Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Publishing API: alternative authentication mechanism #552
Curious to get feedback on this. Totally open to criticism.
I have been wanting to pull a lot of the silo syndication stuff out of RedWind and delegate it all to Bridgy for a while, particularly now that Bridgy is more capable than my site is. The main thing stopping me is I don't really like the idea of embedding a link to
I could of course have a routine that sticks the link in my html, sends the webmention, and then removes the link, but that rubs me the wrong way for some reason.
It would be great if when I have authenticated on Bridgy, it would give me a token that I could send with the webmention request, in lieu of embedding a link on my site. (This would also help with the problem of the curl command below publish preview not working). We could use JWT to avoid storing anything or generate a token with
I think Bridgy only knows that I'm me immediately after an authorization, so I'd need add a separate "Get Publish Token" button that would run through the auth process for publishing and give a token at the end. (like instead of just showing the token on the user's homepage)
i'm a bit reluctant to implement ideas like these because they'd be nontrivial complexity that i honestly suspect would only be adopted by single digits of users or so...but still definitely worth discussing!
my straw man counterproposal is, include bridgy publish links for every silo in every post, outside e-content, and trigger the bridgy publish wms when you click each "posse to X silo" button.
the main drawback is that someone could maliciously posse one of your posts to a silo you didn't intend to. oddly shaped threat, maybe not major, but definitely not ideal.
(the other drawback is that all posts have bridgy publish links in them, but that's less motivating for me personally.)
Thank you for your feedback and for summarizing the IRC discussion, @snarfed. I think my challenge now is to come up with a suggestion that adds negligible complexity and maintenance overhead to Bridgy, but still makes this easier to implement on my site ... or suck it up and add the logic @gRegorLove suggested to swap bridgy publish links in and out as the syndication urls
@kylewm you win the spirit award by invoking self dogfood! I'm not nearly as good at it myself, but it's absolutely the right idea, and I've definitely witnessed it firsthand with bridgy: https://snarfed.org/2014-11-06_happy-1000th-bridgy#worked
there may well be something we can do here that serves you all and also doesn't scare me off. I'm open to finding it!