singpolyma
https://github.com/singpolyma
•
Apr 25
WeChat ID
aaronpk_tv
-
In practice this is enforced by the PHP process itself. PHP has a setting for a maximum memory limit, at which point the process will be killed. I'm not really interested in trying to solve this for real using some sort of stream solution, since the vast majority of content this is used for is relatively small pages. -
Hello from @donutjs, packed house tonight! We're livestreaming tonight thanks to support from @oktadev! https://youtu.be/4czBvCbtiWw
-
Portland, Oregon • Tue, April 24, 2018 5:32pm#DonutJS setup
-
We are very happy to let you know that @oktadev is sponsoring our video recording and production!
Okta provides authentication, authorization, and user management to your web or mobile app. Learn more at http://developer.okta.com!
ππ©βΏπ©π -
Hello everybody, Donut.js is tonight! Tickets are still available! Join us at 6pm at @AlchemyCodeLab for superb talks from @ryrykubes and @sandyaaaas and @elnoelle. Come support http://portlandmeetportland.org! Come and eat donuts and chat and party! https://donutjs.club
-
Adam Lewis
https://twitter.com/lewiada
•
Apr 24
and what about for storing the access token in the browser?
Sadly there isn't a satisfying answer to that. Anything that your JS can use to store any token is vulnerable to XSS. The only secure option is cookies, but that won't work with OAuth. https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage -
@buffer Does this Facebook API announcement mean publishing to Facebook from Buffer will stop working? https://developers.facebook.com/blog/post/2018/04/24/new-facebook-platform-product-changes-policy-updates/
-
Aaron Parecki
https://aaronparecki.com/
•
Apr 24
BCP for public UA clients:
β’ use the authorization code flow
β’ omit client secret
β’ strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps
I agree it would be nice to see this written up properly though. In the mean time, I'm adding a section to my book about this. -
Adam Lewis
https://twitter.com/lewiada
•
Apr 24
We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.
BCP for public UA clients:
• use the authorization code flow
• omit client secret
• strict redirect URI validation
Some citations and more info: https://aaronparecki.com/oauth-2-simplified/#single-page-apps -
We do implement native apps per RFC8252 including code flow, custom tabs and PKCE, and we use OIDC for authentication to web apps. But doing ua-based-apps / SPAs right is ambiguous at best and I keep hoping for the @oauth_2 WG to begin work on an ua-based client BCP.
-
To address some audiovisual technical difficulties, weβve been working with @aaronpk and @AlchemyCodeLab to overhaul our presentation and recording setup. Just got back from a second round of testing everything out, and itβs looking and sounding great!! ππ©βΏπ©πΉ
-
Portland, Oregon • Mon, April 23, 2018 2:14pmGot the second to last copy of John Oliver's Marlon Bundo book!
-
Managed to complete the dance of creating an event and rsvp'ing through #Indigenous, then displaying attendees on the #Drupal side. #indieweb
-
Wow. I guess itβs time we all stopped using @eventbrite. They claim the right to attend your event, film it, and own the copyright. https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-merchant-agreement?lg=en_US#8
-
Portland, Oregon • Sat, April 21, 2018 4:19pm
-
at Gate 75San Francisco, California • Fri, April 20, 2018 6:46pm
-
San Francisco, California • Fri, April 20, 2018 6:39pm
-
San Francisco, California • Fri, April 20, 2018 6:27pm
