Session planning time at IndieWebCamp Berlin (https://calumryan.com/note/2626)
WeChat ID
aaronpk_tv
-
Even André Fiskvik
https://twitter.com/grEvenX
•
May 3
In the process of changing how we authorize the users in our web app and I’m wondering what route to take. Do you know about any simple proxy-like services for Oauth 2 Auth code flow (not OIDC) that can keep sessions and handle Auth for any SPA ?
Plenty of server-side frameworks can do this, I'm not sure about something as a service though. Also not sure if you'd really want to go down the path of offloading that kind of thing to a different site either. -
-
Portland, Oregon • Fri, May 3, 2019 4:01pm
-
Ride
0.55miDistance5:35DurationStartEnd
-
-
-
AsleepAwake6h 28mSlept31mAwake for
-
Just found out that @juliensolomita used my suggestion in his most recent video to do a mac + cheese tasteoff and I am STOKED. Because I love nothing more than some vegan mac. https://www.youtube.com/watch?v=EBv5A7NC2eI
-
Train
9.02miDistance23:19DurationStartEnd
-
Plane
647.44miDistance96:01DurationStartEnd
-
San Jose (SJC) to Portland (PDX)toAlaska Flight 309
-
at Gate 27San Jose, California • Thu, May 2, 2019 5:20pm
-
alianora
https://cybre.space/@nightpool
•
May 2
@aaronpk Yep, but in that case the attacker controls the redirect uri right? how can the attacker control the redirect uri without also controlling the pkce secret?
I'm trying to explain this in 200 character chunks but it clearly isn't working. I also can't find an existing page quickly that explains it better, so clearly I need to properly write it up. -
Nico Kaiser
https://twitter.com/nicokaiser
•
May 2
... assuming I can control what JS code runs on my site (which is a different problem), this should be safe, right?
That's a big assumption (you don't know what browser extensions the user is using) but yes that's one way to be more confident. I wouldn't use absolute terms like "safe" though. "Less risky" maybe.
