- Jan 2024
-
gitlab.com gitlab.com
-
I feel that the current design area should be a key part of the workflow on any work item, not just type of designs. As a PM I don't schedule designs independently. It's odd to open and close a design issue when it doesn't deliver value to the customer.
-
Discussions tied to the design itself is solved today with design manager, which allows those design discussions to occur within the context of a bigger issue. Bringing design manager into other work item types, like epics, would help, as would surfacing discussions from designs into the main discussion space. That behavior should be consistent for any work item type with design management enabled, rather than just for a design type.
don't want: isolation
-
This is true for other tasks besides design — frontend implementation, backend implementation, QA, etc — would we create unique types for each? Our suggestion here to teams today is often to break down the work into issues, or now tasks, for each uniquely assignable/trackable piece of work. You could do the same for design, where the task or issue is used to track status, discuss progress and maybe even WIP, but is focused on being SSOT for status rather than design.
-
Why should this conversation be separate from other conversations about the work to be done? Design is one consideration alongside frontend and backend considerations, which often all intersect and require the same participants. Shifting this discussion to a separate work item can result in disjointed conversations and difficulty finding where a decision was made.
-
Additionally, it reiterates the need to define "What isn't a Work Item?"
-
For example, I don't know how doing user research fits in, is it a task or this new "design" task.
-
but from previous experiences like this, the feature set has to be robust at the start or I think adoption will suffer.
-
Connecting with Figma should be done via an integration because not all orgs use Figma.
-
Two way commenting is a good idea as it would allow a natural way of others to interact with designers without requiring to understand how to use Figma.
-
You can see how the constant jumping between these two tools in the first scenario is super annoying, and also very risky as none of the changes you make in Figma are also automatically being updated in the same GitLab designs.
-
As a positive example of where this works well: Our VS Code GitLab Workflow extension allows users to not only see comments that were written inside the GitLab UI, but also allows these users to respond to these comments right from the IDE, the tool where they actually have to make these changes.
-
I don't know how much impact the "Design management" widget vs. "Design" object decision will have, except for the extremely small number of teams that work exactly like we do.
-
Personally I think we could get a ton more benefits and would also be able to pull new users into our platform by finding better ways to integrate/link/connect/display Figma in our work item objects. Today the biggest downside for "Design management" is that it's basically just a copy of what's happening inside of Figma that has to be manually kept in sync and requires users to constantly switch back and forth:
Tags
- missing feature
- single source of truth
- scattered (organization)
- context-switching
- isolation
- Figma
- concern (worry/fear)
- adoption
- what _isn't_ a _?
- minimum viable product
- good definition is important
- annoying
- neutral/unbiased/agnostic
- hierarchical
- should have no special cases
- allow task to be performed in the context where the user is already
- should not be specific to just one _
- visual design
- good point
- smaller/minority/specific/niche audience
- consistency
- neutral ground
- annotation meta: may need new tag
- classification
- duplication: need to update in multiple places
- essential
- orthogonal
- adoption may suffer
- first impressions
- issues/factors hindering adoption
- dilemma
- integral
Annotators
URL
-
-
www.britannica.com www.britannica.com
-
These can then be used to develop a definition that states the essence of the living thing—what makes it what it is and thus cannot be altered; the essence is, of course, immutable.
-
The Aristotelian method dominated classification until the 19th century. His scheme was, in effect, that the classification of a living thing by its nature—i.e., what it really is, as against superficial resemblances—requires the examination of many specimens, the discarding of variable characters (since they must be accidental, not essential), and the establishment of constant characters.
-
taxonomy, in a broad sense the science of classification
-
-
www.azolifesciences.com www.azolifesciences.com
-
Taxonomy is the scientific classification of organisms.
-
Classification is the process of grouping organisms together either based on features they have in common, or based on their ancestry, or sometimes both. This results in the arrangement of living things into groups.
-
-
www.bounteous.com www.bounteous.com
-
-
We’re focusing on classification and taxonomy (which still trips me up on occasion and I live in this space all the time)
-
-
classroom.synonym.com classroom.synonym.com
-
Taxonomies are more concerned with providing exhaustive lists while classification is not exhaustive.
-
Seems awfully similar to https://www.bounteous.com/insights/2020/11/18/difference-between-classification-taxonomy ... structured the same and words identical in parts. Or was the other copying this one?
-
Both terms reflect the fact that we encounter large amounts of information in everyday life and our brains need some way to synthesize and contextualize that information.
