions of the templates - New Backend for Frontend template - Removed Auth0 MVC template for .NET 7.0 - Bug fixes and internal improvements Try it! nuget.org/packages/Auth0.Tem…

Auth0.Templates 2.4.0

Template pack for creating .NET applications integrated with Auth0 authentication and authorization.

nuget.org
2
103
Andrea Chiarelli retweeted
ASP.NET Core News@aspnetcore_news
May 8
This week's ASP .NET Core newsletter is out! This week by @visualstudio, @chbernasconic, @raalhul, @mattconnew, @jamesnk, @andychiare, and more ❤️ Check out 'Past newsletters' here: aspnetcore.news/

ASP.NET Core News - Your weekly update of everything ASP.NET Core

ASP.NET Core News is the only weekly newsletter dedicated to ASP.NET Core. Whether you build Razor Pages, MVC applications, Web APIs, Blazor, SignalR awesomeness, or anything else available on the...

aspnetcore.news
1
7
644
Andrea Chiarelli retweeted
Auth0
@auth0
May 6
OAuth 2.1 is officially baking security best practices into the spec. From mandatory PKCE to the death of the Implicit Flow, here is what you need to know in 60 seconds.
1:11
7
7
816
Andrea Chiarelli retweeted
ASP.NET Core News@aspnetcore_news
May 6
Backend For Frontend Authentication Pattern with Auth0 and ASP .NET Core by @andychiare auth0.com/blog/backend-for-f… #aspnetcore
6
24
1,709
Andrea Chiarelli retweeted
Dmitry Pavlov@dr_dimaka
Apr 29
#dotNET 11 Preview 3 is now available! devblogs.microsoft.com/dotne…

.NET 11 Preview 3 is now available! - .NET Blog

Find out about the new features in .NET 11 Preview 3 across the .NET runtime, SDK, libraries, ASP.NET Core, .NET MAUI, C#, Entity Framework Core, container images, and more!

devblogs.microsoft.com
5
33
1,618
Here is my article explaining how to implement the Backend for Frontend (BFF) pattern with React and ASPNET Core using Auth0 as the IdP auth0.com/blog/backend-for-f…

Backend For Frontend Authentication Pattern with Auth0 and ASP.NET Core

Secure your React apps using the BFF pattern with Auth0 and ASP.NET Core. Stop storing tokens in the browser and improve your frontend security.

auth0.com
119
Here's an article explaining how to implement the Backend for Frontend (BFF) pattern with React and ASPNET Core using @auth0 as the IdP: auth0.com/blog/backend-for-f…

Backend For Frontend Authentication Pattern with Auth0 and ASP.NET Core

Secure your React apps using the BFF pattern with Auth0 and ASP.NET Core. Stop storing tokens in the browser and improve your frontend security.

auth0.com
1
62
PKCE and BFF aren't alternatives. They solve different problems. If you've been assuming PKCE is enough for SPA security, this is worth reading: auth0.com/blog/things-develo…

Things Developers Get Wrong About the Backend for Frontend Pattern

Let’s address the most common pitfalls and misconceptions developers encounter when implementing the Backend for Frontend (BFF) pattern.

auth0.com
1
104
I believe that the primary purpose of using AI to develop professional production-ready software should be to improve quality rather than increase speed. Speed will be a side effect, an added bonus. If you focus on speed, I'm not sure you will get a better product.
2
153
Andrea Chiarelli retweeted
Auth0
@auth0
Apr 17
The Auth0 MCP Server is now a Gemini CLI extension. One command to install. One command to connect your tenant. Then just ask. gemini extensions install github.com/auth0/auth0-mcp-s…
0:36
5
6
16
113,597
ChatGPT claims to be non-deterministic, and most of us believe it. But is that really the case? Are LLMs truly non-deterministic? I’ve written down a few thoughts on the subject: theturingmachine.net/generat… #ai #llm
2
80
Load more