Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
#OReillySACon Come by the @okta booth if you'd like some #oauth cat stickers! Also if you want a PDF of my book and the slides from the talk, make sure we scan your badge!
3
1
I'm giving a talk on #OAuth at #OReillySACon tomorrow! 3:50pm in Sutton North. I'll have books and cat stickers to give out afterwards too! conferences.oreilly.com/soft…
6
21
🎉 Welcome! Definitely agree this needs to be easier, but it's slow progres. The fact that you were able to get this far is an excellent demo of how much easier it's become compared to 5 years ago!
1
Yeah that may be easiest 😭 I was hoping there was some service that allows unauthenticated requests but with arbitrary paths cause then you could write to like example.com/longrandomstring… = value. But mebbe I don't understand exactly
2
tbh it sounds like the simplest thing is to have each app generate its own long random string and use that as basically the key for writing and reading data. And this coming from someone who is clearly a fan of OAuth.
1
1
I have this same problem. It's never worked for me when switching timezones, unless I very carefully choose when I sync with the phone and when I change my timezone. It overwrites data if I don't do it carefully.
Whatever @zoom_us did to make their iOS app work on a plane, I am impressed. Sounds totally fine and I'm on a conference call from 35,000 feet.
1
7
Spent the afternoon at the city permit office researching building codes and land use review. There's a lot of parallels between building codes and software specs.
Can you imagine if there was a similar permitting process for building websites and apps?
4
5
1) this crap still exists even when the website is hosted by medium but served from a custom domain, so that won't stop it everywhere
2) that's not the point
2
It's already been a year since #IndieAuth was published as a @W3C Note! Support from new services and some new plugins as well! aaronparecki.com/2019/01/23/…
5
6
If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: developer.okta.com/blog/2019…
6
11
I just wrote this up since I couldn't find a good answer online! developer.okta.com/blog/2019…
Hope it helps!
1
1
Even though my site uses webmention.io as its endpoint, I use the web hooks to push all the responses to my site where it stores its own copy of them.
Neither. The dashboard only shows the latest few, but that's just me being lazy and not giving you a UI to page through older ones. It stores them all forever, and I have no plans to delete old ones there.
But you're right that you should copy that data to your own site somehow!
That's basically the idea with indieauth.net to let you bring you own identity and authentication mechanism when logging in to sites. There's a fair number of providers and support for it but nothing at the scale of Facebook yet.
3