2011-03-29

00:06 <@tylergillies> Heading out! Track me on Geoloqi! http://loqi.me/tvwzjE3
06:32 caseorganic-m joined #geoloqi
07:34 <@geoloqi> @fekaylius We stored that in our system and we'll let you know when we've done it!
08:49 MarkDilley joined #geoloqi
08:50 workshop joined #geoloqi
08:56 MarkDilley joined #geoloqi
08:56 MarkDilley joined #geoloqi
08:59 workshop joined #geoloqi
09:10 workshop joined #geoloqi
09:38 <@geografa> Attacking headwinds. Track me on Geoloqi! http://loqi.me/q_CJTwq
09:38 <Loqi> 2 files modified in https://github.com/geoloqi/Geoloqi-API-PHP/commits/master by Aaron Parecki
09:47 <Loqi> 9 files modified in https://github.com/geoloqi/Geoloqi-iPhone/commits/master by Aaron Parecki
09:52 <@sundriedcoder> @aaronpk Do you guys also support xAuth on @geoloqi?
09:56 <@aaronpk> @sundriedcoder Hop in #geoloqi on irc.freenode.net if you'd like to chat a bit more about this.
10:02 KevinR joined #geoloqi
10:04 <aaronpk> hey there KevinR
10:04 <KevinR> hey aaron, thanks for offering to answer questions. Hope you and Amber are doing well :)
10:05 workshop joined #geoloqi
10:05 <aaronpk> no problem!
10:06 <aaronpk> so if you aren't familiar with OAuth 2, it's quite a bit simpler than 1
10:08 <KevinR> that's good to know, essentially we have an API primarily used by mobile devices (not web) and oAuth still seems to be the way to go
10:08 <aaronpk> facebook uses draft 10, and they have a pretty good intro page, tho it focuses on web clients http://developers.facebook.com/docs/authentication/
10:08 <KevinR> I've read up on xAuth which seems to be oAuth minus the web auth step?
10:09 <aaronpk> after the OAuth dance is complete, the client ends up with an access token to the user's account. How that access token is obtained can happen in a few ways, described in section 4 http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4
10:09 <KevinR> Step 1 appears to be requesting a "request token" what parameters do you require on this call? assuming this is probably documented on dev.geoloqi.com
10:09 <aaronpk> one way is the web authorization screen, another way is directly exchanging a username and password for a token
10:10 plamb joined #geoloqi
10:11 <KevinR> the direct exchanging of username/password for token is probably the way we want to go
10:11 <aaronpk> yep, that's what our mobile clients do
10:12 <aaronpk> basically a post request to your endpoint with the username and password
10:12 <KevinR> nice, that looks simple enough... I assume client_id/client_secret correspond to consumer_key/consumer_secret
10:12 <aaronpk> exactly
10:13 <aaronpk> note that it's these parameter names that sometimes change between draft revisions, so some things are named slightly different between draft 10 and draft 14
10:13 <KevinR> Twitter's version of oAuth requires a bunch of other stuff as well: i.e. oauth_nonce, signature method, timestamp, etc...
10:13 <aaronpk> that's oauth 1
10:14 <KevinR> ahhhh
10:14 <KevinR> hmmm
10:14 <aaronpk> oauth 1 involves signing requests with signatures and such, but oauth 2 dropped that in favor of all requests going over SSL, since SSL does a lot of that verification itself
10:14 <aaronpk> (assuming you actually validate the certificate)
10:15 <aaronpk> https is encrypted end-to-end, and if you validate the certificate then you can be sure there was no MITM attack
10:16 <KevinR> right... so let me summarize: POST username,password, client_id, and client_secret to authenticate operation and return a token
10:16 <aaronpk> if you don't have SSL, then you need to use signatures with shared secrets in order to verify the request wasn't tampered with en route
10:16 <KevinR> that simple?
10:16 <aaronpk> yep, that simple
10:16 <KevinR> we require SSL for all operations
10:16 <aaronpk> great
10:16 <aaronpk> so once you have an access token, there is one more step
10:16 <KevinR> are there any requirements on the generated tokens? number of bits? string? numbers?
10:17 <aaronpk> nope, that's implementation specific
10:17 <KevinR> cool. so what's the next step?
10:17 <aaronpk> we use the format userid-randomstring
10:17 <KevinR> ok
10:17 <KevinR> makes sense
10:17 <aaronpk> that helps when debugging things because you can see whcih user made the request easily
10:17 <aaronpk> also it would let you shard your access token database in the future
10:18 <KevinR> right, good thinking :)
10:18 <KevinR> so once you've auth'd the user and gotten a token back what else do you have to do?
