Aaron Parecki

Anders Pitman https://twitter.com/anderspitman • Jan 21
What do you think would be fragile about my approach? Giving the client control over the random value?

by "fragile" I mean things like vulnerable to popup blockers, popups are bad UX on mobile browsers, etc.

Portland, Oregon • 47°F

Tue, Jan 21, 2020 3:59pm -08:00
Anders Pitman https://twitter.com/anderspitman • Jan 21
That's interesting. After a quick review, it does seem pretty similar. Why the timeout polling instead of long polling? Does the spec dictate what back-channel you send the user to?

The spec has a way the AS can provide a URL that the user should visit to the app. So the app has to get the user to that URL somehow, doesn't matter how, and doesn't matter what that URL is.

Portland, Oregon • 47°F

1 reply

Tue, Jan 21, 2020 3:58pm -08:00
Anders Pitman https://twitter.com/anderspitman • Jan 21
Why not open a new tab for interacting with the auth server, while simultaneously opening a back channel request in the original session? Once the user has authenticated/authorized from the new tab, the back channel request would resolve. 2/

There's also a new draft, Pushed Authorization Requests, which moves a bunch of the fragile bits out of the front channel. Similar but slightly different goal. https://tools.ietf.org/id/draft-lodderstedt-oauth-par-00.html

Portland, Oregon, USA

Tue, Jan 21, 2020 11:05am -08:00
Anders Pitman https://twitter.com/anderspitman • Jan 21
Why not open a new tab for interacting with the auth server, while simultaneously opening a back channel request in the original session? Once the user has authenticated/authorized from the new tab, the back channel request would resolve. 2/

That's basically what the Device Flow is, except manual. You certainly could do that. I suspect it would be fragile at best though, and wouldn't work well in mobile browsers.

Portland, Oregon, USA

4 replies

Tue, Jan 21, 2020 11:04am -08:00
Dave Maze https://twitter.com/davemaze • Jan 21
what kind of videos do you make? respond below

Software/security education (work channel)
Camera gear tutorials and reviews (personal channel)

Portland, Oregon • 45°F

4 likes 1 reply

Tue, Jan 21, 2020 8:37am -08:00
Amanda J. Rush https://twitter.com/cswordpress

Google finally realizes it created a trashfire. They should just support Microformats 2, much easier to construct and therefore use. https://twitter.com/googlewmc/status/1219565763759165441

Portland, Oregon • 45°F

Tue, Jan 21, 2020 4:35pm +00:00 (liked on Tue, Jan 21, 2020 8:36am -08:00)
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 https://youtu.be/KT8ybowdyr0

Portland, Oregon, USA • 44°F

8 likes 3 reposts 2 replies 2 mentions

Tue, Jan 21, 2020 7:52am -08:00 #oauth #okta
Chillian J. Yikes! https://twitter.com/jilliancyork

Ha happened to me too, but Polish.

Portland, Oregon • 43°F

Tue, Jan 21, 2020 2:44pm +00:00 (liked on Tue, Jan 21, 2020 6:44am -08:00)
Chillian J. Yikes! https://twitter.com/jilliancyork • Jan 8
A Thing That Annoys Me: When a website *has* English translation/text, but because I'm in Germany, I'm only offered the German version, with no chance to switch language. Fix this, engineers!

I rode a Lime scooter in Prague once and for the next month all the emails I got from Lime were in Czech

Portland, Oregon • 43°F

1 like 1 reply

Tue, Jan 21, 2020 6:43am -08:00
https://jgregorymcverry.com https://twitter.com/jgmac1106 • Jan 21
#IndieWeb more a philosophy for the web rather than a businesses. Though many companies (including mine) embrace these values.

phrase you want is "small business"

Also like @bryce idea of "real business"

Let revenue define roadway. (https://quickthoughts.jgregorymcverry.com/s/1sO8h8)

I've heard "zebras" to counter the idea of "unicorns" https://zebrasunite.mn.co/

Portland, Oregon • 43°F

1 repost

Tue, Jan 21, 2020 6:06am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
no apology necessary, we’re all in this together!

I’m digging into this stuff so that others don’t have to.

Ideally we can add an endpoint to something like IndieKit which is easily self hostable. Everything is a little piecemeal right now.

For sure, I'd love to see that.

