These are chat archives for arenanet/api-cdi

18th
Sep 2017
smiley
@codemasher
Sep 18 2017 09:22
WTS soundcloud API account c/o 500e
BoyC
@BoyC
Sep 18 2017 09:23
abandoning a sinking ship, ey? :D
smiley
@codemasher
Sep 18 2017 09:29
they've closed API registration a while ago
but hey, so did last.fm and they're still in business :D
BoyC
@BoyC
Sep 18 2017 09:33
a couple months ago soundcloud was saved from bankrupcy in the last second if i recall correctly
smiley
@codemasher
Sep 18 2017 10:55
were they? i thought they were still struggling
they've closed some of their headquarters and laid off a lot of jobs and it was said they're safe until years end
Archomeda
@Archomeda
Sep 18 2017 12:58
oh wow
Archomeda
@Archomeda
Sep 18 2017 13:24
wait... since when does an invalid key give me a 400? i thought it would give me a 403
:D
windwarrior
@windwarrior
Sep 18 2017 16:44
his name is especially brilliant
Eearslya Sleiarion
@Eearslya
Sep 18 2017 17:16
damn, already?
darthmaim
@darthmaim
Sep 18 2017 17:17
:P
Archomeda
@Archomeda
Sep 18 2017 17:22
that looks really nice
darthmaim
@darthmaim
Sep 18 2017 17:23
just a super simple jekyll site
extracted all the posts with some super hacky scripts
darthmaim
@darthmaim
Sep 18 2017 17:23
and wrote a jekyll generator generating the pages from the json
yeah I have to do add some more postprocessing to the comments anyway
like rewriting all forum links

could you dig out the recipe sheet item id and recipe id for "Shukov's Launch Codes"?

@ChieftainAlex 36618,36578

darthmaim
@darthmaim
Sep 18 2017 17:28
bw, there are a few items and skins that need whitelisting
you've hidden yourself? :P
darthmaim
@darthmaim
Sep 18 2017 17:29
there fixed :P
Archomeda
@Archomeda
Sep 18 2017 17:29
tbf it might give people the impression that you're a gw2 dev :P
pfft
darthmaim
@darthmaim
Sep 18 2017 17:29
I didn't have any code in the org and didn't want it on my profile
I can rename it if @lye wants :P
idc
darthmaim
@darthmaim
Sep 18 2017 17:31
I have that org for quite some time now, planned to write guides, best practices, ...
Figured I could at least use it for the forum backup now
Archomeda
@Archomeda
Sep 18 2017 17:31
:)
bleh did they copy over all the old forum threads or something
Archomeda
@Archomeda
Sep 18 2017 17:31
to the new forums? no
also, https://en-forum.guildwars2.com/discussion/comment/118248#Comment_118248, lovely how people just throw away what you explained on why it can't or won't be done
Quaggan BooOOoot
@QuagganBooOOoot
Sep 18 2017 17:33

Comment to [Suggestion] Make specific names a requirement for API key use
by (ArenaNet) Lawton Campbell.8517 in API Development

Unfortunately, there's no way to do this in a backwards-compatible way. Implementing this would break a whole swath of apps that don't check the API key name.

