Year: 2021

Map
Working on expiring tokens for the WordPress IndieAuth endpoint. This would be a breaking change, as currently, tokens issued by the endpoint never expire. This is a security concern, if you keep issuing tokens without ever expiring them. With the new system, you can renew a token, or even disable expiry in the admin if you need a long-lived token. There is a way to have the client get new tokens regularly that I could implement, but currently no client supports it.

Thinking about Ticket Auth

During this month’s Pop-Up event, as part of the overall topic of sensitive data we were discussing the continual challenges in getting a method of having private posts on one’s site. As a community, nothing has gained enough traction for adoption.

Last summer, a conversation on the most promising at the time, AutoAuth, prompted a new contender Ticket Auth. Ticket Auth turns the relationship in the other direction.

Let’s use our favorite two example people, Alice and Bob. Alice has a post on her site which she doesn’t want to be public. For most sites, the default is public. Alice wants to share her post only with Bob.

AutoAuth doesn’t get into the idea of how Bob, or the client Bob is using, decides he wants to get access to Alice’s post. Ticket Auth, by comparison, puts the onus on Alice. Alice, when she decides on her audience, sends a ticket to those she wants to have access. Bob has to have a ticket endpoint…the place he received tickets.

The ticket is a code that is available for a limited time, that can be exchanged for a longer term token to access the information. It is, essentially, an invitation you are free to accept or ignore.

In trying to develop more, this is a good place to start. Once we start sending and receiving tickets, we can iterate on this and figure out the next questions.

  • Can you ask for a ticket and how?
  • How can you give the ticket or the token you redeem to your reader or other client?

But first things first. Let’s build something.

 

 

After declaring my intention to help iterate on the Ticket extension to IndieAuth, I built an experimental ticket endpoint, which is available on my test site. I was able to test it using Martijn van Der Ven’s test form for requesting a ticket., after some troubleshooting on both sides. Still have some tweaks to make and questions to answer for expansion, but it turned out that adding support for receiving and redeeming a ticket was relatively easy.
Decided to finally dispose of my MSI Wind U100 netbook. I bought it on March 19, 2009 for $299, and immediately added an extra GB of RAM and an extra battery and installed Linux. I haven’t used it in years, and it is time to retire it.

A Website Refresh And Dark Mode

I’m often adding features and functionality to my website. A location tweak, a new link, etc. But it’s been a while since I did anything major to the layout.

When I initially heard about dark mode support, I decided to wait until there was more support, then I just didn’t get around to it. It became a thing for applications to have dark modes, then dark modes that would activate based on a global system prference.

So, now my site, if you set your system to prefer dark mode, will show you a dark version of my site. Otherwise, it will show you a light version. I took a lesson from Jeremy Keith, who did this two years ago, and used something called CSS Custom Properties…another thing I haven’t used.

My WordPress theme is based on the original Twenty Sixteen WordPress.org theme. I ported back select improvements made from _s, the starter theme it was based on, as well as subsequent WordPress.org themes, such as Twenty Seventeen through the present.

There are a lot of other little tweaks I had to make in both this, and the plugins I develop for WordPress to support this. Style improvements, filters to add for additional functionality, etc.

It is still a work in progress, and I have other ideas and plans, but it is live. See if you can find all the other little tweaks.