@bascule you prefer OpenID Connect? OAuth? CAS? Something else? :)
-
-
-
@benadida Macaroons! and CAS is like... the worst o_O -
@bascule I know CAS is the worst, I was trolling you :) As for macaroons, last I checked they don't solve the 3rd party web auth problem. -
@benadida they do via third party caveats and discharge macaroons. Can chat with you about this in meatspace if you're curious -
@bascule in way current browsers support? Or do you basically layer openid-style redirects implemented with macaroons instead of cookies? -
@benadida needs client-side JS to obtain discharge Macaroons and attenuate the ones used in requests. But you can mostly replace cookies... -
@benadida ...and if you do (mostly) replace cookies, you fix the CSRF problem too
End of conversation
New conversation -
-
-
@bascule uh replacing with G+ sign-in how about not -
@whitequark if they implement Macaroons I'll be happy -
@bascule You mentioned Macaroons to me at RubyConf, but I can't find much info. Any helpful links you can provide? -
@bascule Thanks!
End of conversation
New conversation -
-
-
@bascule German for "The OpenID, the" ;-)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.