| Time |
S |
Nick |
Message |
| 00:33 |
|
|
shrink0r_ joined #rest |
| 00:43 |
|
|
shrink0r joined #rest |
| 00:45 |
|
|
shrink0r_ joined #rest |
| 00:47 |
|
|
shrink0r joined #rest |
| 02:22 |
|
|
shrink0r_ joined #rest |
| 02:23 |
|
|
pezra joined #rest |
| 02:23 |
|
|
shrink0r joined #rest |
| 02:26 |
|
|
shrink0r_ joined #rest |
| 02:28 |
|
|
shrink0r joined #rest |
| 02:41 |
|
|
shrink0r_ joined #rest |
| 02:46 |
|
|
lemur joined #rest |
| 03:43 |
|
|
tr3online joined #rest |
| 07:17 |
|
|
rosstuck joined #rest |
| 07:46 |
|
|
quimrstorres joined #rest |
| 07:49 |
|
|
quimrstorres joined #rest |
| 08:32 |
|
|
quimrstorres joined #rest |
| 08:39 |
|
|
vanHoesel joined #rest |
| 08:41 |
|
|
shrink0r joined #rest |
| 08:47 |
|
|
quimrstorres joined #rest |
| 08:50 |
|
|
shrink0r joined #rest |
| 08:59 |
|
|
tr3online joined #rest |
| 09:14 |
|
|
Left_Turn joined #rest |
| 09:15 |
|
|
quimrstorres joined #rest |
| 10:30 |
|
|
tr3online joined #rest |
| 10:49 |
|
|
_ollie1 joined #rest |
| 11:35 |
|
|
mezod joined #rest |
| 11:41 |
|
|
_ollie joined #rest |
| 11:53 |
|
|
graste joined #rest |
| 12:19 |
|
|
quimrstorres joined #rest |
| 12:56 |
|
|
rhyselsmore joined #rest |
| 13:19 |
|
|
quimrstorres joined #rest |
| 13:26 |
|
|
interop_madness joined #rest |
| 13:29 |
|
interop_madness |
is it wrong for a HEAD request to return the Content-Disposition header? |
| 13:31 |
|
asdf` |
huh, why would a response to a HEAD ever need to send that request? |
| 13:32 |
|
asdf` |
*that header |
| 13:35 |
|
|
quimrstorres joined #rest |
| 14:02 |
|
interop_madness |
asdf`, just for convenience reasons: a client wants to know the name of the file a GET request would deliver, before said file is requested |
| 14:19 |
|
gamache |
a spam in my inbox: "Get 35% Off ALL Media Types Now!" |
| 14:21 |
|
|
nkoza joined #rest |
| 14:41 |
|
fumanchu_ |
:P |
| 14:45 |
|
asdf` |
interop_madness, hmm sure, actually same as with eg. Content-Length, no problems there; kinda surprised me there though, as i've never encountered a situation in which i'd want to know the filename in advance, but sure, sounds fine |
| 14:53 |
|
interop_madness |
ok thanks asdf` |
| 15:37 |
|
|
nkoza joined #rest |
| 16:13 |
|
|
quimrstorres joined #rest |
| 16:14 |
|
|
lemur joined #rest |
| 16:16 |
|
|
_ollie1 joined #rest |
| 16:38 |
|
|
quimrstorres joined #rest |
| 16:40 |
|
|
quimrsto_ joined #rest |
| 16:50 |
|
|
_ollie joined #rest |
| 16:53 |
|
|
fumanchu joined #rest |
| 17:54 |
|
|
quimrstorres joined #rest |
| 17:55 |
|
|
quimrstorres joined #rest |
| 18:33 |
|
|
tr3online joined #rest |
| 18:36 |
|
|
lacrymology joined #rest |
| 18:36 |
|
lacrymology |
I've got a resource that is an object with two lists: { events: [....], friends: [....] }, does anyone have any ideas about paginating this kind of thing? |
| 18:40 |
|
|
tr3online joined #rest |
| 18:49 |
|
|
rhyselsmore joined #rest |
| 18:55 |
|
|
hackel joined #rest |
| 19:00 |
|
_ollie |
lacrymology: make em separate resources… |
| 19:07 |
|
|