Also I don't have any freetime these days to rework the entire API key system :(

Archomeda
@Archomeda
Sep 18 2017 17:33
oh right, there's a bot
but hey, i can :-1: now
darthmaim
@darthmaim
Sep 18 2017 17:35
:D
Archomeda
@Archomeda
Sep 18 2017 17:36
i don't even see what that suggestion is supposed to do really
they want oauth2
stop trying to make oauth2 happen
it's not going to happen
darthmaim
@darthmaim
Sep 18 2017 17:36
:cry:
Archomeda
@Archomeda
Sep 18 2017 17:37
okay... that post really is a stupid way to ask for oauth2, without mentioning oauth2 at all
btw @lye, any news on the .access property in /v2/account?
uhh
nope
Archomeda
@Archomeda
Sep 18 2017 17:38
:(
maybe I should spend a day working on API stuff
I've got a pile of other stuff to work on
Archomeda
@Archomeda
Sep 18 2017 17:39
if only we could help you without traveling to the US and apply for a job :(
Eearslya Sleiarion
@Eearslya
Sep 18 2017 17:39
@lye what about oauth1
I don't even know what oauth1a is
Eearslya Sleiarion
@Eearslya
Sep 18 2017 17:40
neither do I
but I figure it's gotta exist
oauth2 is fine
I like oauth2
the restrictions that prevent oauth2 equally prevent any clean UX
David Reeß
@queicherius
Sep 18 2017 17:41
Oh that key naming idea was for discussion in the gw2e subreddit too
naming is a clunky workaround for hacky authentication
the vast majority of things shouldn't be using the API key for authentication
but for e.g. automatic ts whitelisting and stuff it kind of works
David Reeß
@queicherius
Sep 18 2017 17:42
I personally dont like OAuth2, esp. for server things. It's fine for user auth but for long running crawling tasks it can be pretty annoying
Archomeda
@Archomeda
Sep 18 2017 17:42
i'm using it to verify guild members on our guild discord
only to verify their account name, i'm pulling the guild roster from our guild leader's api key
@queicherius like the refresh token flow is gross or
darthmaim
@darthmaim
Sep 18 2017 17:43
Sadly its the only way to verify if a person owns the api key or just found it somewhere
Archomeda
@Archomeda
Sep 18 2017 17:44
well, kind of; you can still get it from someone else if you're communicating
@darthmaim you can generate a unique string and have them create an API key with that name
it's super clunky but serves as a secure means of 1-time authentication
darthmaim
@darthmaim
Sep 18 2017 17:44
I know, thats what I said
and what I am already doing for a few projects
sorry i haven't had coffee yet and am still super dumb
darthmaim
@darthmaim
Sep 18 2017 17:45
:D
Archomeda
@Archomeda
Sep 18 2017 17:45
oh dear
darthmaim
@darthmaim
Sep 18 2017 17:45
:coffee:
Archomeda
@Archomeda
Sep 18 2017 17:45
it's still monday :/
you have to survive until friday! :D
it's tuesday somewhere
Archomeda
@Archomeda
Sep 18 2017 17:45
probably somewhere in the east yeah
David Reeß
@queicherius
Sep 18 2017 17:45
@lye Yeah, because I have my tokens in docker secrets and I really dont want to give the running containers the option to reach out onto the host
ah, makes sense
Archomeda
@Archomeda
Sep 18 2017 17:46
i like oauth2 for client or browser apps, but for server sided things i like api keys more
David Reeß
@queicherius
Sep 18 2017 17:47
Maybe I am just stupid, thats also possible
might have been do-able to rig up an implicit refresh flow where you provide ?token=x&refresh=y on API calls instead of access_key
And the refresh is just done implicitly
I'm trying to remember how everything works
I'm pretty sure the API key just has a refresh token embedded in it
David Reeß
@queicherius
Sep 18 2017 17:48
Does that mean the API keys could potentially expire?
nah refresh tokens never expire
until they're explicitly deleted in the UI
David Reeß
@queicherius
Sep 18 2017 17:51
Interesting, I didnt know you could do that with OAuth. With the APIs I used it just deleted the refresh token and generated a new one every time it got used
heh probably sub-optimal
the access token that a refresh token gets you should be valid for at least a day
darthmaim
@darthmaim
Sep 18 2017 17:55
Why would the refresh token expire when it gets used? You could just generate the access tokens directly then and skip the refresh flow
that makes no sense
the point of refresh tokens is that they can be used multiple times to get short lived access tokens
David Reeß
@queicherius
Sep 18 2017 18:02
@darthmaim I have no idea, I was just trying to consume that API :D
Eearslya Sleiarion
@Eearslya
Sep 18 2017 18:04
I'm probably missing something important, but how do refresh keys add security? If they can be used infinitely, how is that better than an unchanging API key?
:shrug:
normally the refresh token isn't emitted unless the user selects a specific scope ("offline")
hmm, we've had this discussion before
how much stuff is going to break if I change access from a string to an array
I'm tempted to just put accesses
darthmaim
@darthmaim
Sep 18 2017 18:37
access would break apps anyway with a new value for PoF
true
Edgar Doiron
@Coffee4cr
Sep 18 2017 18:39
so might as well break it at the same time it breaks for everyone, so no one will notice ;)
darthmaim
@darthmaim
Sep 18 2017 18:40
changing the datatype would probably break more things
I'm just going to change the data type
will probably deploy that friday
darthmaim
@darthmaim
Sep 18 2017 18:42
:+1:
Archomeda
@Archomeda
Sep 18 2017 19:07
image.png
lovely whenever the client can't access the login servers :P
Archomeda
@Archomeda
Sep 18 2017 20:01
eh.....
--> Crash <--
Assertion: Failed to load file.
lol
Texture '0x03539b' dimensions too small
Loading '0x03539b' texture failed
File size mismatch from archive for 0x00005602[0]; expected = 44764, actual = 0
Raw file 0x00005602:0x0014f280 has CRC 0xbb31595e.
Deleting file 0x00005602
Failed to load file {0x00005602:0x0014f280} from archive
Failed to load file {0x00005602:0x0014f280[0]}
:')
smiley
@codemasher
Sep 18 2017 20:02
@darthmaim :+1:
(needs more tests tho)
Archomeda
@Archomeda
Sep 18 2017 20:06
but i can still play
with no audio, no text, no bomb circles inside stronghold of the faithful :D
escort
huh
Eearslya Sleiarion
@Eearslya
Sep 18 2017 20:06
"works on my machine"
I'd recommend backing up anything on that HDD >_>
Archomeda
@Archomeda
Sep 18 2017 20:07
also no models :D
windwarrior
@windwarrior
Sep 18 2017 21:31
I have had some issues with sounds in SotF too
some sounds not appearing
might be a :bug: