Comments (4)
The problem with style 1 is that some hubs (such as superfeedr, which is the one suggested by indieweb) only forward new content along to subscribers - it won’t even include updates to specific items. That is why in my proposal I included a placeholder public entry that has a URN that changes every time there’s new content that can be fetched (and which realistically will probably be the URN+link of the most recent private entry, since that at least supports legacy readers albeit by leaking information).
I feel like 3 also increases the complexity of managing pings on the publisher’s side, and the issue of topic discovery becomes a problem as well. It also adds complexity and overhead to the case of a single feed reader shared by multiple subscribers, since now you need one topic and ping per subscriber. And having hundreds/thousands of topics makes superfeedr grumpy and expensive. :)
from autoauth.
Basically I never want to have to put a hub into my CMS directly, as that requires that my CMS maintain persistent state about subscribers and where they subscribe from. The entire design of publ is that the database is fragile and that no external interaction affects its persistent state. It should be able to be rebuilt around a git deployment to a fresh server with no database persistence.
I basically want it possible for the WebSub support to be completely decoupled from the AutoAuth support from the CMS’s perspective, and also cater to the reality of how the existing public WebSub hubs work.
from autoauth.
If a placeholder entry is what you need to get your hub to send notifications that'd of course be a valid way of implementing 1. If the feed is separated (either through a modified rel=self for authenticated requests or the proposed rel from #6), that placeholder entry also wouldn't cause issues with "normal" clients? Otherwise I'd expect it showing up on every change as an unread item in a traditional feed reader, which would be bad?
From a quick survey of some options, Switchboard and phubb do just check if the file has changed in any way, so an explicit item is not needed. Superfeedr tries to be intelligent about feed items and thus would likely need a placeholder being added. (superfeedr also has an option to submit your own payload, but that's only for Pro accounts and thus not really interesting for most of us: $200 per month). The pubsubbhub.appspot.com one is unknown, it's described specific to Atom/RSS but that might be left over from earlier. Am I missing important implementations/public hubs?
If 1 doesn't tie specifically to contents of the placeholder items, the subscriber parts of 1 and 3 also appear to be identical, so a publisher could choose which one is preferred.
from autoauth.
I actually would want a placeholder entry to show up in legacy/non-auth-aware clients - that way people who are following my blog that way know that there's something they might be able to read if they log in.
The implementation I'm intending is a compromise between privacy and access for folks who don't follow via the latest and greatest feed reader implementations. It's not perfect but it's what I had on my previous site (using a standard cookie jar for people to store their auth cookie, although I have no evidence that anyone ever actually did that) and it worked Pretty Okay. Obviously other people will want to have a different balance and that's okay - a flexible standard can support everyone. :) (I'm actually intending to have placeholders for all private entries, not just the most recent, but having just the most recent one is enough to get Superfeedr to work right.)
Down the road when/if more feed readers support authenticated feeds I would of course revisit this, but I'm still looking towards a graceful transition.
I also want to ensure that it's done in a way that makes client support easy to add. It seems easier to me for a client to get a placeholder update in the WebSub notification than to have to handle a thin push and re-fetch the whole feed as a result. Having a placeholder entry with "please auth here" metadata also works for the case of an auth-aware reader knowing that they don't have auth and thus not bothering to fetch the authenticated item.
Also it sounds like I should look at Switchboard and phubb and make sure I support their various variants of WebSub correctly. :)
from autoauth.
Related Issues (20)
- support polling for response to client HOT 2
- collect use cases
- examples are (partially?) missing auth headers HOT 1
- specifiy redirect behaviour for authorization endpoint lookup HOT 1
- detection also on 404 - privacy reasons HOT 2
- Details for private webmentions HOT 1
- remove client_id from Token Request HOT 1
- Should the token endpoint be shared with normal IndieAuth? HOT 5
- Pass data via Token Request vs Authorization Code Verification response? HOT 7
- Provide a full HTTP request/response transaction example HOT 3
- expand on error cases
- Authorization Code Verification Request is malformed HOT 4
- update with IWC 2020 West simplifications
- Unspecified "200 OK" responses acceptable? HOT 3
- limit TTL
- Include fewer pieces in Access Token Callback? HOT 3
- Specific allowances for feeds? HOT 2
- interactive form? HOT 1
- draw a up-to-date diagram HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autoauth.