-
"Classification" and "taxonomy" are two closely related words that some people find confusing.
-
-
engineering.invoca.com engineering.invoca.com
-
-
It prevents duplicate work as the DRI has a complete picture of the entire project.
-
DRI: Directly Responsible Individual — A title given to the person who is ultimately responsible for making sure a project or task(s) is completed.
-
It assigns accountability for the whole project, which means it’s less likely for small details and tasks to “fall through the cracks”, those of which could be missed when responsibility is spread among multiple individuals.
-
-
-
It can sort of be achieved with the current setup (via labels), but I really like where this is going -- turning everything into a similar "object" in a hierarchy rather than separate standalone structures that connect and get "labeled" to show what they are.
-
-
www.imdb.com www.imdb.com
-
The third is the brain of the observer. This is also a strong element in film criticism where the camera is the third eye, the eye of the artificial narrator. The most intelligent film about the third eye spying on the action is `Snake Eyes,' where we last saw Gugino. (You may want to check my comments on that film to see what I mean.)
-
Most art refers to itself in some way, but nowadays almost every film has some straightforward self-reference in the form of being about some kind of show. There must have been a very influential executive producer some time back pushing this idea for it to be so common.The notion of these kinds of films is to create another world, so combine that with the self-reference gimmick and you have a fantasy kiddie show about a fantasy kiddie show.
-
More, essentially all research in self-reference for decades has been in artificial intelligence, which is the device around which this plot turns. The language of AI is LISP, the name of the archvillain. In the heyday of LISP machines, the leading system was Flavors LISP Object Oriented Programming or: you guessed it -- Floop. I myself worked on a defense AI program that included the notion of a `third brain,' that is an observer living in a world different than (1) that of the world's creator, and (2) of the characters.
-
I suppose that what movies should be aiming for: entertainment. Obviously a good movie needs good plot; score; direction; writing; cinematography and acting (all of which this movie has), but what makes me actually care about the movie is the question of 'if I enjoyed the movie'
-
People on imdb have a bad habit of giving movies they think are overrated 1s, or movies they think are underrated 10s. This movie is an example of the former.
-
-
support.google.com support.google.com
-
less secure sign-in technology
What does that mean exactly?
All of a sudden my Rails app's attempts to send via SMTP started getting rejected until I enabled "Less secure app access". It would be nice if I knew what was necessary to make the access considered "secure".
Update: Newer information added to this article (as well as elsewhere) leads me to believe that it is specifically sending password directly as authentication mechanism which was/is no longer permitted.
This is the note that has since been added on this page, which clarifies this point:
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
-
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
-
-
support.google.com support.google.com
-
Instead, look for the option to "Sign in with Google," which is a safer way to sync your mail to other apps. Learn about Sign in with Google.
-
To keep your account more secure, Gmail no longer supports third-party apps or devices which require you to share your Google username and password. Sharing your account credentials with third-parties makes it easier for hackers to gain access to your account.
-
-
developers.google.com developers.google.com
Tags
Annotators
URL
-
-
support.google.com support.google.com
-
Prepare to transition away from Google Sync Google Sync doesn’t support OAuth authentication, 2-factor authentication, or security keys, which leaves your organization’s data less secure.
-
-
-
One friendly place to start learning more about the technology that holds the Internet together is Julia Evans' blog.
-
For consumers, the equivalent of "build or buy" could be called "ads or nerds". "Ads" meaning ad-supported services, like consumer Gmail or Facebook. "Nerds" meaning hobbyist services based on free software and commodity hardware.
-
If you already have computer-based hobbies such as gaming or a social-media addiction, why not learn to run your own services as a hobby? Note, this is very different from learning to code. It's more about learning to be your own sysadmin and tech support, rather than being a programmer.
-
this is kinda the concept of Patreon and other "tipping" services ... honestly I am pleasantly surprised at how widespread this has become! :) Almost all the YouTubers I follow, who still rely on Google/YouTube ad revenue to some degree, also rely on their Patreon funding to a significant degree. (Crucially the Patreon funding is more dependent on audience desires than advertiser desires, e.g. less sensitive to "The Algorithm.")It's pretty interesting ... given the voluntary dynamic of paying for the media. I personally doubt Hollywood (or any national newspapers or "magazines") would ever adopt this "voluntary" model (instead attempting to enforce per-unit sales via DRM), but without question "pay what you want" is remarkably sustainable for smaller creators.
