balloob
https://github.com/balloob
•
Jul 9
WeChat ID
aaronpk_tv
Monday, July 9, 2018
-
-
-
I could see extending the limitation of the loopback address to also include the private IP ranges. I assume in that case it is extremely unlikely that the server will have an https certificate, so that's another reason to keep the limitation on the private IP ranges rather than allowing arbitrary IP addresses.
One of the benefits of the client ID being a publicly accessible web page is that the authorization server can fetch the application name and icon from that page.
In the case of using a private IP address, the authorization server won't be able to fetch any information about the client, so the prompt will show just the IP.
The other option is to use
https://www.home-assistant.io/as the client ID, allowing just the redirect URL to be a private IP. This breaks the rule of the client ID and redirect URL hostnames matching, so servers may show a warning like the below, but at least the application info is visible.
-
I absolutely ❤️ the idea of the #IndieWeb. Take control of your own content! watch @adactio explain it: https://vimeo.com/265121482 https://indieweb.org
-
Good: the screws I ordered from China arrived 2 days before the 14-30 day delivery window.
Bad: they are 2mm too short for what I need!
