#dev 2021-09-18

2021-09-18 UTC
Seirdy, [jeremycherfas], hendursa1, jjuran and barryf[d] joined the channel
#
@duhayon_eric How to Use Webmentions with Gatsby.js – A Beginner's Guide https://www.freecodecamp.org/news/how-to-use-webmentions-with-gatsby-beginners-guide/ (twitter.com/_/status/1439171579926261760)
tetov-irc joined the channel
#
capjamesg[d] [KevinMarks]++ for his thoughts on linking in this week's Europe HWC.
#
Loqi [KevinMarks] has 17 karma in this channel over the last year (46 in all channels)
#
capjamesg[d] I typed in "awk" and was led to a lovely comic about awk.
#
capjamesg[d] Links are really helping to improve relevance.
KartikPrabhu and hendursaga joined the channel
#
GWG !tell jamietanna When you have a few minutes, would you be able to act as a sounding board for refresh token implementation?
#
Loqi Ok, I'll tell them that when I see them next
hendursaga, [Michael_Ungar], alex11 and [schmarty] joined the channel
#
[snarfed] https://v2.jacky.wtf/ has been down for the last day or so. :hugops: jacky, hope it's back up soon!
#
GWG So, I built a simple refresh token implementation, but the refresh tokens aren't tied to the access tokens, so the only way a refresh token gets removed is if it expires or is redeemed. Seems wrong
KartikPrabhu and jamietanna joined the channel
#
jamietanna GWG I don't have them tied currently (nor have revocation) but I'm planning on having a "consent ID" that'll be in both tokens, and be what can be used to revoke both tokens by the user
#
Loqi jamietanna: GWG left you a message 5 hours, 36 minutes ago: When you have a few minutes, would you be able to act as a sounding board for refresh token implementation?
#
GWG jamietanna: My access tokens have a generated uuid I put in a few versions ago I could link to
#
GWG I have revokation for access, not refresh tokens
#
GWG Authorization codes, access tokens, and refresh tokens are all stored the same way, using the same class with only different locations passed.
#
jamietanna Yeah so I guess you'd probably want i.e. the UUID that's in the access token to be linked to the authorization code, and refresh token too
#
GWG That's a good idea.
#
GWG I don't put a uuid in the authorization code.
#
GWG I should pass the same one along.
#
Loqi +1
#
GWG So, if I redeem a refresh token, I should invalidate the old refresh token, which is fine, but should I also invalidate the access tokens associated with that refresh token, or just let them expire naturally?
shoesNsocks1 and jamietanna1 joined the channel
#
jamietanna1 The user / app has said revoke, so generally all access should be revoked ASAP
#
jamietanna1 Oh wait sorry this is on a refresh
#
jamietanna1 No an access token should still be valid
#
aaronpk i would say it makes sense to revoke the access token immediately too. since only one client should be using the access token, if that client uses the refresh token then it should never be using the previous access token again
#
aaronpk the only exception is clients that are made up of multiple parts (threads, processes, etc) where they may not be able to coordinate between all the parts
#
GWG Do we have any of those?
#
GWG Also looking for other reasons that I might want to revoke a refresh token...lack of use of the associated access token?
#
GWG I should have this done tonight.
#
GWG Although this idea of having the uuid be generated by the authorization code and passed to the access token it uses.. interesting
nertzy joined the channel
#
@AndySylvester99 @ryantate, you should take a look at https://brid.gy/ and https://www.w3.org/TR/webmention/, let me know if you would like to discuss further... #scriptingnews http://oldschool.scripting.com/ryantate/2021/09/17/191812.html (twitter.com/_/status/1439344817402793990)
#
@AndySylvester99 @ryantate, you should take a look at https://brid.gy/ and https://www.w3.org/TR/webmention/, let me know if you would like to discuss further... #scriptingnews http://oldschool.scripting.com/ryantate/2021/09/17/191812.html (twitter.com/_/status/1439344817402793990)
tetov-irc and KartikPrabhu joined the channel