ipfs
nice, love IPFS
snippet
unless it makes a big difference for you, I’d rather just throw together OAuth2, so people can approve the account export/linking – hoping to get to this tomorrow sorry, was juggling some other stuff this week
re: ipfs, it’s our own IPFS gateway and will only serve content that we pin, so it should be safe.
re: oauth, sounds good. let me know when that’s up and running! soooo excited to get token communities meeting in gather!
OAuth turned out to be overkill so I just did the simple thing: a page you can direct people to that asks their permission then redirects them back to you with a gatherPlayerId url param. Full documentation here
By default this will marinate in our test environment for a week and then land on prod next Monday, but you can test with it already at this temporary example url. playerIds will be different on this domain than gather.town though, so if you’re trying to use this in production this week let me know and I can cherrypick it straight to prod (it’s not really a change that needs thorough stability testing, that’s just the default flow)
1 Like
Ok I got this working, thanks!
Just a heads up - even with the nonce parameter, this isn’t secure. Because you’re sending the user to the URL with the nonce parameter in the browser. A user could grab that nonce before the redirect happens, and then not follow the redirect to the gather auth page (the allow / deny account id access page), and then hit the final redirectTo url with the correct nonce and any userId they want.
This is fine for our use case for now but I suppose that’s one benefit to put on the “reasons to implement oauth in the future” list