-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restricting q=source
based on scopes
#31
Comments
I do this for Koype but I haven’t had a client to try this out on. (Originally published at: https://v2.jacky.wtf/post/b4a35724-778b-4def-9b60-88b9fafd0fa7) |
Micropublish should work, I think? Maybe trying to edit a deleted post? (Originally published at: https://www.jvt.me/mf2/2020/07/hppmx/) |
When you log in to Micropublish there are two scope presets for authorisation: So as things stand I'm not sure Micropublish would help testing this scenario. It wouldn't be too hard to make this a bit more granular, at least for testing. |
Sorry, I should've added a bit more context on how I would use Micropublish to verify this. Using the deleted post https://www.jvt.me/mf2/2020/04/dd338/, which returns 400 when performing q=source:
(Originally published at: https://www.jvt.me/mf2/2020/07/s65rh/) |
TIL there's an I might want to build something like this, even though my frontend that uses |
I like this restricted approach based on scope. I'm currently building a new headless Micropub server for my website with a separate front-end as a client. The website uses the My new server will restrict results based on the scope and
Neither will return a private post on my new website. However, when using a client like Quill/Micropublish with the I'm working on some matching improvements to Micropublish to add |
Within my own Micropub server, I have implemented a restriction on
q=source
to only allow clients withundelete
access to view/list deleted posts.I wonder how others feel about having this restriction in their own implementations, or if anyone does similar?
The text was updated successfully, but these errors were encountered: