SceneID 3.0
category: general [glöplog]
Feel free to take a look at https://id.scene.org/docs/ if you want to integrate your own site.
Friggin works!
upgrading process to OAuth2 went well. Thx!
How long does a person stay logged in to SceneID / how long is a token for a website valid? I'm thinking in regards to those people who were really annoyed when the "keep me logged in for a year" hack Pouet used stopped working for a period of time. I suppose though a user could in theory be logged in to the client as long as the client wants, so long as no further information is queried from SceneID after the initial authentication?
Second, I have a question about the documentation. Step 2.a notes a "client secret" which is only mentioned twice, both of which are only mentioned in that step. Where does that come from? Is it given as part of the API key generation process, the code returned by step 2, the random "state" ID provided by the app during the authorization process, or something else?
Second, I have a question about the documentation. Step 2.a notes a "client secret" which is only mentioned twice, both of which are only mentioned in that step. Where does that come from? Is it given as part of the API key generation process, the code returned by step 2, the random "state" ID provided by the app during the authorization process, or something else?
Quote:
How long does a person stay logged in to SceneID / how long is a token for a website valid? I'm thinking in regards to those people who were really annoyed when the "keep me logged in for a year" hack Pouet used stopped working for a period of time.
The token is valid for a fairly short while, keeping the user logged in is up to the site. Refresh tokens are available.
Quote:
Step 2.a notes a "client secret" which is only mentioned twice, both of which are only mentioned in that step. Where does that come from?
It is the API key (see OAuth2 RFC).
Thanks. It is clearer in the RFC, but nobody ever said RFCs were for light reading. :P I've also not used OAuth2 before just OpenID I wasn't sure if that was something from OAuth2 or just SceneID, until you responded and made me look like an idiot who doesn't read stuff first. (Derp. :)
The new username requirements sucks doubletime donkeyballs! ,P
Anyway, seems to work so far ,9
Anyway, seems to work so far ,9
The previous incarnation of SceneID was populated from Pouet logins, so "被爱" and "(^(oo)^)" were perfectly valid login names - anyone with a pinch should be aware how bad that is as an idea.
Now both http://pounds-off.me/ and http://www.demoparty.net/ are running on the new protocol - enjoy your oneclick logins!
No 👽💩👼 anymore? Now that unicode finally matured!
The country-field has been omitted?
Yeah, it felt a bit pointless - the old SceneID even had a birthday field - I guess it was a relic of older times where giving out data to some website wasn't as scary as it is now.
I might bring it back to Pouet if people want it.
I might bring it back to Pouet if people want it.
Fair enough. Personally I think it's a reasonable piece of information to have, and especially useful sometimes to when submitting prod credits to identify a correct account in ambiguous cases. For what it's worth I'm much more confortable having that field filled than a realname.
Also same thing with the email field? I think it was partially exposed and captcha-protected earlier. That one definitely is good to have as an option at least. I've gotten a few contact through that channel in the past.
Also same thing with the email field? I think it was partially exposed and captcha-protected earlier. That one definitely is good to have as an option at least. I've gotten a few contact through that channel in the past.
Email might come back if I expand the protocol that way (OAuth scopes). It's currently a very very minimalistic version just so it works, and after that we'll expand further depending on what the demand is.
Well I don't know if anyone else will or what the thoughts on it are, but when I was originally thinking of redoing and expanding my original store (that only sold the Nectarine key fobs) I was thinking of pinning it to sceneid.net the same way I did for scenemusic.net, but ended up on Squarespace in the end. An e-mail address field would have been nice to send the shipping notices and receipts to without having to ask for it, assuming that person allows it to be shared with the store. It seems to me though most stores (like Alien's t-shirt store) end up on websites that manage their own auth/accounts, so realistically this is probably a moot or non-existent use-case until someone actually does it. (and in case it comes up, no, I wouldn't have advocated for SceneID to store address information!)
(I abandoned my store rewrite after moving to Squarespace, so there's not even a prototype of this use, unless I update the original to use OAuth2. Not that it would be worth it anyway; nobody has bought anything through the Squarespace site either.)
Anyway, in the end smaller is probably better for the fields stored. People may not like to provide a lot of information to websites anymore unless they have to, even though scene.org is probably more trustable than most others out there. As to the real name fields, people filled those in with random crap on Pouet anyway if they didn't want actual info there. I don't see how that's changed with the new SceneID. Nobody is verifying it or requiring it to be correct.
(I abandoned my store rewrite after moving to Squarespace, so there's not even a prototype of this use, unless I update the original to use OAuth2. Not that it would be worth it anyway; nobody has bought anything through the Squarespace site either.)
Anyway, in the end smaller is probably better for the fields stored. People may not like to provide a lot of information to websites anymore unless they have to, even though scene.org is probably more trustable than most others out there. As to the real name fields, people filled those in with random crap on Pouet anyway if they didn't want actual info there. I don't see how that's changed with the new SceneID. Nobody is verifying it or requiring it to be correct.
some constructive criticism on the new login system: on the good side, it is working quite good and it is build on a professional level, a lot of coding and fixing must have taken place to integrate it properly and it is safer and much more handy than the previous methods, on the bad side, i believe the sceneid logo seems quite bulky and completely ruins the pouet interface since for some reason it seems out of place and doesn't fit (i'm referring to the large one for the highres screens not the smaller ones) also i would really like to see the website, e-mail, and country fields coming back since they helped pretty much on various situations (credits, contact, etc.). in general it is a good move and finally a much safer approach than the previous one, keep up the good work. :)
Works...With a few scares in the process ^5
Quote:
Feel free to take a look at https://id.scene.org/docs/ if you want to integrate your own site.
We might incorporate this in demoscene.org if compatible with multiple authentication. Will have to read up.
Today, I learned that OAuth2 and OpenID are not the same thing!
Excellent work chaps, I like it!
Excellent work chaps, I like it!
works, but that E-mail adress re-validation email took some time to arrive.
Just so others know before sending complaining emails to scene.org ;)
Just so others know before sending complaining emails to scene.org ;)
that CLICK HERE TO LOG IN banner is downright terrible :)
smooth! works great :)
I'm just chiming in to say I like it!
In my case the re-validation email was found in my spam folder. Just a heads-up in case other people are wondering why no email arrives...
well played! :)