Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋

Portland, Oregon
Joined April 2008
Replying to @anderspitman
I was trying to say feel free to pick and choose and use just the client ID part. I think that'd be a huge benefit for OAuth as a whole for the exact kind of use case you're talking about.
1
Replying to @anderspitman
Doesn't have to be a top level domain, just a URL. Both users and apps are identified by URLs. I do think there's value in just client IDs being URLs in some cases, demonstrated by the fact that Home Assistant picked out just that part of the spec for their OAuth API.
2
I like to think of myself as a somewhat organized person. But all these SD cards have photos and videos from different trips and projects and cameras, in no particular order, and I really need to sort out what has already been backed up and what exists only on the cards.
3
3
Replying to @anderspitman
You're not wrong. You may want to give this a read, which addresses that exact problem: aaronparecki.com/2018/07/07/… We use this a lot for the case you're talking about, where app developers have no relationship with the OAuth service the app is talking to.
1
Microformats != Microdata microformats.io tbh I also can't stand the itemprop= itemscope= stuff, it's so messy. That's why I like the Microformats approach instead.
Like I said already, only if you care about SEO. If SEO is your goal, you do what Google says. There's plenty of uses of structured data outside of that (including the tools that I use to read and post to Twitter) which are easier done using Microformats
2
3
Literally on schema.org... "Founded by Google, Microsoft, Yahoo and Yandex..." and look at the names on their about page too. Even if it's not created exclusively by them (which I never said), that looks an awful lot like an oligopoly to me anyway.
1
Frankly "linked data" is not a priority for me. There's plenty of useful structured data that is not LD, and tbh most developers who use JSON-LD don't even know about the LD part, they just copy the examples and wonder why they have "@context" everywhere
Yes, read the linked post, it's from 2016
1
If all you care about is SEO then do whatever Google says to do this year and you're fine. Today that's JSON-LD, tomorrow it's ???? I need to update this chart for 2020 but as we see, history keeps repeating itself. aaronparecki.com/2016/12/17/…
2
2
2
Replying to @kmikeym
the guy that runs your website must be really good
1
so far it's been mostly the other way around, but mainly because I did a big push on my personal channel while on PTO in December 😄 which paid off cause I went from 200 to 1500 subscribers in like 7 weeks 🎉
Replying to @anderspitman
by "fragile" I mean things like vulnerable to popup blockers, popups are bad UX on mobile browsers, etc.
Replying to @anderspitman
The spec has a way the AS can provide a URL that the user should visit to the app. So the app has to get the user to that URL somehow, doesn't matter how, and doesn't matter what that URL is.
1
Replying to @anderspitman
There's also a new draft, Pushed Authorization Requests, which moves a bunch of the fragile bits out of the front channel. Similar but slightly different goal. tools.ietf.org/id/draft-lodd…
Replying to @anderspitman
That's basically what the Device Flow is, except manual. You certainly could do that. I suspect it would be fragile at best though, and wouldn't work well in mobile browsers.
2
Software/security education (work channel) Camera gear tutorials and reviews (personal channel)
1
4
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 youtube.com/KT8ybowdyr0
2
2
8