quimrstorres joined #rest |
| 19:12 |
|
|
adaro joined #rest |
| 19:32 |
|
|
quimrstorres joined #rest |
| 19:34 |
|
|
quimrstorres joined #rest |
| 19:35 |
|
|
lacrymology joined #rest |
| 19:46 |
|
|
shrink0r joined #rest |
| 19:50 |
|
|
quimrstorres joined #rest |
| 20:02 |
|
|
quimrstorres joined #rest |
| 20:08 |
|
|
_ollie1 joined #rest |
| 20:17 |
|
|
quimrstorres joined #rest |
| 20:26 |
|
pdurbin |
how do people feel about this feature request? is it ok security? Implement a way for tools to get a token for a user given username and password · Issue #1818 · IQSS/dataverse - https://github.com/IQSS/dataverse/issues/1818 |
| 20:30 |
|
whartung |
why not use oauth pdurbin ? |
| 20:34 |
|
pdurbin |
whartung: no time. gotta ship |
| 20:34 |
|
pdurbin |
maybe someday |
| 20:34 |
|
whartung |
ok 1 sec |
| 20:37 |
|
whartung |
so, then the easy mode i |
| 20:37 |
|
whartung |
is |
| 20:37 |
|
whartung |
I mean, oauth handles this specific problem. |
| 20:38 |
|
whartung |
but saml does too, right? you can stick token in an AuthnResponse |
| 20:38 |
|
whartung |
the key point is that whoever consumes the token needs to bounce it off of the "IdP" to validate it, then set the session up from then on. |
| 20:41 |
|
saml |
yah i do it |
| 20:41 |
|
whartung |
heh…the OTHER SAML :) |
| 20:42 |
|
pdurbin |
whartung: you can use SAML from a REST API? Hmm. |
| 20:42 |
|
whartung |
well the game is collecting the credential, right? |
| 20:42 |
|
whartung |
what we did |
| 20:42 |
|
pdurbin |
I guess I'm thinking that if you already know someone's password, you can just log into the GUI to get the API token. Using the API to get the API token if you know the password doesn't feel much different. |
| 20:42 |
|
whartung |
was we used generic SAML v2, right? |
| 20:43 |
|
|
hackel joined #rest |
| 20:43 |
|
whartung |
the web app starts up, and it then makes a server call: "getMeMySuperSecretKey". The server, will see that it doesn't have a session, and reply, "So sorry, no key for you". App will go "Bother. redirect to IdP", then it starts all over. |
| 20:43 |
|
whartung |
this requires an ITTY BITTY sesion. |
| 20:44 |
|
whartung |
then, once the session is stood up, the server can vend a key to the API |
| 20:44 |
|
whartung |
and the API then uses that key for it's actual REST calls. |
| 20:44 |
|
whartung |
so, the REST api is "pure", but there's a little bit of plumbing for the webapp with this teeny bit of state. |
| 20:45 |
|
whartung |
you can always come up with other mechanisms to get the SuperSecretKey (such as sending in credentials yourself) |
| 20:45 |
|
whartung |
but we needed something that would work in a SSO environment |
| 20:46 |
|
pdurbin |
yeah |
| 20:54 |
|
|
quimrstorres joined #rest |
| 20:56 |
|
|
quimrsto_ joined #rest |
| 21:00 |
|
|
quimrstorres joined #rest |
| 21:00 |
|
|
quimrstorres joined #rest |
| 21:17 |
|
|
vanHoesel joined #rest |
| 21:18 |
|
* pdurbin |
will think on this |
| 21:18 |
|
pdurbin |
whartung: thanks |
| 21:55 |
|
|
shrink0r joined #rest |