10:18 <aaronpk> so once you have an access token, using it to access data in the API can be done a couple of ways. I like sending the token in the header, like this: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.1
10:19 <aaronpk> but you could also support sending it in the query string as in 5.1.2, which lets you do neat things like https://api.geoloqi.com/1/account/username?oauth_token=12345678
10:21 <KevinR> indeed, this seems ridiculously straightforward
10:21 <aaronpk> that's the idea!
10:21 <aaronpk> ok, so now that slightly less straightforward part
10:21 <aaronpk> the*
10:22 <KevinR> yeah?
10:22 <aaronpk> when you return an access token, it must be in this format: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.2
10:22 <aaronpk> note the optional "expires_in"
10:22 <aaronpk> if you want, you can set an expiration date on access tokens that you issue
10:23 <KevinR> looks like expires_in is optional. How long do Geoloqi tokens live?
10:23 <aaronpk> for your own trusted clients, it may not be important, but for authorizing third party web apps, it might be a good idea
10:23 <aaronpk> our api has the ability to set the expiration date per client
10:23 <KevinR> so then you must support the refresh_token?
10:24 <aaronpk> right. so when you return an expiration date, you also return a refresh token.
10:24 <aaronpk> after the access token expires, the client can use the refresh token to get a new access token
10:24 <aaronpk> grant_type=refresh_token&client_id=s6BhdRkqt3& client_secret=8eSEIpnqmM&refresh_token=n4E9O119d
10:25 <KevinR> this is the same operation as the one that authenticated the user just a different grant_type?
10:25 <aaronpk> exactly
10:25 <KevinR> nice
10:26 <KevinR> this makes sense
10:26 <KevinR> anything else to this?
10:27 <aaronpk> that's the basics, and that's all you'll need to get it working with your own mobile clients
10:27 <KevinR> you are awesome and I owe you beer and sushi :)
10:27 <Loqi> mmm beer
10:27 <KevinR> lol
10:27 <aaronpk> the other part is the "scope," but that is more applicable once you're authorizing third-party clients
10:28 <KevinR> this is good enough to get rolling thanks for the info man, much appreciated
10:28 <aaronpk> great! no problem!
11:30 <Loqi> 2 files modified in https://github.com/geoloqi/Geoloqi-iPhone/commits/master by Aaron Parecki
11:58 <aaronpk> wow, everyone is getting into this game
12:00 MarkDilley_ joined #geoloqi
12:01 <aaronpk> can't find it in the app store
12:01 <aaronpk> oh probably doesn't show up on the ipod touch
12:02 <plamb> lol
12:02 <plamb> yeah
12:03 <plamb> those guys are one of many competitors at getting into some of the incubators we've applied to
12:03 <plamb> i asked them how they'd say they differed from geoloqi
12:04 <aaronpk> ah cool
12:04 <aaronpk> looks like they've already done the battery optimizations we've been planning
12:04 <plamb> cell-tower triangulation?
12:05 <aaronpk> yea
12:05 <aaronpk> the iphone provides that mechanism
12:05 <aaronpk> it's just a question of doing something smart with it
12:05 <plamb> does that seem hard to do?
12:05 <plamb> and is it as exact as GPS?
12:05 <aaronpk> it's nowhere close
12:05 <aaronpk> it puts you on the right side of the river in portland but that's about it
12:05 <plamb> seems like if you're doing auto-checkins you want to be really exact
12:06 <aaronpk> yep, that's why it's not an easy problem to solve :)
12:06 <plamb> i havent tested the battery settings a lot yet on geoloqi
12:06 <plamb> does placing them at 'save the most battery side'
12:06 <plamb> actually help a lot?
12:07 <plamb> basically, is there any hope for having GPS not suck your battery life badly
12:07 <plamb> not sucking*
12:07 <aaronpk> well here's the thing, the biggest drain is actually communicating to the server, not necessarily running the gps
12:07 <aaronpk> which leaves a lot of room for optimization by caching data on the phone
12:08 <aaronpk> and that's something we haven't quite polished off yet, but we're working on it
12:08 <plamb> interesting
12:08 <plamb> i think a lot of apps will be running GPS-related stuff in the background in the near future
12:08 <plamb> very important stuff
12:08 <aaronpk> I agree
12:09 <plamb> creating a platform to allow apps to run GPS in the background that doesnt suck battery
12:09 <plamb> would be awesome
12:09 <plamb> i know we'd use it
12:09 <aaronpk> that's our goal
12:10 <aaronpk> the idea is to be able to send location-based messages to your users, right?