-
Actually, that subscription or donation model is fairly different from micro-payments. I want to pay for exactly what I find useful, not all output of some artist or organization. I want the payment to be shared if there are multiple authors or ownership. I want everyone to be able to pay on the spur of the moment, not only in some planned monthly subscription or something.
-
(my bias is showing through - marketing people don't call it surveillance capitalism, to be fair. That's a pejorative term. They just call it doing their job, generating leads, and increasing conversions.)
-
The model of Spotify in particular - paid tier alongside a free tier with ads - seems like the simplest sustainable solution I see. Having paid features is the most obvious way to make money, but you want to enable adoption as much as you can. It's the same idea as companies dangling "free trial" in front of you at every turn - in a competitive environment, you want to remove barriers for users to try your product or service. This is essentially the idea of a "loss leader" for a grocery store, or any business really.
-
just shooting from the hip, to me, I'm glad that subscription services like Netflix and Spotify are becoming more popular. That means that the companies (as opposed to Google & Facebook) don't have the incentive to follow this "surveillance capitalism," i.e. building increasingly sophisticated advertising technology predicated upon the behavioral history of users.(my bias is showing through - marketing people don't call it surveillance capitalism, to be fair. That's a pejorative term. They just call it doing their job, generating leads, and increasing conversions.)
-
It's better than Chrome, sure. But Firefox, and Mozilla as a company, are going downhill and have been for a few years. How can they be truly against the kind of web that Google pushes for if they're entirely reliant on their partnership with Google to be featured as the default search engine?
-
Also just by observing what they’re doing it becomes pretty clear. For example: Facebook recently purchased full-page ads on major newspapers entirely dedicated to “denounce” Apple. Why? Because Apple has built a system-level feature on iPhones that allows users to very easily disable every kind of advertising tracking and profiling. Facebook absolutely relies on being able to track you and profile your interests, so they immediately cooked up some cynical reasons why Apple shouldn’t be allowed to do this.But the truth is: if Facebook is fighting against someone on privacy matters, that someone is probably doing the right thing.
-
Completely get away from everything Facebook: FB, Messenger, WhatsApp, Instagram, Oculus. (Yes, I know it’s hard because people are on these platforms, but it is possible to explain your reasoning to those who care about you and establish contact with them on different apps. I moved a ton of people to Telegram for example.)
-
I use Messenger but not FaceBook. I think the split was useful.
-
The answers you seek are difficult ones. The internet isn't free, so someone somewhere along the chain will need to pay for the content. As consumers we pay for internet access, and may sometimes pay for premium content (news site subscriptions, Patreon, etc.) but usually the content that we consume is free to us. Instead, it's the ad services that are paying. The internet content being "free" to consumers can really be a great thing, and equalize the playing field for people of different means. But it does come with its issues.
-
I share your frustration. This was how I felt when they split off Messenger as a separate mobile app from the main Facebook app. Messaging had been working just fine in the Facebook app, so there seemed to be no discernible reason other than pure greed. No attempt to make anything better or easier for the consumer, no innovation, nothing good for the people using the product. It was really just to inflate their download numbers and somehow make more money off of us. No thank you. I have stopped using Facebook since then.
-
What they say is this is due to is new EU policies about messenger apps. I'm not in the EU. I reckon it's really because there's a new Messenger desktop client for Windows 10, which does have these features. Downloading the app gives FB access to more data from your machine to sell to companies for personalized advertising purposes.
Tags
- alternative to mainstream way
- pushing/leading people to do something they don't realy want to do or is not in their best interest
- supported by voluntary donations
- conflict of interest
- ads
- commodity hardware
- offering ad-free paid subscription and ad-supported option
- business model
- mistrust
- bias
- free software
- opting out of tracking (Internet)
- first sighting
- privacy
- Facebook: evil
- Messenger
- low barrier to entry
- micropayments
- good analogy
- self-hosting
- dubious business practices
- ad-supported
- Apple
- Mozilla
- surveillance capitalism
Annotators
URL
-
-
www.howtogeek.com www.howtogeek.com
-
Instead of using a backup service like Google Photos or iCloud, you host your own backup and viewing platform using Nextcloud Photos, PhotoPrism, or such. Instead of using a password management system like LastPass or 1Password, you host your own password manager like BitWarden.
