Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
so far it's been mostly the other way around, but mainly because I did a big push on my personal channel while on PTO in December 😄 which paid off cause I went from 200 to 1500 subscribers in like 7 weeks 🎉
by "fragile" I mean things like vulnerable to popup blockers, popups are bad UX on mobile browsers, etc.
The spec has a way the AS can provide a URL that the user should visit to the app. So the app has to get the user to that URL somehow, doesn't matter how, and doesn't matter what that URL is.
1
There's also a new draft, Pushed Authorization Requests, which moves a bunch of the fragile bits out of the front channel. Similar but slightly different goal. tools.ietf.org/id/draft-lodd…
That's basically what the Device Flow is, except manual. You certainly could do that. I suspect it would be fragile at best though, and wouldn't work well in mobile browsers.
2
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 youtube.com/KT8ybowdyr0
2
2
8
I rode a Lime scooter in Prague once and for the next month all the emails I got from Lime were in Czech
1
1
I've heard "zebras" to counter the idea of "unicorns" zebrasunite.mn.co/
1
For sure, I'd love to see that.
I'm actually gonna be in Vancouver a couple times in the near future, it'd be great to meet up and chat more about this in person!
aaronparecki.com/trips
1
I apologize for the horrible confusion due to how I named these, but indielogin.com is not a replacement for indieauth.com from a user's point of view, only from the PoV of a website trying to authenticate users.
1
If you don't need Micropub support then your best bet is to remove the authorization_endpoint link so that the wiki will let you use any of its own supported options including Twitter.
If you do need Micropub support, then you're stuck with the current situation.
1
The wiki actually uses indielogin.com when you log in, which supports GitHub as well as Twitter and some other options.
If your site says to use indieauth.com then yes, GitHub is the only external authentication provider supported by indieauth.com.
Doesn't need to be an "official" event to post there at all! As long as it's vaguely IndieWeb adjacent, that's a great place to post it so more people can find it!
1
2
Awesome! Feel free to post that to events.indieweb.org as well!
1
1
@Facebook I thought this went away in April last year. Is the help page just a leftover artifact? Might be worth updating it!
1
oh no, please tell me this help article from Facebook is just way out of date...
facebook.com/help/2498178484…
"Why am I being asked to enter my email login information while trying to reset my Facebook password?"
They can't still be doing this, right?
1
3
I often talk about the tradeoffs between local and remote access token validation in my OAuth presentations. This blog post by my coworker is a nice demonstration of that in PHP! developer.okta.com/blog/2020…
1
1
that makes no sense. If a web page served from https (like youtube) links to an http link, then the target site *won't* get the URL that the link came from.
who asked this? one of the sites you link to? or some third party?