Open edjiang opened 8 years ago
joemasilotti
commented
8 years ago Do you see the server being one, single server that manages every one's tokens? Or a separate codebase that developers could stand up on their own? If the latter, what language do you think you will be implementing the server in?
edjiang
commented
8 years ago I definitely want to do both, but I haven't planned exactly the approach I'd be taking.
If it's self-hosted, that reduces complexity of writing code but may be less convenient to use. If it's hosted, it'd be more convenient to use but it'll be more work to write, and open-sourcing it would be less useful since there'd be more work to get it set up.
I'd love to hear your thoughts though -- what would you find more useful?
I'll be writing it in Node.js.
onmyway133
commented
8 years ago @edjiang Why don't you make client secret parameter optional? For those who want to take the risk?
edjiang
commented
8 years ago @onmyway133 so, I looked at it a bit more and realized that client_secret actually isn't required as per the OAuth spec for the Authorization Code grant type, so what I'm going to do is:
edjiang
commented
8 years ago As an update: work on Implicity, the server-side component to Simplicity, has started!
I'm going to be at WWDC / Altconf festivities over the next week, so not sure what velocity I'll be getting, but @saimaddali will be joining me to help build out Implicity!
quiKsilverItaly
commented
7 years ago How is it going? I would love to see Twitter supported by your Lib.
edjiang
commented
7 years ago Unfortunately, I've been working on a lot of other stuff recently, so I don't think this will get done in the near future :(
kakubei
commented
7 years ago +1
nick-iCars
commented
6 years ago +1
We can't implement Twitter, GitHub, LinkedIn, Slack, or other login types because we can't do authorization_code grants without a client secret. Client secrets are fundamentally insecure on mobile clients, so we need to create a companion server to help with the authentication request.