Aaron Parecki

@rogue__leader The Google Inbox and Voice apps do it! I know I've used a couple more, but can't remember off-hand.

@rogue__leader Yeah sorry, 140 chars isn't enough 😭

Before SFSafariView, the only way to securely do OAuth was to launch the native Safari browser. This meant you'd get bounced out of the app, which a lot of developers didn't want to do to their users. I don't disagree that this was a bad experience, and plenty of people feel the same.

What ended up happening is people instead started embedding the WebView into their apps, in order to avoid having their users bounce out of the app and come back. The compromise in this case is that people would have to type their password to log in, because the embedded WebView doesn't share cookies with the system browser.

It took Apple a long time to roll out SFSafariView, so there are just a lot of apps out there that still have the embedded WebView.

Advantages of WebView:
• Does not make the user leave the app to complete the OAuth flow

Problems with WebView:
• User has no way to verify they are on the real website, so phishing attacks are undetectable
• Does not share system cookies, so users have to type their password every time

Advantages of SFSafariView:
• Does not make the user leave the app to complete the OAuth flow
• The user can see the address bar so can verify they're on the correct website
• Shares system cookies, so the user won't have to type their password if they've already signed in using the native Safari app

I should probably turn this into a proper blog post.

@rogue__leader SafariViewController is the best of both worlds. Visible URL, no bouncing out of application, shared cookies.

@rogue__leader The problem with embedded WebView is users will have to type their password there anyway, since it doesn't share cookies

@rogue__leader Prior to SafariViewController, devs weren't willing to bounce ppl out of the app, the only other way to have a visible URL

@rogue__leader Thanks! That, or launching Safari or the service's native application. SafariViewController will provide the best UX.

@rahlquist I haven't found anything quite like the X2, but I've been using the new Mobi line without the "cloud". It uploads to my computer.

You're always welcome to send test webmentions to the webmention.rocks tool! https://webmention.rocks/test/1

@stevenf If you look closely, the web page just makes an API call to read a JSON file. I would say it's an... "unofficial" API at best tho.

@thedailyshow The last minute of the Roy Wood Jr segment is missing from the Apple TV! It's just a blank screen with the CC logo!

@dswiese @samuelhulick oh man you *just* missed https://domainswap.xyz last night! We'll do it again I promise!

Hey! Great to see you here!

@browniefed its gone 😱

@oscargodson @getflurryapp yeah that sounds super sketchy. Even if it's an honest mistake, they should fix that asap.

@andrewmiguelez You can join via Slack! https://chat.indieweb.org/slack There's a #microformats channel there connected to IRC

@andrewmiguelez Your question sparked quite the discussion! https://chat.indieweb.org/microformats/2017-04-25#t1493142254026000

@andrewmiguelez There are many approaches tho, join #microformats if you want to chat more! We have a Slack bridge: https://chat.indieweb.org/slack

@andrewmiguelez The u- prefix tells the parser where to find the value, so you can use a <data> element http://pin13.net/mf2/?id=20170425174631720

@aaronsaray Check out the plugin at https://github.com/aarongustafson/jekyll-webmention_io and the comments here: https://www.aaron-gustafson.com/notebook/pondering-fallback-content/

@aaronsaray I know several people who use it with a Jekyll site to fetch comments and build them in to the page. https://indieweb.org/webmention.io