-
-
jvns.ca jvns.ca
-
jvns.ca jvns.ca
Tags
Annotators
URL
-
-
www.theverge.com www.theverge.com
-
“We believe that this is a simple matter of standing up for our users,” said an Apple spokesperson in response to Facebook’s first full-page newspaper ad yesterday. “Users should know when their data is being collected and shared across other apps and websites — and they should have the choice to allow that or not.”
-
-
smartvirtualassistants.com smartvirtualassistants.com
-
This practice offers a sense of control over one's time and allows for personal decision-making. Most importantly, it grants time for reflection before tending to others' demands.
-
-
www.forbes.com www.forbes.com
-
smartvirtualassistants.com smartvirtualassistants.com
-
harvardpolitics.com harvardpolitics.com
-
-
The conflation of this vast array of companies, in and out of Silicon Valley, into the singular “Big Tech” does blur some of the important differences in the unique problems they each pose to society,
-
-
www.pcmag.com www.pcmag.com
-
I want some work done and call someone to do it and have to put their business number in to be recognized but they call with their cell phone which is not recognized. I have to answer in case it is them. If it is then I have to add that contact for the future.
-
Agree. I have 3 seconds of silence as my ringtone. Been using that since I had a clamshell phone. Everyone in my contacts list has a custom ringtone so they will ring. Anyone I don't know won't ring and if it is important they'll leave a message. Spammers usually don't leave messages.
-
-
www.wordhippo.com www.wordhippo.com
-
On account of
-
In honor of, or in the name of
-
In the best interests of
-
Acting as a representative of or substitute for (someone or a group)
-
-
-
www.collinsdictionary.com www.collinsdictionary.com
-
in the sense of for the benefit of
-
in the sense of as a representative of
-
-
disqus.com disqus.com
-
Getting the EPP/Auth code of your own domain should be instantaneous. I know of no other registrar, besides Network Solutions, that makes the process so painful. It's a multi-step process to make the request, during which they wave both carrot and stick at you to try and stop you going ahead… and when you do forge ahead, they make you wait 3 days for the code, as if to punish you for daring to ask for the right to transfer your own domain name. What are these guys smoking if they think that's how you keep customers?!
-
Network Solutions basically does not want to provide EPP code. On website it says requesting EPP would take 3 days to get approved (which doesn't make any sense), and in fact they never send out any EPP code. Instead, you will have to call them and ask for EPP code in person. They claimed that their system had some problems sending those emails, however do you really believe that? I don't think it is indeed a "problem" if it's been there for over one year.
-
Network solutions is awful. They behave like mobsters. If you make changes on your account such as changing the e-mail, they very conveniently lock your domain so it cannot be transfered for 60 days. They say that block it's for 'your security'.
-
-
www.postman.com www.postman.com
-
We want to evolve the API without unnecessary versioning. To be able to do that, the consumer should
-
-
steamcommunity.com steamcommunity.com
-
Just one of the reasons why I prefer GOG over Steam. No DRM or other artificial restrictions to worry about, let alone an internet connection required in order to play or to install, since I can simply backup all the (stand-alone) installers onto my NAS. And I can even unpack those with open-source tools if I want to.
-
-
www.kickstarter.com www.kickstarter.com
-
If you have studied the historical campaign, you may wonder if the same operational plan can be duplicated in the game—with the same results. The answer is yes. The unit capabilities and game mechanics allow for a repeat of history, but there is always the other player to consider. As with history, the two sides have nearly the same number of infantry divisions, tanks, mobile units and artillery. The German advantage is most evident in airpower—the Luftwaffe dramatically outclassed the Allied air forces in the campaign (and so it is with the game). Only the German player who knows exactly how to employ their units with careful attention to the movement and combat sequences, event card use, the hidden unit dynamic, and especially the air rules—will be able to duplicate the historic success of the 1940 Wehrmacht. And even then, the historic result was only possible because the Allied response played almost perfectly into Germany’s hand. But there is more than one path to a decisive result, and the game allows for multiple campaign plans for both sides. The rules are set up to mirror the operational, command, and doctrinal differences between the two opposing sides, but the contest is designed simply to re-create the same historic “canvas” upon which both players may then paint—the issue will be decided by a combination of player decisions and the fortunes and fog of war.
-
-
github.com github.com
-
www.internetsociety.org www.internetsociety.org
-
A simple survey should be offered during the unsubscribe process to allow customers to provide feedback about why they are leaving.
-
Do not send a confirmation email as it can be a violation of CAN-SPAM and you risk further alienating consumers.
