Hacker Newsnew | past | comments | ask | show | jobs | submit | emadda's commentslogin

PKCE protects the auth token from interception by making it so that only your code that started the flow can redeem it by proving they have the secret code_verifier on the redeem_token() call.

The code_challenge == sha256(code_verifier). You will share the code_challenge at the start of the flow.


I just watched this, it is very good.


Yes, that is true, I was assuming that any LLM code was going to be checked by the developer. Step 7 in the guide is "review your code and ensure the important logic commented in the example server is still present".

The LLM is only for converting the JS based example code into your language X and HTTP framework Y (instead of giving example code for every combination of X and Y).

The standard implementation is in a single file `http_server.ts`, which is around 200 lines of well commented code, with important logic commented (around 5 lines). The example code can be run locally with a few commands.

The repo also contains a sequence diagram [1], a description of the HTTP handlers needed [2], and a live demo [3] where you can see the request/responses.

Thanks for your feedback I have made this clearer in the readme.

- [1] https://github.com/emadda/passkeybot/tree/master?tab=readme-...

- [2] https://github.com/emadda/passkeybot/tree/master?tab=readme-...

- [3] https://demo.enzom.dev/


Related: I released a hosted sign in page for passkey auth today.

Take a look:

https://passkeybot.com


I built a macOS app that uses Ghostty and fzy to fuzzy search over Apple Note titles. It is working quite well for me.

https://github.com/emadda/hot-notes/


Yo this is brilliant.


Maybe JS directly?


Cloudflare D1 has this, although you are limited to using JS workers to read/write it.

https://developers.cloudflare.com/d1/best-practices/read-rep...


I built a macOS app [1] (to fuzzy search Apple Notes) using Ghostty as a base so that I could use its fast rendering for large lists.

I think there is space for an Electron-like framework but for standalone terminal apps. Looking forward to using Ghostty as a library.

[1]: https://enzom.dev/hot-notes/


I've been meaning to build something with this[1], maybe you'll use it before I get to it.

[1]: https://github.com/charmbracelet/bubbletea?tab=readme-ov-fil...


The local html file can read local resources via src=file_path attributes on html tags (img, audio, video, script etc).

But the src-included files must be in the same directory as the root html file (or a descendant directory)

I used this in my macOS app Pocket Log to output a local html audio log (https://enzom.dev).


Sadly it doesn't work for JS modules, only for legacy JS scripts.


> Instead you should focus on creating notes that you are likely to revisit or likely to share.

One interesting thing I have discovered: the interface matters just as much as the content.

The faster you can recall notes, the more useful you find them, which makes it more likely you will write more notes.

I also put answers in the titles of my notes which allows me to scan a list of previously solved issues. The combination of a vague yyyy-mm-dd.md title and just a file system UI makes recall harder.

I have a fuzzy search app for Apple Notes that has been working well for me:

https://github.com/emadda/hot-notes


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: