06:32 caseorganic-m joined #geoloqi
08:49 MarkDilley joined #geoloqi
08:50 workshop joined #geoloqi
08:56 MarkDilley joined #geoloqi
08:56 MarkDilley joined #geoloqi
08:59 workshop joined #geoloqi
09:10 workshop joined #geoloqi
10:02 KevinR joined #geoloqi
10:04 <aaronpk> hey there KevinR
10:04 <KevinR> hey aaron, thanks for offering to answer questions. Hope you and Amber are doing well :)
10:05 workshop joined #geoloqi
10:05 <aaronpk> no problem!
10:06 <aaronpk> so if you aren't familiar with OAuth 2, it's quite a bit simpler than 1
10:08 <KevinR> that's good to know, essentially we have an API primarily used by mobile devices (not web) and oAuth still seems to be the way to go
10:08 <KevinR> I've read up on xAuth which seems to be oAuth minus the web auth step?
10:09 <KevinR> Step 1 appears to be requesting a "request token" what parameters do you require on this call? assuming this is probably documented on dev.geoloqi.com
10:09 <aaronpk> one way is the web authorization screen, another way is directly exchanging a username and password for a token
10:10 plamb joined #geoloqi
10:11 <KevinR> the direct exchanging of username/password for token is probably the way we want to go
10:11 <aaronpk> yep, that's what our mobile clients do
10:12 <aaronpk> basically a post request to your endpoint with the username and password
10:12 <KevinR> nice, that looks simple enough... I assume client_id/client_secret correspond to consumer_key/consumer_secret
10:13 <aaronpk> note that it's these parameter names that sometimes change between draft revisions, so some things are named slightly different between draft 10 and draft 14
10:13 <KevinR> Twitter's version of oAuth requires a bunch of other stuff as well: i.e. oauth_nonce, signature method, timestamp, etc...
10:13 <aaronpk> that's oauth 1
10:14 <aaronpk> oauth 1 involves signing requests with signatures and such, but oauth 2 dropped that in favor of all requests going over SSL, since SSL does a lot of that verification itself
10:14 <aaronpk> (assuming you actually validate the certificate)
10:15 <aaronpk> https is encrypted end-to-end, and if you validate the certificate then you can be sure there was no MITM attack
10:16 <KevinR> right... so let me summarize: POST username,password, client_id, and client_secret to authenticate operation and return a token
10:16 <aaronpk> if you don't have SSL, then you need to use signatures with shared secrets in order to verify the request wasn't tampered with en route
10:16 <KevinR> that simple?
10:16 <aaronpk> yep, that simple
10:16 <KevinR> we require SSL for all operations
10:16 <aaronpk> so once you have an access token, there is one more step
10:16 <KevinR> are there any requirements on the generated tokens? number of bits? string? numbers?
10:17 <aaronpk> nope, that's implementation specific
10:17 <KevinR> cool. so what's the next step?
10:17 <aaronpk> we use the format userid-randomstring
10:17 <KevinR> makes sense
10:17 <aaronpk> that helps when debugging things because you can see whcih user made the request easily
10:17 <aaronpk> also it would let you shard your access token database in the future
10:18 <KevinR> right, good thinking :)
10:18 <KevinR> so once you've auth'd the user and gotten a token back what else do you have to do?
10:21 <KevinR> indeed, this seems ridiculously straightforward
10:21 <aaronpk> that's the idea!
10:21 <aaronpk> ok, so now that slightly less straightforward part
10:22 <aaronpk> note the optional "expires_in"
10:22 <aaronpk> if you want, you can set an expiration date on access tokens that you issue
10:23 <KevinR> looks like expires_in is optional. How long do Geoloqi tokens live?
10:23 <aaronpk> for your own trusted clients, it may not be important, but for authorizing third party web apps, it might be a good idea
10:23 <aaronpk> our api has the ability to set the expiration date per client
10:23 <KevinR> so then you must support the refresh_token?
10:24 <aaronpk> right. so when you return an expiration date, you also return a refresh token.
10:24 <aaronpk> after the access token expires, the client can use the refresh token to get a new access token
10:24 <aaronpk> grant_type=refresh_token&client_id=s6BhdRkqt3& client_secret=8eSEIpnqmM&refresh_token=n4E9O119d
10:25 <KevinR> this is the same operation as the one that authenticated the user just a different grant_type?
10:26 <KevinR> this makes sense
10:26 <KevinR> anything else to this?
10:27 <aaronpk> that's the basics, and that's all you'll need to get it working with your own mobile clients
10:27 <KevinR> you are awesome and I owe you beer and sushi :)
10:27 <aaronpk> the other part is the "scope," but that is more applicable once you're authorizing third-party clients
10:28 <KevinR> this is good enough to get rolling thanks for the info man, much appreciated
10:28 <aaronpk> great! no problem!
