Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
I was trying to say feel free to pick and choose and use just the client ID part. I think that'd be a huge benefit for OAuth as a whole for the exact kind of use case you're talking about.
1
Doesn't have to be a top level domain, just a URL. Both users and apps are identified by URLs.
I do think there's value in just client IDs being URLs in some cases, demonstrated by the fact that Home Assistant picked out just that part of the spec for their OAuth API.
2
I like to think of myself as a somewhat organized person.
But all these SD cards have photos and videos from different trips and projects and cameras, in no particular order, and I really need to sort out what has already been backed up and what exists only on the cards.
3
3
You're not wrong.
You may want to give this a read, which addresses that exact problem: aaronparecki.com/2018/07/07/…
We use this a lot for the case you're talking about, where app developers have no relationship with the OAuth service the app is talking to.
1
Microformats != Microdata
microformats.io
tbh I also can't stand the itemprop= itemscope= stuff, it's so messy. That's why I like the Microformats approach instead.
Like I said already, only if you care about SEO. If SEO is your goal, you do what Google says. There's plenty of uses of structured data outside of that (including the tools that I use to read and post to Twitter) which are easier done using Microformats
2
3
Literally on schema.org... "Founded by Google, Microsoft, Yahoo and Yandex..." and look at the names on their about page too. Even if it's not created exclusively by them (which I never said), that looks an awful lot like an oligopoly to me anyway.
1
Frankly "linked data" is not a priority for me. There's plenty of useful structured data that is not LD, and tbh most developers who use JSON-LD don't even know about the LD part, they just copy the examples and wonder why they have "@context" everywhere
If all you care about is SEO then do whatever Google says to do this year and you're fine. Today that's JSON-LD, tomorrow it's ???? I need to update this chart for 2020 but as we see, history keeps repeating itself. aaronparecki.com/2016/12/17/…
2
2
2
You might be surprised what you can do with Microformats...
aaronparecki.com/2018/03/12/…
Even this tweet originated from my own website using tools built on Microformats.
1
2
2
so far it's been mostly the other way around, but mainly because I did a big push on my personal channel while on PTO in December 😄 which paid off cause I went from 200 to 1500 subscribers in like 7 weeks 🎉
by "fragile" I mean things like vulnerable to popup blockers, popups are bad UX on mobile browsers, etc.
The spec has a way the AS can provide a URL that the user should visit to the app. So the app has to get the user to that URL somehow, doesn't matter how, and doesn't matter what that URL is.
1
There's also a new draft, Pushed Authorization Requests, which moves a bunch of the fragile bits out of the front channel. Similar but slightly different goal. tools.ietf.org/id/draft-lodd…
That's basically what the Device Flow is, except manual. You certainly could do that. I suspect it would be fragile at best though, and wouldn't work well in mobile browsers.
2
Why do we even have OAuth at all? Take five minutes and find out! New video! 🎥👉 youtube.com/KT8ybowdyr0
2
2
8