-
-
www.smtp2go.com www.smtp2go.com
-
What’s worse, their login process is infuriating. It took me 10 minutes just to get into my account.
-
4) Don’t make people log in to unsubscribe.Your subscriber is already overwhelmed by his inbox. He probably spends about 28% of his workday just managing email, according to a McKinsey Global Institute report. So don’t make it any harder by forcing him to log into an account he probably doesn’t remember creating before he can unsubscribe.
-
- Dec 2023
-
developers.googleblog.com developers.googleblog.com
-
Introducing passkeys when it’s relevant to the user
-
-
The first passkey screen users see is light and easy-to-digest. The header is focusing on the user benefit, saying “Simplify your sign in.”
-
-
screentop.gg screentop.gg
Tags
Annotators
URL
-
-
www.kickstarter.com www.kickstarter.com
-
Kickstarter will not let me promise rewards within the same month, but the files will be sent to backers soon after the campaign ends.
-
-
-
www.youtube.com www.youtube.com
-
-
www.youtube.com www.youtube.com
-
-
gitlab.com gitlab.com
-
Enable ActiveRecord unsigned integers to use 8 bytes instead of 4. This fixes the ActiveModel::RangeError problem where AR models with perfectly fine 8 bytes primary keys are taken for ActiveModel::Type::Integer with a default limit of 4 bytes.
-
-
gitlab.com gitlab.com
-
hashie
-
It has its roots in the Rash (specifically the rash_alt flavor), which is a special Mash, made popular by the hashie gem.
first sighting: https://github.com/shishi/rash_alt
-
-
stackoverflow.com stackoverflow.com
-
It's possible to run commands in a pseudo terminal via the PTY module in order to preserve a user facing terminal-like behaviour.
-
-
github.com github.com
-
Authorization scopes are a way to determine to what extent the client can use resources located in the provider. When the client requests the authorization it specifies in which scope they would like to be authorized. This information is then displayed to the user - resource owner - and they can decide whether or not they accept the given application to be able to act in specified scopes.
-
-
stackoverflow.com stackoverflow.com
-
This is similar to gdonato's answer, but scopes in doorkeeper are better used for managing which permissions are being given to the authenticated app (i.e. "Give this app permission to read X and write Y on your behalf").
-
THANK YOU! I gave up on this a long time ago but today I had to complete the project. I came back here intending to post this question again and found your answer. It was exactly what I was looking for. THANK YOU!
-
-
github.com github.com
-
Similar Libraries in Ruby
Tags
Annotators
URL
-
-
github.com github.com
-
next_feed = feed.next_page
-
-
developers.facebook.com developers.facebook.comWebhooks1
-
html.spec.whatwg.org html.spec.whatwg.org
-
To enable servers to push data to web pages over HTTP or using dedicated server-push protocols, this specification introduces the EventSource interface.
So they're kind of like webhooks, but from the server to the client instead of one server to another server?
-
-
developers.facebook.com developers.facebook.com
-
It uses the Server-Sent Events (SSE) web standard
first sighting: server-sent events
https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events
-
-
www.pluralsight.com www.pluralsight.com
-
&& nil
first sighting: I don't think I've seen someone write exactly
&& nil
before.Apparently to avoid having the return value from
errors.add
— which should be done solely for its side effect, not to get a return value -- inadvertently being used as a return value foruser
. It wouldn't make sense to return fromuser
. That should only return a User or nil. And more statically typed languages would allow that to be expressed/enforced from type annotations alone, which would have caught the mistake of returningerrors.add
if someone had accidentally attempted to return that.Having
user
(and thereforecall
) return nil is key to theunless @current_user
working. -
command = AuthenticateUser.call(params[:email], params[:password]) 8 9 if command.success?
-
nil
I appreciate the attention to detail of returning nil if that's what should be returned (rather than accidentally just returning the return value from the last line of code,
errors.add
. -
Instead of using private controller methods, simple_command can be used.
first sighting: simple_command
-
-
Here is a simple diagram of the process:
-
Token-based authentication is stateless - it does not store anything on the server but creates a unique encoded token that gets checked every time a request is made.
-
Token-based authentication (also known as JSON Web Token authentication) is a new way of handling the authentication of users in applications. It is an alternative to session-based authentication.
