when you refresh a token, spotify may optionally also return a new refresh token which invalidates the existing refresh token.
2022-10-06 27949, 2022
lucifer
but if you don't refresh then iiuc the old refresh token keeps working.
2022-10-06 27959, 2022
aerozol
re. global scope, as a derp end user I don’t really want a list of all MetaBrainz projects. Like on Google I don’t care if a Google account lets me access YouTube and Drive etc. I just want to create an account and login
2022-10-06 27922, 2022
aerozol
Unless it’s giving external apps access or sharing my data in some way (which creating a login isn’t, I haven’t added data yet)
2022-10-06 27931, 2022
Freso
mayhem: When you have a moment to task switch/for admin stuff, it would be great to have the Zoom meeting link before tomorrow. :)
lucifer: is this an intermediate code before requesting a token?
2022-10-06 27951, 2022
lucifer
the scopes here can also become a join table.
2022-10-06 27907, 2022
zas
monkey: Pizza Mexican
2022-10-06 27919, 2022
monkey
👍
2022-10-06 27938, 2022
yvanzo
monkey: Bolets
2022-10-06 27941, 2022
monkey
OK
2022-10-06 27943, 2022
lucifer
alastairp: yes. client redirects user to MeB.org. user approves on MeB.org and gives an authorization code to client on redirect_uri. client queries MeB.org with authorizaton code to get access token.
2022-10-06 27939, 2022
lucifer
this is the same workflow we use in LB to auth with MB/spotify/CB etc.
2022-10-06 27941, 2022
alastairp
lucifer: right, in that case, I think that table is probably fine
2022-10-06 27912, 2022
lucifer
👍
2022-10-06 27930, 2022
alastairp
it's a workflow for something that we need to do, but doesn't need anything special extra based on what we've discussed
2022-10-06 27919, 2022
alastairp
do we want to require 3rd party apps to respond to an account deletion request?
2022-10-06 27934, 2022
alastairp
e.g. we POST to them to say "accoutn luficer was deleted, please remove it from your app"
2022-10-06 27946, 2022
lucifer
probably yes i guess.
2022-10-06 27949, 2022
lucifer
but can add that later
2022-10-06 27956, 2022
lucifer
we'll need an extra column in client table for a webhook url. and some more tables if we want to retry etc.
mayhem: alastairp: the SQL schema you'll need to create in the db.
2022-10-06 27903, 2022
mayhem
ok, on it.
2022-10-06 27917, 2022
lucifer
one change from what we discussed before, added a issued_at column to client_id. for marking the time of creation of an oauth app. saw that the authlib demos were using it so added.
2022-10-06 27934, 2022
mayhem
makes sense
2022-10-06 27919, 2022
lucifer
i am working on the MeB side server implementation meanwhile.
2022-10-06 27958, 2022
mayhem
tables created.
2022-10-06 27920, 2022
mayhem
anything I can do to help? like code the three fake accounts?
2022-10-06 27912, 2022
lucifer
sure creating test accounts sounds good.
2022-10-06 27943, 2022
mayhem
which function would get called to check to see if a login is valid?
2022-10-06 27912, 2022
lucifer
i am not sure currently sorry. but i think regular MeB login functions.
2022-10-06 27935, 2022
lucifer
i'd say creating user in db would be easiest
2022-10-06 27902, 2022
lucifer
i.e. add new user to `ouath.user` table.
2022-10-06 27950, 2022
lucifer
other than that need to follow the steps here and update the branch. some steps are already done but authlib has a version out so may need to update. https://docs.authlib.org/en/latest/flask/2/index.…
2022-10-06 27951, 2022
reosarevok
Just make sure you don't call it ouath
2022-10-06 27919, 2022
lucifer
uh i named the sql schema oauth but we can rename it before deploying to prod.
2022-10-06 27945, 2022
reosarevok
I meant that you typoed it there, I was making sure it wasn't copied from somewhere :)
(except for bugs that will show up when we run first and fix retry so on)
2022-10-06 27929, 2022
lucifer
working through authlib docs to resolve these TODOs currently.
2022-10-06 27909, 2022
mayhem
everyone: I've created three dummy user/password entries right now: test1/test1 , test2/test2 , test3/test3
2022-10-06 27927, 2022
mayhem
lucifer: a bcrypted password looks like this `{CRYPT}$2b$12$VzZ0OEmapdPUqw.4.ZTeZuBUz2RE6m.oPzXRDqpt8CpMubQiJ5kVq`
2022-10-06 27957, 2022
mayhem
when passing it to the bcrypt function, we need to remove the {crypt} which indicates to us which hash alg to use.
2022-10-06 27917, 2022
lucifer
i see, makes sense.
2022-10-06 27942, 2022
lucifer
oh i think i might be able to sidestep these todos. let me put up the current branch on test.meb.org and check
2022-10-06 27953, 2022
lucifer
mayhem: how about i change the login endpoint in this branch so that anyone who logins there is logged in as test1/test1?
2022-10-06 27910, 2022
mayhem
sure
2022-10-06 27915, 2022
lucifer
well not even login, just click login and done
2022-10-06 27924, 2022
lucifer
👍
2022-10-06 27927, 2022
mayhem
yeah, understood
2022-10-06 27902, 2022
zas
mayhem suggested we do a group photo with everyone here at the office wearing the amazing new summit t-shirt. It would be nice to do that at 17 in main hall, before the daylight is too low.
2022-10-06 27931, 2022
mayhem
ok
2022-10-06 27946, 2022
mayhem
we'll have to hold lucifer's shirt up to the laptop, I guess.
alastairp: But, we won't be able to show such detailed statistics for reviews for particular types of an entity_type. For example the number of reviews for Person, Group, Orchestra, Choir... which are types for artist.
2022-10-06 27907, 2022
alastairp
ansh: given the number of reviews of artists that we have, I think it's probably OK if we just had a total count of reviews for now ;)
2022-10-06 27911, 2022
ansh
True
2022-10-06 27906, 2022
alastairp
aerozol: otherwise, the easiest solution would probably be an amazon order that will get here tomorrow
monkey: aerozol: one thing that irritates me sometimes is how small `i` looks `l` in the sintony fonts. you probably have noticed it on various meb sites. can that be improved?