I'm actually gonna be in Vancouver a couple times in the near future, it'd be great to meet up and chat more about this in person!

https://aaronparecki.com/trips

Portland, Oregon • 45°F

Mon, Jan 20, 2020 9:50am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
more thinking about what to include in the template. I can update to IndieLogin, so at least people can link Twitter and Github to different sites.

Single-file selfauth looks interesting https://indieweb.org/selfauth -- hmm, but not a token endpoint

I apologize for the horrible confusion due to how I named these, but indielogin.com is not a replacement for indieauth.com from a user's point of view, only from the PoV of a website trying to authenticate users.

Portland, Oregon • 45°F

1 reply

Mon, Jan 20, 2020 9:45am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
@aaronpk is Github the only "external" IndieAuth supported provider right now? Other than email / pgp?

I temporarily edit my Github profile link for different sites right now, which is not ideal.

If you don't need Micropub support then your best bet is to remove the authorization_endpoint link so that the wiki will let you use any of its own supported options including Twitter.

If you do need Micropub support, then you're stuck with the current situation.

Portland, Oregon • 44°F

2 replies

Mon, Jan 20, 2020 9:25am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
@aaronpk is Github the only "external" IndieAuth supported provider right now? Other than email / pgp?

I temporarily edit my Github profile link for different sites right now, which is not ideal.

The wiki actually uses https://indielogin.com when you log in, which supports GitHub as well as Twitter and some other options.

If your site says to use indieauth.com then yes, GitHub is the only external authentication provider supported by indieauth.com.

Portland, Oregon • 44°F

Mon, Jan 20, 2020 9:23am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
Yeah, theoretically @patdryburgh & I ran some "official" events a couple of times, but going to keep it casual for now.

More about writing & info management than tools although I will demo my Jekyll + IndieKit template https://github.com/bmann/so-simple-indieweb

Doesn't need to be an "official" event to post there at all! As long as it's vaguely IndieWeb adjacent, that's a great place to post it so more people can find it!

Portland, Oregon • 43°F

2 likes 1 reply

Mon, Jan 20, 2020 9:09am -08:00
Boris Mann https://twitter.com/bmann • Jan 20
This evening in #Vancouver, come join and work on your writing, blog tinkering, theme twiddling, or any other creative computer activity :)

IndieWeb friendly, I'm happy to do some demos.

Starts at 5:30pm in the @FISSIONcodes amenity room https://talk.fission.codes/t/work-on-your-writing-coworking/431

Awesome! Feel free to post that to https://events.indieweb.org as well!

Portland, Oregon • 43°F

1 like 1 reply

Mon, Jan 20, 2020 9:02am -08:00
Randall Degges https://twitter.com/rdegges

Australia had the best coffee. Every time I'm here I'm reminded of how much better it is that what we have in the US.

Portland, Oregon • 51°F

Sun, Jan 19, 2020 10:13pm +00:00 (liked on Sun, Jan 19, 2020 2:41pm -08:00)
Making Meetable Easier to Install

I've been working towards making Meetable more useful to others by making it easier to configure and deploy. I took a few shortcuts during the initial development that let me finish it faster, primarily by offloading authentication and image resizing to external services. While that's great for me, it means it requires setting up two additional projects if someone else wanted to get it running.
continue reading...

2 likes 3 reposts 2 bookmarks 1 mention

Sat, Jan 18, 2020 3:30pm -08:00 #meetable #events #indieweb
Dave Maze https://twitter.com/davemaze

i just spent a few hours going through all my videos on youtube changing titles, adding new links, and adding mid-roll ads to videos more than 10 minutes. I'll report back with numbers in 30 days... would be interesting to see some changes in revenue and reach on older vids

Portland, Oregon • 40°F

Sat, Jan 18, 2020 2:20am +00:00 (liked on Fri, Jan 17, 2020 6:34pm -08:00)
Aaron Parecki https://aaronparecki.com/ • Jan 17
oh no, please tell me this help article from Facebook is just way out of date...

https://www.facebook.com/help/249817848463304

"Why am I being asked to enter my email login information while trying to reset my Facebook password?"

They can't still be doing this, right?

@Facebook I thought this went away in April last year. Is the help page just a leftover artifact? Might be worth updating it!

Portland, Oregon • 43°F

1 reply

Fri, Jan 17, 2020 2:48pm -08:00

older

Aaron Parecki

Making Meetable Easier to Install