Aaron Parecki

Vika https://fireburn.ru/ • Nov 6
Finally I have restored my database, as I bought a SATA cable. Sorry for the radio silence, I hope your readers won't overflow!

#postmortem TL;DR: tried to disassemble my server, fried the BIOS, too lazy to bring it to service center and all my data was locked up on a HDD to which I couldn't connect. But I bought a SATA cable and heroically retrieved the database.

Even shorter TL;DR: you need a backup off-site. I'll probably set up a cron job that will send the DB dump to a remote server.

:hugops: backups are good! I have learned this the hard way.

Malmö, Skåne län • 34°F

1 reply

Thu, Nov 7, 2019 12:33am +01:00
Jesse Radonski https://twitter.com/JesseRad • Nov 6
Wear headphones. Drink heavily.

same tbh

Malmö, Skåne län • 34°F

Thu, Nov 7, 2019 12:26am +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Cool, that's worth a try. That said, I only have the server running locally at the moment so I'm guessing that won't work. Thanks again for the help, though.

Oh yeah that's the other thing, you can't use localhost as a redirect. At least not last time I tried. What did you put in the redirect url field in Apple when setting this up?

Malmö, Skåne län • 34°F

Thu, Nov 7, 2019 12:25am +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
I have a GraphQL server (Prisma) and I'm sending the auth code there. Then, on that server, I'm trying to validate the auth code with Apple. Once it validates, I'd either be creating a user and sending a session token back or signing a user in by sending back a session token.

Cool, so that URL on the GraphQL server is the redirect_url, and that's what needs to be sent in that POST request.

Malmö, Skåne län • 39°F

2 replies

Wed, Nov 6, 2019 6:51pm +01:00
Gary https://twitter.com/every_daydad • Nov 6
There is a noticeable lag but just having a second window to hold non-priority screens is awesome.

ah bummer I was hoping they could do magic being closer to the metal at both ends. Guess it's cool that it'll be built in now tho.

Duet has been a lifesaver when I need to see speaker notes but also need to share the slides via Zoom.

Malmö, Skåne län • 39°F

2 likes

Wed, Nov 6, 2019 6:41pm +01:00
Gary https://twitter.com/every_daydad • Nov 6
Today during lunch I'm trying to finish the edit for Friday's video as I've got a pretty busy week ahead.

And I'll tell you what, MacOS side car basically gives you dual screen capability that fits in your backpack.

It's going to change how I travel.

🤯

How's the latency? I've been using Duet for a while, but it's a bit laggy and occasionally has some compression artifacts, so I mainly only use it as a second display for presentations.

Malmö, Skåne län • 39°F

2 likes 2 replies

Wed, Nov 6, 2019 6:34pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.

Also you need to be exchanging the authorization code from a server somewhere, because you can't ship this app with the client secret built in.

Malmö, Skåne län • 39°F

1 reply

Wed, Nov 6, 2019 6:32pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Interesting. I’ll give it a go again in case I missed something. I’m not sure what the redirect_uri will be in my React Native, though. Thanks for the help, by the way. Appreciate it.

What URL are you sending people back to to have Apple deliver the authorization code to? That's the redirect URL, and you have to have configured it in the request and in the developer console anyway too.

Malmö, Skåne län • 39°F

Wed, Nov 6, 2019 6:32pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

I remembered why `redirect_uri` is optional in their docs 😂

They document both the auth code and refresh token request with the same list. You don't send the `redirect_uri` when using a refresh token, hence it's an optional parameter.

Malmö, Skåne län • 39°F

Wed, Nov 6, 2019 6:19pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Hey. Yeah, I also wondered that so I decoded the generated JWT and it looks like exactly what's required and shown at the bottom of this document.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Ok I was curious so I tested myself. I get the `invalid_grant` error unless I include the `redirect_uri` in the POST request with the authorization code.

Malmö, Skåne län • 39°F

5 replies

Wed, Nov 6, 2019 6:16pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Good idea. I'll give that a go. Based on the Apple docs, it requires the JWT to be created "using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm", which I'm doing with the `jsonwebtoken` library.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Make sure to include exactly the claims in their docs. I was finding some JWT libraries would add their own stuff into it or change things around slightly. Probably easiest to verify by base64 decoding the claims after you generate it.