12:10 <plamb> that and also potentially doing auto-checkins as well
12:11 <plamb> because non-geeks rarely choose to check themselves in :)
12:12 <aaronpk> checking in to foursquare or to your own db?
12:12 <Loqi> 1 files modified in https://github.com/geoloqi/Geoloqi-iPhone/commits/master by Aaron Parecki
12:12 <plamb> for the stuff we'd want to build on top of check-ins
12:12 <plamb> it'd probably have to share with out DB
12:12 <plamb> our*
12:13 <plamb> this is why i've wanted to meet with you guys recently
12:13 <plamb> talk about that and getting a barbird layer in geoloqi
12:14 MarkDilley_ joined #geoloqi
12:14 <aaronpk> cool, that would be neat
12:14 <plamb> since we already have a ton of geo-coded data
12:54 <Loqi> 4 files modified in https://github.com/geoloqi/Geoloqi-iPhone/commits/master by Aaron Parecki
12:55 <aaronpk> layers in the app have the ability to embed a little web view so you can show custom content
12:55 <plamb> nice
12:56 <plamb> yeah we just need to understand from you guys what it takes to create a layer
13:03 <aaronpk> ok, we need to document all of that as well so it would be good to go through it with you and I can use that as the basis of the documentation
13:15 <aaronpk> I'm giving javascript slightly more control over the geoloqi app too, so this is turning out to be a pretty nice platform for building html5 location apps
13:24 <Loqi> 1 files modified in https://github.com/geoloqi/Geoloqi-iPhone/commits/master by Aaron Parecki
13:40 <plamb> yeah aaron
13:40 <plamb> let us know a time you and amber are free
14:19 <Loqi> 4 files modified in https://github.com/geoloqi/Geoloqi-API-PHP/commits/master by Aaron Parecki
14:20 <Loqi> 4 files modified, 4 new files in https://github.com/geoloqi/Geoloqi-Website-PHP/commits/master by Aaron Parecki
14:27 <aaronpk> plamb: It's going to be hard to meet with amber, she's going to be out of the country most of next week
14:27 <aaronpk> but I'd be happy to meet with you
14:28 <aaronpk> I have tomorrow afternoon free, also possibly thursday
14:57 workshop joined #geoloqi
17:13 workshop joined #geoloqi
17:34 here joined #geoloqi
18:41 <Loqi> [[HTML5 Apps]] N http://geoloqi.org/wiki/index.php?oldid=669&rcid=699 * Caseorganic * (+581) Created page with '===Overview=== You can build an entire application with HTML5 and hook it into the layer library in Geoloqi. You can show a webview in the layer and allow the user to share their…'
18:43 <Loqi> [[HTML5 Apps]] http://geoloqi.org/wiki/index.php?diff=670&oldid=669&rcid=700 * Caseorganic * (+96)
18:44 <Loqi> [[HTML5 Apps]] http://geoloqi.org/wiki/index.php?diff=671&oldid=670&rcid=701 * Caseorganic * (+322)
18:46 <plamb> aaron
18:46 <plamb> hmmm
18:46 <Loqi> [[Special:Log/upload]] upload * Caseorganic * uploaded "[[File:pac-map-pdx-leaderboard.jpg]]": Source: http://www.flickr.com/photos/caseorganic/5562110531/sizes/l/in/photostream/
18:46 <plamb> what time tomorrow/thurs works?
18:47 <Loqi> [[Special:Log/upload]] upload * Caseorganic * uploaded "[[File:pac-map-pdx-layer-in-geoloqi.png]]": Source: http://www.flickr.com/photos/caseorganic/5562110531/sizes/l/in/photostream/
18:52 <Loqi> [[PacMap]] N http://geoloqi.org/wiki/index.php?oldid=674&rcid=704 * Caseorganic * (+645) Created page with '[[Image:pac-map-pdx-layer-in-geoloqi.png|320px|right]] ===Description=== PacMap is a real-time location game that's a layer in Geoloqi, allows users to join the game from an HTM…'
19:28 workshop joined #geoloqi
20:25 workshop joined #geoloqi
20:25 MarkDilley joined #geoloqi