#gRegorLoveI thought you'd said something before about it making it cryptographically stronger. Maybe that was with IndieAuth though.
tantek and chrisaldrich1 joined the channel
#aaronpkI seem to remember something about the nonce adding to the entropy of the resulting string making it harder to reverse engineer the secret. If that's true, then it wouldn't matter whether the code has expired since you could gather a bunch of codes and analyze them even if they've expired
#KartikPrabhugetting back into indieweb-deving and found that everything is broken since I haven't updated stuff for a year!
KevinMarks, gRegorLove, KevinMarks_ and mblaney joined the channel
#mblaneyI would be interested in understanding more about /Private-Webmention, if someone wants to answer my questions (maybe even add the answers to the page)
#mblaneyit might be my lack of understanding of oauth in general, but what's the difference between an auth code and an access token?
#mblaneyie if as a webmention receiver, I'm going to provide an access token for any auth code I provide, what extra security is the back and forth providing?
#mblaneyalso if auth codes only last for 60 seconds, how will it work with async processing?
#mblaneyhappy to be pointed at oauth docs if these questions have already been answered!
#mblaney(sorry I think above should be: s/webmention receiver/webmention sender)
chrisaldrich_ and gRegorLove joined the channel
#gRegorLoveI don't know about the oauth reasonings behind it, but switching a short-lived auth code for the token seems like it's safer than just sending a longer-lived access token to the recipient.
#gRegorLove60s is a minimum on the auth token, can be up to 10 minutes.
#gRegorLoveaccess tokens can (optionally) not expire, too, so in that case you definitely want to receiver to initiate the process, not just send it to them directly; anyone in-between or with access to logs could access the private post then.
#sknebelpart of me thinks "they are just posts, dump them in the timeline and make sure your display code understands not to show it publicly", part of me wants to put them in their own, seperated space
#aaronpksknebel: i'm planning on showing private webmentions on post permalinks the same as normal webmentions except only visible to me, and with a visibility indicator so that i know it's not public
#sknebelthat's an idea. lots of pieces to build for that for me, but might be cleanest
chrisaldrich1 joined the channel
#ZegnatKevinMarks_, haven't you read the Brighton demos? ? I am building my feed at https://licit.li