(“did someone implement the spec wrong?” yes. of course they did. its oauth 2. its more vibes than a spec to begin with and yet people manage to find new and creative ways to violate the bits that are nailed down all the time)
=> More informations about this toot | View the thread
(I was looking at some OAuth 2 client code and found a fossil of this in the form of still supporting parsing responses in x-www-form-urlencoded format and I was like “what. why. did someone implement the spec wrong?!” and it looks like the answer is “no, the spec was just briefly bonkers”)
=> More informations about this toot | View the thread
Early drafts of OAuth2 did what?!
Authorization servers respond to client requests by including a set
of response parameters in the entity body of the HTTP response. The
response uses one of three formats based on the format requested by
the client (using the "format" request parameter or the HTTP "Accept"
header field):
o The "application/json" media type as defined by [RFC4627]. The
parameters are serialized into a JSON structure by adding each
parameter at the highest structure level. Parameter names and
string values are included as JSON strings. Numerical values are
included as JSON numbers.
For example:
{
"access_token":"SlAV32hkKG",
"expires_in":3600,
"refresh_token":"8xLOxBtZp8"
}
o The "application/xml" media type as defined by [RFC3023]. The
parameters are serialized into an XML structure by adding each
parameter as a child element of the root "<OAuth>" element. [[ Add
namespace ]]
For example:
<?xml version='1.0' encoding="utf-8"?>
<OAuth>
<access_token>SlAV32hkKG</access_token>
<expires_in>3600</expires_in>
<refresh_token>8xLOxBtZp8</refresh_token>
</OAuth>
o The "application/x-www-form-urlencoded" media type as defined by
[W3C.REC-html401-19991224].
For example (line breaks are for display purposes only):
access_token=SlAV32hkKG&expires_in=3600&
refresh_token=8xLOxBtZp8
The authorization server MUST include the HTTP "Cache-Control"
response header field with a value of "no-store" in any response
containing tokens, secrets, or other sensitive information.
link
=> More informations about this toot | View the thread
(you have no idea how delicious the combination of these three ingredients is on anything - especially anything dry - until you’ve smushed them all together into a very fine powder in a spice blender. remember to sieve the result to remove the chaff from the pepper. optionally, add some black or white pepper too)
=> More informations about this toot | View the thread
I feel like the bottom of my maslow’s pyramid these days is “unreasonable quantities of siuchan pepper, salt and msg”
=> More informations about this toot | View the thread
(and yes, work/life balance and all. But sometimes it's useful to be reachable when your laptop isn't right in front of you)
=> More informations about this toot | View the thread
You would think it would be in Slack's interests to make signing in on your phone easy (at least as an option workplace admins can set) but they make it shockingly difficult
=> More informations about this toot | View the thread
I have much praise for my Brother laser printer/scanner
But the fact that it advertises link local IPv6 addresses in mDNS but doesn't appear to listen on them is a tad annoying
=> More informations about this toot | View the thread
the temptation to just get an FPGA and build my own NIC is a big but likely very terrible one.
=> More informations about this toot | View the thread
Today has been a day of being furstrated at everything, and today I am frustrated at a mixture of server, networking and FPGA hardware.
=> More informations about this toot | View the thread
The people have voted with their wallets, and all are agreed:
Krombacher Spezi: it's shit
Paulaner Spezi: it's the shit
(I agree with people)
=> More informations about this toot | View the thread
I never really paid attention to how AWS4 authorization signatures worked before, but realising they’re basically a limited subset of Macaroons is very neat.
Knowing how the construction works I’m also now very disappointed that basically no software I use lets me pass in “today’s secret key for the S3 service in us-east1” instead of the valid for all time access key secret.
=> More informations about this toot | View the thread
Love too see viral posts go past on my timeline that don’t even pass trivial scrutiny:
From the opening paragraphs of the Equifax Wikipedia page:
Overdraft fees meanwhile are basically as old as the cheque.
RE: https://mastodon.social/@MEActNOW/113789371626213991
=> More informations about this toot | View the thread
(“not overpowering” as opposed to the 60W RGBW LED beams which are fantastic but also oww my eyes and a bit loud)
=> More informations about this toot | View the thread
Hmm I have a small collection of quiet and not overpowering DMX controlled LEDs
…I should figure out mounting so this house can be in a near-permanent state of bisexual lighting.
=> More informations about this toot | View the thread
This image is beautiful but it has given me some inspiration:
I want to see a game which uses HDR/Wide Colour Gamut pixel art. Fuse old with new :drgn_3c:
RE: https://mastodon.gamedev.place/@asistersjourney/113788511649743758
=> More informations about this toot | View the thread
New undocumented rule: no blasphemy
=> More informations about this toot | View the thread
I love the idea that Texan moderators won’t “overly censor content” in a different way
=> More informations about this toot | View the thread
I genuinely had to spend 5 minutes checking that this wasn’t a parody account. The massive golden chains truly are bizzare.
RE: https://www.threads.net/@zuck/post/DEhgYx4JbEG
=> More informations about this toot | View the thread
Remember: If a "second" is 1/86400th of a day, its UT1
If a "second" is "defined by taking the fixed numerical value of the caesium frequency, ΔνCs, the unperturbed ground-state hyperfine transition frequency of the caesium 133 atom, to be 9192631770 when expressed in the unit Hz, which is equal to s−1", its UTC/TAI.
=> More informations about this toot | View the thread
=> This profile with reblog | Go to erincandescent@erincandescent.net account This content has been proxied by September (ba2dc).Proxy Information
text/gemini