-
-
stackoverflow.com stackoverflow.com
-
A "piece of code" is worth a thousand words. All the verbosity in the previous answers didn't light the bulb in my head the way this piece of code did. And now that that verbosity makes absolutely perfect sense :)
-
The thing most obvious about the type systems of Java, C, C++, Pascal, and many other widely-used “industry” languages is not that they are statically typed, but that they are explicitly typed.In other words, they require lots of type declarations. (In the world of less explicitly typed languages, where these declarations are optional, they are often called “type annotations”.) This has nothing to do with static types. continued
-
One language that is currently being developed, Rascal, takes a hybrid approach allowing dynamic typing within functions but enforcing static typing for the function signature.
first sighting: Rascal
-
-
-
github.com github.com
-
describe AuthenticateUser do subject(:context) { described_class.call(username, password) } describe '.call' do context 'when the context is successful' do let(:username) { 'correct_user' } let(:password) { 'correct_password' } it 'succeeds' do expect(context).to be_success end end context 'when the context is not successful' do let(:username) { 'wrong_user' } let(:password) { 'wrong_password' } it 'fails' do expect(context).to be_failure end end end end
-
-
`.call` is a shortcut for `.new(args).call`
-
the class'
the class's
-
-
stackoverflow.com stackoverflow.com
-
This question is not duplicate as you marked it. My situation is different
-
-
stackoverflow.com stackoverflow.com
-
I was getting an error indicating I was using an invalid access_token. It turns out that I wasn't waiting for getLoginStatus to complete prior to making an API call
-
-
stackoverflow.com stackoverflow.com
-
stackoverflow.com stackoverflow.com
-
-
I disagree. What is expressed is an attempt to solve X by making something that should maybe be agnostic of time asynchronous. The problem is related to design: time taints code. You have a choice: either you make the surface area of async code grow and grow or you treat it as impure code and you lift pure synchronous logic in an async context. Without more information on the surrounding algorithm, we don't know if the design decision to make SymbolTable async was the best decision and we can't propose an alternative. This question was handled superficially and carelessly by the community.
superficially and carelessly?
-
The problem with this pile of questions is that, instead of helping the OP get out of the X Y problem, people stay focussed on Y, mark the question as a duplicate of Y in a matter of minutes and X is never properly addressed.
sticking too much to policy/habit instead of addressing the specific needs of individuals? too much eagerness to close / mark as duplicate?
-
because the value isn't there yet. A promise is just a marker that it will be available at some point in the future. You cannot convert asynchronous code to synchronous, though. If you order a pizza, you get a receipt that tells you that you will have a pizza at some point in the future. You cannot treat that receipt as the pizza itself, though. When you get your number called you can "resolve" that receipt to a pizza. But what you're describing is trying to eat the receipt.
-
-
stackoverflow.com stackoverflow.com
-
developers.facebook.com developers.facebook.com
-
developers.secure.facebook.com developers.secure.facebook.com
-
Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your app secret is never shared with anyone. Therefore, this API call should only be made using server-side code.
-
for security, app access token should never be hard-coded into client-side code, doing so would give everyone who loaded your webpage or decompiled your app full access to your app secret, and therefore the ability to modify your app. This implies that most of the time, you will be using app access tokens only in server to server calls.
-
once you have an access token you can use it to make calls from a mobile client, a web browser, or from your server to Facebook's servers. If a token is obtained on a client, you can ship that token down to your server and use it in server-to-server calls. If a token is obtained via a server call, you can also ship that token up to a client and then make the calls from the client.
-
Apple does not allow moving tokens to servers.
-
A User access token is used if your app takes actions in real time, based on input from the user. This kind of access token is needed any time the app calls an API to read, modify or write a specific person's Facebook data on their behalf. A User access tokens is generally obtained via a login dialog and requires a person to permit your app to obtain one.
-
-
-
developers.secure.facebook.com developers.secure.facebook.com
-
developers.secure.facebook.com developers.secure.facebook.com
-
It's also a good idea to run qualitative usability tests to understand how people are reacting to what they see.
-
It's incredibly important to test your Facebook Login flow under a variety of conditions, and we've built a robust testing plan for you to follow.
-
-
developer.mozilla.org developer.mozilla.org<button>1
-
Most browsers do give focus to a button being clicked, but Safari does not, by design.
-
-
bugs.webkit.org bugs.webkit.org
-
Are you two serious? Instead of advocating to fix this bug you go out of your way to post another bug report to advocate the devs to dig in their heels?! How about standardizing some devastating needed questions in the technology industry: 1. How does this help productive members of society? 2. Does this serve a useful purpose? 3. Should I be doing this? 4. Have I had a full, non-interrupted, rational conversation with multiple people who disagrees to help determine if I have objectively determined my answers to the first three questions?
