#dev 2024-12-14

2024-12-14 UTC
# 00:14 
superkuh title is the new alt
# 00:15 
superkuh In most browser they will no longer a:hover img display alt text.
# 00:15 
superkuh Only title.
# 00:15 
superkuh Or, well, any hover, not just a:
# 00:19 
gRegor Different use cases. Alt text shouldn't display on hover.
# 00:23 
[tantek]2 ^
grufwub joined the channel
# 01:35 
carrvo [schmarty]++ "The token introspection endpoint is intended to be used only internally" really hits your point.
# 01:35 
Loqi [schmarty] has 6 karma in this channel over the last year (27 in all channels)
# 01:36 
[tantek]2 Sigh, now that Dopplr has been reinvented, perhaps it is time to figure out not only IndieWeb venues, but cities as well
# 01:42 
superkuh Alt text displayed on hover an that was it's use case for 15 years.
# 01:42 
superkuh I was shocked when I learned they'd changed it.
# 01:44 
carrvo I would like to have the server (hosting the app, not the app itself) approve user-facing (not API) endpoints, that are currently just webpages. In order words it acts as both a client and resource server. Introspection or JWTs seems to be the two ways to do this...but your comment will have to make me rethink.
# 01:47 
carrvo If simple webpages are not considered resources then I don't understand how they are intended to be protected. Almost as if it must be wrapped in an app (say, a tiny amount of PHP to check that logged in); or that it is public and must separately retrieve content (say, with JavaScript).
# 02:14 
gRegor carrvo, Do you want to restrict URLs to certain domains signing in? If so I think you only need the `profile` scope and no access token needs to be involved. Once they authorize, you have their domain as the `me` and can restrict pages based on that
lockywolf joined the channel
# 02:16 
gRegor I never recall alt text showing on hover. Quick search looks like IE might have mistakenly done that, but yeah, it wasn't intended as a tooltip
# 02:40 
[tantek]2 ^
# 03:17 
carrvo gRegor Essentially, but Apache authorized. I really like what I have even though it does not sound like best practices so I will have to shelve thinking about this for a few months until I have more time. I think I will have to build an Apache Authn module to do it the "proper" way (instead of the existing mod_oauth2 module). Then I can support more existing implementations.
Pixi, barnaby, GuestZero, GuestZero_, nemonical, sebbu, [morganm], GWG, rrix, gRegor and gRegorLove_ joined the channel