Malmö, Skåne län • 40°F

4 replies

Wed, Nov 6, 2019 4:22pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
As I'm also using Expo, I followed the following to start with and there was no redirect_uri used.

https://medium.com/appandflow/eli5-sign-in-with-apple-for-react-native-using-expo-sdk35-node-js-5210cdb94bd6

I tried with one and it didn't make a difference. Also, in Apple's documentation, it doesn't show redirect_uri as being required.

https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens

Huh I missed that in their docs. My next guess is your client secret JWT isn't being generated properly. Try generating it with the Ruby code in my post, it's very picky.

Malmö, Skåne län • 41°F

1 reply

Wed, Nov 6, 2019 4:02pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Hi, Aaron. Thanks for the link to your great article. Unfortunately, for me, I still can't get past the "invalid_grant" issue. I'm doing this for an Expo (React Native) app so things are slightly different in that I don't need redirect_url, etc. but generally it's the same. Hmm.

Why do you say you don't need a redirect_uri? That's probably the problem if you're not including it.

Malmö, Skåne län • 41°F

4 replies

Wed, Nov 6, 2019 3:35pm +01:00
Mike Ortiz https://twitter.com/ortizmj12 • Nov 1
hey @aaronpk, thanks again for the great talk at #bsidespdx! Any chance you'll be sharing the slide deck? I wanted to review them again and there were some links in there I wanted to follow up on :)

Video is up and slides are linked from there! https://www.youtube.com/watch?v=xSDeToCyJjo&list=PLRyLn6THA5wN05b3qJ6N0OpL3YbritKI-

Malmö, Skåne län, SWE • 41°F

1 like 1 reply

Wed, Nov 6, 2019 2:49pm +01:00
Darryl Young https://twitter.com/darryl_young • Nov 6
Ah, that’s a shame. It seemed to be going well so far and I thought I'd be done today but since getting "invalid_grant" I've made no progress (I'm using it in an Expo app). I've seen it mentioned in a few places but nobody seems to have a solution. Thanks for the quick reply. 👍

They pushed out some changes a little bit ago and I have been able to exchange the authorization code and get the user info now! I updated my post so maybe take a look through it again. https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple

Malmö, Skåne län, SWE • 40°F

1 like 2 replies

Wed, Nov 6, 2019 2:38pm +01:00
dietrich https://mastodon.social/@dietrich • Nov 5
Feels like Gmail folders/labels are loading reeeeaaaallllyyy slow these days.

half the time gmail fails to show some of the labels on an email, which is great when I try to go add it, and instead it then toggles the label off 🤦‍♂️

Malmö, Skåne län • 38°F

1 reply

Wed, Nov 6, 2019 11:13am +01:00
Internet of Shit https://twitter.com/internetofshit • Nov 4
Hello yes, Best Buy is bricking lights because it doesn’t feel like maintaining them anymore 😳

Good timing, I'm using this example in a talk I'm doing this week ☺️

Malmö, Skåne län, SWE • 41°F

3 likes

Tue, Nov 5, 2019 2:11pm +01:00
Justin Schuh 🤬 https://twitter.com/justinschuh • Nov 4
My favorite thing about anti-Google conspiracy theories is that they all assume a level of top-down strategy and coordination across product areas that's so far beyond what the company is capable of.

I try to tell people this all the time tbh

Malmö, Skåne län • 45°F

Tue, Nov 5, 2019 12:43am +01:00
Andy Baio https://twitter.com/waxpancake • Nov 4
This new blazingly-fast open-source library isolates vocals from music, built on a TensorFlow model trained on tens of thousands of songs. I tested it on Lizzo, Billie Eilish, Lil Nas X, Marvin Gaye, and others—listen to the results here. https://twitter.com/waxy/status/1191432430298775555

what the... this is literally something I dreamed about being able to do 20 years ago and never in a million years thought computers would be able to come close

Malmö, Skåne län • 45°F

9 likes

Tue, Nov 5, 2019 12:37am +01:00
Gary https://twitter.com/every_daydad • Nov 4
Man it feels so good to be working on an iPad again.

I think he iPad Pro is the absolute best productivity tool I’ve ever come across and using it over the last day with iPadOS its even better.

The only thing it cant do is play WoW 😭

Are you editing videos on it too?? That's the one thing I haven't found easier on the iPad. I do prefer it for editing in Lightroom now tho!

Malmö, Skåne län • 45°F

1 like

Mon, Nov 4, 2019 10:35pm +01:00

older