-
-
developers.google.com developers.google.com
-
An expired ID token does not mean the user is signed out.
-
and pressed the Confirm button to grant consent and share credentials.
-
In cases where Google is authoritative the user is confirmed to be the legitimate account owner.
What about in other cases? The user may have created an account using someone else's e-mail address? Isn't e-mail verification a required step to create the Google Account though? I think so. I think the only case it is trying to warn us of is the one mentioned below:
email_verfied can also be true as Google initially verified the user when the Google Account was created, however ownership of the third party email account may have since changed.
-
-
www.furnishedfinder.com www.furnishedfinder.com
-
Because your time is valuable, submit one housing request and be connected with property owners eager to host you.
-
-
softwareengineering.stackexchange.com softwareengineering.stackexchange.com
-
Something that you're trying to keep the same, in order to achieve goal X (such as a "log lookup time" above).
-
An invariant is like a rule or an assumption that can be used to dictate the logic of your program.
-
An invariant (in common sense) means some conditions that must be true at some point in time or even always while your program is executing. e.g. PreConditions and PostConditions can be used to assert some conditions that must be true when a function is called and when it returns. Object invariants can be used to assert that a object must have a valid state throughout the time it exists. This is the design by contract principle.
-
Modern cars, however, use a single stick that pivots around among the gears. It's designed in such a way that, on a modern stick-shift car, it is not possible to engage two gears at the same time.
-
In OOP, an invariant is a set of assertions that must always hold true during the life of an object for the program to be valid. It should hold true from the end of the constructor to the start of the destructor whenever the object is not currently executing a method that changes its state.
-
-
stackoverflow.com stackoverflow.com
-
42 View upvote and downvote totals. This answer is not useful Save this answer. Show activity on this post. It is a condition you know to always be true at a particular place in your logic
-
The age of a parent is greater than the age of their biological children.
-
an invariant is something like of a fixed relationship between varying entities. For example, your age will always be less than that compared to your biological parents. Both your age, and your parent's age changes in the passage of time, but the relationship that i mentioned above is an invariant.
-
For instance, a binary search tree might have the invariant that for every node, the key of the node's left child is less than the node's own key. A correctly written insertion function for this tree will maintain that invariant. As you can tell, that's not the sort of thing you can store in a variable: it's more a statement about the program. By figuring out what sort of invariants your program should maintain, then reviewing your code to make sure that it actually maintains those invariants, you can avoid logical errors in your code.
-
-
developers.google.com developers.google.com
-
The secure OAuth 2.0 protocol lets you safely link a user's Google Account with their account on your platform, thereby granting Google applications and devices access to your services.
What I still don't understand is... How do you even initiate the Google app to request such access? How would you trigger that? It's not going to show a list of all 100,000 registered apps and ask which of those you'd like to add...
-
Use cases
-
-
developers.google.com developers.google.com
-
This describes account linking from the opposite direction than I'm used to: starting with the Google App, which requests your app to share data from your service with Google.
As it says on https://developers.google.com/identity/account-linking overview:
The secure OAuth 2.0 protocol lets you safely link a user's Google Account with their account on your platform, thereby granting Google applications and devices access to your services.
-
return and HTTP 200 response
-
-
en.wikipedia.org en.wikipedia.org
-
This can result in an unwanted increase in fraudulent account creations, or worse; attackers successfully stealing social media account credentials from legitimate users.
Tags
Annotators
URL
-
-
developers.google.com developers.google.com
-
The established link grants Google access to the data the user consents to share.
-
Benefits for developers include:
-
Benefits for users include:
-
Users can start and complete the account linking process in your app, an environment they are already familiar with. Users do not require login credentials because they have already been authenticated on the device and in your mobile app.
-
-
developers.google.com developers.google.com
-
-
A traditional account linking flow requires the user to enter their credentials in the browser. The use of App Flip defers user sign-in to your Android app, which allows you to leverage existing authorizations. If the user is signed in to your app, they don't need to re-enter their credentials to link their account.
-
-
support.google.com support.google.com
-
You can create variations of your email address where all messages arrive in your current inbox. Just add a plus sign (+) and any word before the @ sign in your current address.