11:58 <aaronpk> wow, everyone is getting into this game
12:00 MarkDilley_ joined #geoloqi
12:01 <aaronpk> can't find it in the app store
12:01 <aaronpk> oh probably doesn't show up on the ipod touch
12:03 <plamb> those guys are one of many competitors at getting into some of the incubators we've applied to
12:03 <plamb> i asked them how they'd say they differed from geoloqi
12:04 <aaronpk> looks like they've already done the battery optimizations we've been planning
12:04 <plamb> cell-tower triangulation?
12:05 <aaronpk> the iphone provides that mechanism
12:05 <aaronpk> it's just a question of doing something smart with it
12:05 <plamb> does that seem hard to do?
12:05 <plamb> and is it as exact as GPS?
12:05 <aaronpk> it's nowhere close
12:05 <aaronpk> it puts you on the right side of the river in portland but that's about it
12:05 <plamb> seems like if you're doing auto-checkins you want to be really exact
12:06 <aaronpk> yep, that's why it's not an easy problem to solve :)
12:06 <plamb> i havent tested the battery settings a lot yet on geoloqi
12:06 <plamb> does placing them at 'save the most battery side'
12:06 <plamb> actually help a lot?
12:07 <plamb> basically, is there any hope for having GPS not suck your battery life badly
12:07 <plamb> not sucking*
12:07 <aaronpk> well here's the thing, the biggest drain is actually communicating to the server, not necessarily running the gps
12:07 <aaronpk> which leaves a lot of room for optimization by caching data on the phone
12:08 <aaronpk> and that's something we haven't quite polished off yet, but we're working on it
12:08 <plamb> interesting
12:08 <plamb> i think a lot of apps will be running GPS-related stuff in the background in the near future
12:08 <plamb> very important stuff
12:09 <plamb> creating a platform to allow apps to run GPS in the background that doesnt suck battery
12:09 <plamb> would be awesome
12:09 <plamb> i know we'd use it
12:09 <aaronpk> that's our goal
12:10 <aaronpk> the idea is to be able to send location-based messages to your users, right?
12:10 <plamb> that and also potentially doing auto-checkins as well
12:11 <plamb> because non-geeks rarely choose to check themselves in :)
12:12 <aaronpk> checking in to foursquare or to your own db?
12:12 <plamb> for the stuff we'd want to build on top of check-ins
12:12 <plamb> it'd probably have to share with out DB
12:13 <plamb> this is why i've wanted to meet with you guys recently
12:13 <plamb> talk about that and getting a barbird layer in geoloqi
12:14 MarkDilley_ joined #geoloqi
12:14 <aaronpk> cool, that would be neat
12:14 <plamb> since we already have a ton of geo-coded data
12:55 <aaronpk> layers in the app have the ability to embed a little web view so you can show custom content
12:56 <plamb> yeah we just need to understand from you guys what it takes to create a layer
13:03 <aaronpk> ok, we need to document all of that as well so it would be good to go through it with you and I can use that as the basis of the documentation
13:15 <aaronpk> I'm giving javascript slightly more control over the geoloqi app too, so this is turning out to be a pretty nice platform for building html5 location apps
13:40 <plamb> let us know a time you and amber are free
14:27 <aaronpk> plamb: It's going to be hard to meet with amber, she's going to be out of the country most of next week
14:27 <aaronpk> but I'd be happy to meet with you
14:28 <aaronpk> I have tomorrow afternoon free, also possibly thursday
14:57 workshop joined #geoloqi
17:13 workshop joined #geoloqi
17:34 here joined #geoloqi
18:41 <Loqi> [[HTML5 Apps]] N
http://geoloqi.org/wiki/index.php?oldid=669&rcid=699 * Caseorganic * (+581) Created page with '===Overview=== You can build an entire application with HTML5 and hook it into the layer library in Geoloqi. You can show a webview in the layer and allow the user to share their…'
18:46 <plamb> what time tomorrow/thurs works?
18:52 <Loqi> [[PacMap]] N
http://geoloqi.org/wiki/index.php?oldid=674&rcid=704 * Caseorganic * (+645) Created page with '[[Image:pac-map-pdx-layer-in-geoloqi.png|320px|right]] ===Description=== PacMap is a real-time location game that's a layer in Geoloqi, allows users to join the game from an HTM…'
19:28 workshop joined #geoloqi
20:25 workshop joined #geoloqi
20:25 MarkDilley joined #geoloqi
