WEBVTT 1 00:00:06.160 --> 00:00:11.080 Hey, welcome back to another episode of JavaScript Jabber. This week, on 2 00:00:11.080 --> 00:00:15.279 our panel, we have Steve Edwards Well from Very Cold and Wendy Portland, 3 00:00:15.679 --> 00:00:22.440 A j O'Neal yo yo yo, coming at your live from the year without 4 00:00:22.480 --> 00:00:29.559 Santa Claus. I'm Charles Maxwood from top Endev's Go check out JavaScript geniuses dot 5 00:00:29.559 --> 00:00:32.479 com. That's where I've got my latest stuff going on. We have a 6 00:00:32.479 --> 00:00:37.000 special guest this week and that is Jared Hanson. Now, Jared, I 7 00:00:37.119 --> 00:00:42.240 kind of got you down as the person behind or who created passport JS. 8 00:00:42.240 --> 00:00:46.679 But what else do you want people to know about you? Yeah? So 9 00:00:47.119 --> 00:00:53.320 I'm an engineer by background, been doing professional development product development for about twenty 10 00:00:53.399 --> 00:00:58.039 years now. Most of your listeners would know me from passport JS, which 11 00:00:58.079 --> 00:01:03.240 is very popular authentication framework in the no Jazz ecosystem. I currently work at 12 00:01:03.240 --> 00:01:08.400 Octa by Way zero and have been, you know, in addition to being 13 00:01:08.680 --> 00:01:15.000 part of the no Jass ecosystem, really involved in the identity industry and identity 14 00:01:15.040 --> 00:01:17.599 world. So I thinks like up an id connect a lot, et cetera, 15 00:01:18.319 --> 00:01:22.319 and who's spent the past fifteen or so years kind of focused focused in 16 00:01:22.319 --> 00:01:26.359 that area, which I really enjoyed we can get it. Yeah, very 17 00:01:26.400 --> 00:01:30.040 cool and yeah, as we kind of get rolling, I don't know if 18 00:01:30.040 --> 00:01:36.079 I want to assume that people know what passport JS is. I've talked to 19 00:01:36.239 --> 00:01:38.239 quite a number of people who use it, but you want to kind of 20 00:01:38.239 --> 00:01:41.959 give us the background as far as like what it is and what it does, 21 00:01:42.000 --> 00:01:45.480 what problems it solves, and who may want to use it. Yeah, 22 00:01:45.519 --> 00:01:49.680 absolutely so. Passport JAS is an authentication framework for no Jazz. So 23 00:01:49.760 --> 00:01:56.560 what that means is basically handles all areas of logging into your application, being 24 00:01:56.599 --> 00:02:01.560 a web application with the typical HTML user inter or if you're building API applications 25 00:02:01.599 --> 00:02:07.280 and need to do token based authentication. So it's primarily focused on express, 26 00:02:08.080 --> 00:02:12.439 although it doesn't get used with some of the other frameworks out there. Next 27 00:02:12.520 --> 00:02:15.759 js occasionally, which is very popular these days, and a few other frameworks. 28 00:02:16.240 --> 00:02:21.199 It's been around the ecosystem for for a long time now. I think 29 00:02:21.240 --> 00:02:24.120 my first commits on it were back in twenty eleven. Just to give some 30 00:02:24.240 --> 00:02:28.800 context for people, I think the node was on like zero dot two at 31 00:02:28.840 --> 00:02:34.319 the time, and now it's funny stuff then kind of forget so, you 32 00:02:34.360 --> 00:02:39.000 know, coming on with maybe not the most you know, most recent topic, 33 00:02:39.159 --> 00:02:45.759 but still always very relevant to to security. And yeah, like I 34 00:02:45.759 --> 00:02:50.159 said, primarily, it's a middleware for Express JS. So people familiar, 35 00:02:50.400 --> 00:02:53.840 you know, some of this stuff kind of like maybe gets forgotten the history 36 00:02:53.840 --> 00:02:58.240 a little bit, but anyone who's writing Express JS apps is very familiar with 37 00:02:58.240 --> 00:03:01.680 the middleware pattern. So authentication is just middleware that you stick in your application 38 00:03:02.319 --> 00:03:07.960 in order to authenticate a user. If they aren't authenticated, then then the 39 00:03:07.960 --> 00:03:12.560 middleware stops and the request is denied. Otherwise you're provided with the user and 40 00:03:12.560 --> 00:03:16.560 then you can write your business project to return you know, user specific cool. 41 00:03:16.759 --> 00:03:23.280 So just to get a little more clarity on this, and I'll admit 42 00:03:23.280 --> 00:03:27.439 I haven't done a whole lot with passport jass because I don't write express every 43 00:03:27.520 --> 00:03:34.039 day or you know, JavaScript really every day. But you said it's middleware. 