-
-
developers.google.com developers.google.com
-
To simulate a Google app and trigger the intent which launches your app, download and install the App Flip Test Tool
-
To implement App Flip, you need to modify the user authorization code in your app to accept a deep link from Google.
-
-
developers.google.com developers.google.com
-
aud
-
To perform account linking with OAuth and Google Sign-In, follow these general steps: First, ask the user to give consent to access their Google profile. Use the information in their profile to check if the user account exists. For existing users, link the accounts. If you can't find a match for the Google user in your authentication system, validate the ID token received from Google. You can then create a user based on the profile information contained in the ID token.
-
-
www.centurylink.com www.centurylink.com
-
Don't reply or click any links in a spam message Replying to, clicking on links within, or even attempting to unsubscribe from spam emails typically only informs the sender that they have found an active email address to which they'll send more spam emails.
-
-
developer.chrome.com developer.chrome.com
-
-
This feature is available only in Chrome, not Chromium.
Really? It's working for me in ungoogled-chromium
-
-
stackoverflow.com stackoverflow.com
-
developers.google.com developers.google.com
-
Whether a personalized button or a generic text button displays has no impact on the UX flows after the button is clicked. The account displayed in the personalized button is not automatically selected.
-
A personalized button gives users a quick indication of the session status, both on Google's side and on your website, before they click the button. This is especially helpful to end users who visit your website only occasionally. They may forget whether an account has been created or not, and in which way. A personalized button reminds them that Sign In With Google has been used before. Thus, it helps to prevent unnecessary duplicate account creation on your website.
first sighting: sign-in: problem: forgetting whether an account has been created or not, and in which way
-
-
developers.google.com developers.google.com
-
-
https://accounts.google.com/o/oauth2/v2/auth?
-
-
bankautomationnews.com bankautomationnews.com
-
The United States was lagging in the adoption of real-time payments (RTP) before the launch of FedNow because the market is structured on choice rather than mandate
-
-
en.wikipedia.org en.wikipedia.org
-
Our freedom of choice in a competitive society rests on the fact that, if one person refuses to satisfy our wishes, we can turn to another. But if we face a monopolist we are at his absolute mercy.
-
-
github.com github.com
-
One loss due to this change is the ability to represent an invalid UUID (vs a NIL UUID).
-
-
opentelemetry.io opentelemetry.io
-
-
Compared with simple clients, modern clients are generally much easier to use and more Ruby-like
-
Modern clients are produced by a modern code generator, combined with hand-crafted functionality for some services.
-
Most modern clients connect to high-performance gRPC endpoints, although a few are backed by REST services.
-
The libraries in this repo are simple REST clients. These clients connect to HTTP/JSON REST endpoints and are automatically generated from service discovery documents. They support most API functionality, but their class interfaces are sometimes awkward.
-
-
developers.google.com developers.google.com
-
Web server applications
-
It is generally a best practice to request scopes incrementally, at the time access is required, rather than up front. For example, an app that wants to support saving an event to a calendar should not request Google Calendar access until the user presses the "Add to Calendar" button; see Incremental authorization.
-
After logging in, the user is asked whether they are willing to grant one or more permissions that your application is requesting. This process is called user consent.
-
-
Given the security implications of getting the implementation correct, we strongly encourage you to use OAuth 2.0 libraries when interacting with Google's OAuth 2.0 endpoints. It is a best practice to use well-debugged code provided by others, and it will help you protect yourself and your users. For more information, see Client libraries.
-
-
Tags
Annotators
URL
-
-
developers.google.com developers.google.com
-
Cross-Account Protection does not currently send security events for Google Workspace (formerly G Suite) users.
That's a pretty major caveat
-
For example, if a user's Google Account were compromised, you could temporarily disable Sign In With Google for that user and prevent account recovery emails from being sent to the user's Gmail address.
-
-
developers.google.com developers.google.com
-
After you have verified the token, check if the user is already in your user database. If so, establish an authenticated session for the user. If the user isn't yet in your user database, create a new user record from the information in the ID token payload, and establish a session for the user. You can prompt the user for any additional profile information you require when you detect a newly created user in your app.
-
If so, establish an authenticated session for the user.
-
Warning: Do not accept plain user IDs, such as those you can get with the GoogleUser.getId() method, on your backend server. A modified client application can send arbitrary user IDs to your server to impersonate users, so you must instead use verifiable ID tokens to securely get the user IDs of signed-in users on the server side.
-
- Nov 2023
-
stackoverflow.blog stackoverflow.blog