Let's take a look at two ways it's possible to hack secret API keys out of mobile apps.
Summary: David Shanske and I recap the recent IndieWeb Summit 2018 in Portland Oregon including recent developments like microsub, readers, Vouch, and even the comeback of webrings!
Recap of IndieWeb Summit 2018
- Plugin for WordPress (pull request pending)
- David’s Post about Brainstorming on Implementing Vouch, Following and Blogrolls
The Year of the Reader (🎧 00:38:32)
- Gordon Korman – Son of Interflux (🎧 00:49:00)
- Gregor Morrill’s IndieBookClub.biz (🎧 00:57:47)
- WordPress webring
Aaron Parecki posts (🎧 1:12:10)
OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it. While OAuth is a great framework for this, the way it has ended up being used is ...
Today I updated the IndieAuth plugin for WordPress, and I can now use my own website as an IndieAuth authorization endpoint (including provisioning and revoking tokens) for a multitude of things including a huge number of micropub clients.
It never occurred to me that people would be blaming @oauth_2 for the Facebook mess. Friendly reminder that OAuth is what lets you control *which* parts of your Facebook data apps get access to, and what lets you revoke that access, which you can do here: https://www.facebook.com/settings?tab=applications