Federati Nu: Federated N-series GNU Social
  • Login
It's "All Of Us For All Of Us" Or We're On Our Own
  • Public

    • Public
    • Groups
    • Popular
    • People

Notices tagged with oauth

  1. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 05-May-2021 01:59:15 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    I see an update for #AndStatus. Yuri, have you been keeping track of the changes in #GNUsocial ? Are you ready to support the new API (and updated #OAuth) on upgraded instances?
    In conversation Wednesday, 05-May-2021 01:59:15 UTC from Shoyu permalink
  2. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Friday, 23-Oct-2020 17:39:52 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • mangeurdenuage
    @mangeurdenuage Something else to share with @x@neckbeard.xyz ...

    It is possible that #Discord uses #OAuth. In that case, there should be something in account settings that lists the clients the person has authorized. De-authorizing clients could stop the problem if a client is automatically waking up and logging in (or if it is controlled by a malicious actor that is surreptitiously logging in to collect data). Naturally, this assumes that there are Discord clients and that the person has used at least one. Not being a user of their chat, I cannot tell you whether they even allow clients besides a browser.

    In any case, the person should change their password using a password manager to generate and store the new randomish password. It should be as long as the service allows (and never fewer than 16 characters).
    In conversation Friday, 23-Oct-2020 17:39:52 UTC from web permalink
  3. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Oct-2020 06:04:30 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • mangeurdenuage
    @mangeurdenuage It was more than one person that left the #OAuth 2.0 project, claiming the design was too complex to be reliably secure. Implementing it was notoriously difficult to get right. But now, we rely on premade libraries that we assume to be "secure enough".
    In conversation Sunday, 04-Oct-2020 06:04:30 UTC from mustard permalink
  4. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Tuesday, 14-Apr-2020 15:44:54 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    #Mustard is old and unmaintained, but it works with GS #OAuth and I have it on my phone. For a few years now, posting has not worked (error message said “unauthorized”), so I’ve used #AndStatus to post (despite its own issues). I don’t know if the server migration or the version bump fixed things, but I’m glad that I can now use Mustard for posting again.
    In conversation Tuesday, 14-Apr-2020 15:44:54 UTC from Shoyu permalink
  5. N-5-O-body (n5admin@n5.federati.net)'s status on Thursday, 09-Jan-2020 18:12:00 UTC N-5-O-body N-5-O-body
    Remote profile options...
    • a Claes unto himself 🇸🇪🇭🇰💙💛
    @clacke It's been a few years since I looked, but #OAuth 2.0 was known to be insecure almost from the time it was finalized, and known to be too difficult for most implementers to get correct before then.

    If 2.1 simplifies the protocol and makes it more secure, that's a big plus.
    In conversation Thursday, 09-Jan-2020 18:12:00 UTC from n5.federati.net permalink
  6. André E. Veltstra (aeveltstra@mastodon.social)'s status on Tuesday, 29-Jan-2019 22:52:56 UTC André E. Veltstra André E. Veltstra
    Remote profile options...

    2 Years ago when I first had to implement #OAuth into a #java-based #APIClient, I knew little about OAuth. So I searched for and found a library. It is named #ScribeJava.

    And I learned that the #APIServer with which I communicated had implemented OAuth wrong, causing me to override half of what ScribeJava could do out of the box. Grrr.

    The other week I implemented the simple client-necessary request for an #OAuth2 #BearerToken, specific to a different APIServer. Half an hour: it works!

    In conversation Tuesday, 29-Jan-2019 22:52:56 UTC from mastodon.social permalink
  7. Strypey (strypey@mastodon.nzoss.nz)'s status on Friday, 16-Nov-2018 03:28:47 UTC Strypey Strypey
    Remote profile options...
    • Jonathan S.

    @js ah, ok. Thanks for the clarification. I wonder if Drew if planning to use #OAuth is sr.ht though? He seems to be opposed to using any of the protocols used in #ActivityPub for federating code forges, even though he seems to have no alternative to OAuth, #WebFinger for @mentions etc. My take is that sr.ht and #ForgeFed are addressing different aspects of the problem, and I've been trying to convince them to join forces. It's an uphill struggle so far ;)

    In conversation Friday, 16-Nov-2018 03:28:47 UTC from mastodon.nzoss.nz permalink
  8. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Tuesday, 04-Sep-2018 20:08:37 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • ˗ˏˋ Liaizon Wakest ˎˊ˗
    @wakest Apps should see/store nothing related to your password. #OAuth replaces storing username/password with long, random, opaque codes that grant that one app limited access.
    In conversation Tuesday, 04-Sep-2018 20:08:37 UTC from AndStatus permalink
  9. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Saturday, 11-Aug-2018 09:58:39 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • 🇩 🇪 🇼 🇴 🇴 〰️
    • clacke@libranet.de is my main
    @notclacke @dwmatiz There's an #OAuth bug in #GNU_Social (introduced in the last 2-3 years) that make #Mustard "unauthorized" to post. Since #AndStatus only connects by username password, it isn't affected. That's the primary reason I use AS. I should conect Mustard by username / password and use it as my main client again. Faster, more responsive, shows posts that AS never does.
    In conversation Saturday, 11-Aug-2018 09:58:39 UTC from AndStatus permalink
  10. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Sunday, 29-Jul-2018 12:26:19 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    I remember when a site called "Write To My Blog" provided a better rich-text editor for creating blog posts. The bad thing is that it was before #OpenID and #OAuth got popular, so you had to enter your full login credentials to post. That site (writetomyblog\.com) is gone. The current occupant of that domain is probably not what you'd expect.
    In conversation Sunday, 29-Jul-2018 12:26:19 UTC from web permalink
  11. Ed Summers (edsu@social.coop)'s status on Sunday, 08-Jul-2018 13:30:05 UTC Ed Summers Ed Summers
    Remote profile options...

    Bookmark: [toread] OAuth for the Open Web • Aaron Parecki https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web #oauth #identity #protocol #web

    In conversation Sunday, 08-Jul-2018 13:30:05 UTC from social.coop permalink

    Attachments

    1. OAuth for the Open Web
      from Aaron Parecki
  12. ☠️ Grumpy Oldman (grmpyoldman@quitter.se)'s status on Thursday, 12-Apr-2018 12:08:40 UTC ☠️ Grumpy Oldman ☠️ Grumpy Oldman
    Remote profile options...
    Nachdem sich ja alle über das deutsche Projekt #Verimi mit #OAuth aufregen… nehmt doch #WebAuthN aus den USA https://is.gd/ikEMZb
    In conversation Thursday, 12-Apr-2018 12:08:40 UTC from quitter.se permalink
  13. jjg (jjg@social.coop)'s status on Monday, 22-Jan-2018 15:49:01 UTC jjg jjg
    Remote profile options...

    Working on a more thought-out post on this but I thought I'd get some feedback before diving too deep.

    How about an Identity #coop ? A simple but solid #oauth identity provider that also advocates for it's inclusion as an idp to the services used by its members.

    Convenience of single sign-on with the smallest possible security risk surface area and, being a co-op, members (users) decide what data is collected, shared, etc.

    I have more but I'll stop here for now :)

    In conversation Monday, 22-Jan-2018 15:49:01 UTC from social.coop permalink
  14. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Tuesday, 25-Jul-2017 20:12:40 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • Hiker
    • Stitch 🙃
    @stitchxd @hikerus Theoretically (since that isn't the way you implemented it) XMPP could use #OpenID or #OAuth to log in using account info from GS. I'm not even sure any #XMPP servers implement this yet, but it would help with similar integrations.
    In conversation Tuesday, 25-Jul-2017 20:12:40 UTC from Choqok permalink
  15. Nicole (funbreaker@mstdn.io)'s status on Monday, 03-Jul-2017 15:56:42 UTC Nicole Nicole
    Remote profile options...

    why are you being like this, #thunderbird ? You were okay with #OAuth yesterday

    In conversation Monday, 03-Jul-2017 15:56:42 UTC from mstdn.io permalink
  16. Danyl Strype (strypey@quitter.se)'s status on Tuesday, 06-Jun-2017 11:23:36 UTC Danyl Strype Danyl Strype
    Remote profile options...
    in reply to
    • Bob Mottram
    • Danyl Strype
    @bob the ideal solution would be some kind of federated identity system, like #OpenID or #OAuth but fully independent and more secure?
    In conversation Tuesday, 06-Jun-2017 11:23:36 UTC from quitter.se permalink
  17. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Wednesday, 17-May-2017 02:03:24 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    #Thunderbird upgraded to latest, which promptly forgot my password. Why aren't we using #OAuth for setting up clients anyway?
    In conversation Wednesday, 17-May-2017 02:03:24 UTC from web permalink
  18. Danyl Strype (strypey@quitter.se)'s status on Monday, 01-May-2017 04:32:12 UTC Danyl Strype Danyl Strype
    Remote profile options...
    in reply to
    • Danyl Strype
    • INACTIVE
    • [MOVED] Christopher Webber
    @deadsuperhero @cwebber Each app could have a plug-in for #OpenID, one for #BrowserID, one for #OAuth, one for #Zot, one for #AP
    In conversation Monday, 01-May-2017 04:32:12 UTC from quitter.se permalink
  19. LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Monday, 01-May-2017 01:19:41 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
    in reply to
    • Danyl Strype
    @strypey If you can choose your own decentralized #OAuth provider, that might not be a bad thing.
    In conversation Monday, 01-May-2017 01:19:41 UTC from web permalink
  20. MMN-o ✅⃠ (mmn@social.umeahackerspace.se)'s status on Tuesday, 18-Apr-2017 20:55:51 UTC MMN-o ✅⃠ MMN-o ✅⃠
    Remote profile options...
    • GNU Social
    • Eugen
    • Houseplant In Post 🙊 🇮🇸 🍏
    @HerraBRE #Mastodon works with !GNUsocial as it is pretty well. There were some issues that @gargron raised with me, some of which I believe I fixed and some that I couldn't really figure out (some profile avatar update thing for example?)

    Regarding RFC7033 (#WebFinger) it - since standardisation - only _requires_ a JRD (application/jrd+json). application/xrd+xml is just a bonus from !GNUsocial (voluntary according to spec).

    The host-meta XRD is XML that because it was standardised before people who reinvent everything (JSON fanpeeps) started developing standards: https://tools.ietf.org/html/rfc6415

    But since JRD and XRD are easily translatable between each other it doesn't really matter. And while #Mastodon doesn't use it, the /.well-known/host-meta endpoint is good for discovery unrelated to profiles, such as #OAuth endpoints etc. (so clients can auto-configure them).
    In conversation Tuesday, 18-Apr-2017 20:55:51 UTC from social.umeahackerspace.se at 63°49'42"N 20°15'34"E permalink
  • Before

Feeds

  • Activity Streams
  • RSS 1.0
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Federati Nu: Federated N-series GNU Social is a social network, courtesy of Federati Networks. It runs on GNU social, version 2.0.0-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Federati Nu: Federated N-series GNU Social content and data are available under the Creative Commons Attribution 3.0 license.

Switch to mobile site layout.