Aaron Parecki @aaronpk

Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋

 Portland, Oregon
aaronparecki.com
Joined April 2008
  • Tweets 11,388
  • Following 1,223
  • Followers 6,415
643 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
Replying to @Cambridgeport90
hmm, they are sent just like regular webmentions, are they getting flagged by akismet or something?
2
Replying to @tlodderstedt @_nat_en
In my testing, I wasn't able to use an authorization code twice. Did you see something different?
2
Replying to @BrockLAllen @rmondello
for real! I'm so curious. I can't tell if it was just like one Apple engineer who read OAuth/OIDC and then built this, or if it was actually thought through by a team.
2
Replying to @rabble @gregcohn
Their docs are wrong in a few places and are missing a lot of info.
1
Replying to @rabble
They actually have a way you can edit the name that's sent back to the app!
1
1
2
Replying to @improvegvmnt
Nope, haven't found that yet! It's missing from their docs too. I'm going to keep playing with it though.
1
Replying to @dwaite
😂😂😂 Yep I use it in my book and I've also been using it for testing out redirect URIs in workshops and stuff!
1
Replying to @Wizages @DanieleVistalli
verify where? The unique ID comes back in the ID token not the access token. (also happy to take this to DM)
Replying to @Wizages @DanieleVistalli
Another question, if there is no `user_info` endpoint, what are the access token and refresh tokens for?
1
Replying to @Wizages @DanieleVistalli
Progress! I now get the screen which lets me edit my name and choose the email to share. I only see that the first time, all subsequent requests show a confirmation only. Still no luck actually getting the email address back in the ID token though.
1
Replying to @Wizages @DanieleVistalli
I will go test this out with new app credentials though to confirm. Thanks for the lead!
1
Replying to @Wizages @DanieleVistalli
interesting. well the bug is that I have *never* gotten it, because I didn't request it the first time, and now I can't request it ever again.
1
Replying to @Wizages @DanieleVistalli
Just verified again, and I don't get back name or email address when I request "name email" scope. I did find a bug where apparently Apple is ignoring the "scope" parameter after the very first time you authorize an app though, so could be related.
1
Replying to @Wizages @DanieleVistalli
Brilliant, thanks for the info! Have you been able to successfully request name and email scope yet? It wasn't working in my testing.
Replying to @TYsewyn @Stephan007 @mraible
Some people like to use JWTs for access tokens or other self-encoded mechanisms. There are definitely trade-offs.
Replying to @Stephan007 @mraible
if your access tokens are just a reference to a record in a database (the hotel key is just a number, and the doors look up access info in a central server), then you can update the roles in the existing token.
Replying to @Stephan007 @mraible
The analogy continues... with JWT access tokens, that's like encoding access data into the hotel key card. You'd have to go back to the front desk to get a new card.
Replying to @Stephan007 @mraible
The answer is it depends on how your access tokens / hotel key cards are implemented!
Replying to @Wizages @DanieleVistalli
I haven't found it yet. I wouldn't be surprised if they just don't have that endpoint
2
1
This book by @anomalily definitely helped me get a handle on my money situation. 💵 You should have seen me before. 🙈 And now her Kickstarter for the second print run is just shy of the $10,000 stretch goal! Let's get it over the top! 🚀 kickstarter.com/projects/ano…
2
6
Load more