44 00:03:34.120 --> 00:03:39.599 So if I want a login screen or uh myself, you just managed 45 00:03:39.639 --> 00:03:45.439 the the stuff com back and forward? How much of how much? So 46 00:03:45.439 --> 00:03:47.960 many of the pieces do I get? Yeah, So passport JS is really 47 00:03:49.039 --> 00:03:53.439 focused on just authenticating the request. It's meant to be like quite minimalistic, 48 00:03:53.520 --> 00:03:57.400 so it doesn't get involved in really any other areas of your of your application. 49 00:03:58.479 --> 00:04:02.120 So if you're in your login screens and your front end code, that 50 00:04:02.280 --> 00:04:06.800 is all entirely up to the application developer port so you're free to pick you 51 00:04:06.840 --> 00:04:11.759 know, your templated language or you know, react things like that, whatever, 52 00:04:11.879 --> 00:04:15.079 whatever your preference is on the front end and passport JS is just handling 53 00:04:15.560 --> 00:04:18.680 the back end components of those things. So if you're you know, just 54 00:04:19.160 --> 00:04:21.800 form posting your thing up in a log in form and it'll handle that. 55 00:04:23.839 --> 00:04:27.680 If you're doing APIs, then you know, your your client side is responsible 56 00:04:27.720 --> 00:04:31.920 for putting the tokens in the request and it'll those that and authenticate it that 57 00:04:31.959 --> 00:04:35.399 way. It's it's really, you know, like I said, designed to 58 00:04:35.399 --> 00:04:40.600 be minimal and unobtrusive, which is important to me in things I don't like 59 00:04:40.639 --> 00:04:43.959 frames that kind of really start to take over your application. So it's meant 60 00:04:44.000 --> 00:04:46.720 to just provide just that authentication bit and and leave the rest of the choices 61 00:04:46.759 --> 00:04:51.759 that aren't it shouldn't be authentication related up to the development. So let's say 62 00:04:51.759 --> 00:04:56.040 that I want to authenticate against Google, right, because you have all these 63 00:04:56.120 --> 00:04:59.959 authentication strategies, So I write my log in page, I put the Google 64 00:05:00.199 --> 00:05:02.560 icon on there, I click it, and then what else do I have 65 00:05:02.600 --> 00:05:06.519 to do to make it work? Yeah, so with Google, so if 66 00:05:06.519 --> 00:05:10.680 you go to passport, jass dot org, there's kind oftorials that walk you 67 00:05:10.720 --> 00:05:13.920 through these various things. So, okay, one of the challenges I'll get 68 00:05:13.959 --> 00:05:15.800 to your question in a minute, but just for some context here is like 69 00:05:15.800 --> 00:05:20.360 one of the challenges with authentication is really there's like so many ways to authenticate. 70 00:05:21.199 --> 00:05:26.399 And that's one of the things that passport really tried to address, which 71 00:05:26.480 --> 00:05:29.879 is like, we got all these disparateness to authenticate, how do we give 72 00:05:29.920 --> 00:05:33.720 sort of like a single consistent way to you know, drive that from from 73 00:05:33.759 --> 00:05:39.759 within code. That being said, there are slight differences across these things. 74 00:05:39.759 --> 00:05:42.600 So for instance, you know, one common way is just you know, 75 00:05:42.839 --> 00:05:46.560 use your name and passwords, submitt it feel a log form the developer has 76 00:05:46.600 --> 00:05:48.120 to do that. What you brought up is you know, logging in with 77 00:05:48.199 --> 00:05:53.680 Google for instance, to be an open ID connector or two, which has 78 00:05:53.680 --> 00:05:58.839 some kind of different semantics than just runing a loging form. In particular, 79 00:05:58.959 --> 00:06:00.680 there's you know, you got to re direct to Google and then handle a 80 00:06:00.680 --> 00:06:06.000 couple interactions there. So you do probably need to have like a bit of 81 00:06:06.199 --> 00:06:11.600 background on kind of like what the prerequisite parts up, particularly with respect to 82 00:06:11.639 --> 00:06:14.800 like your user interaction, because like I said, Passport is just a back 83 00:06:14.920 --> 00:06:18.600 end framework. So there's tutorials on the website that will walk through these common 84 00:06:18.839 --> 00:06:23.439 scenarios. So in the case of Google, essentially what you would do is, 85 00:06:23.759 --> 00:06:26.920 like you said, up the Google button on your page, a user 86 00:06:26.920 --> 00:06:30.680 clicks it, and that will you know, send a request back to your 87 00:06:30.720 --> 00:06:34.920 application, and you put the passport middlewhere there. The Passport then will start 88 00:06:34.920 --> 00:06:39.120 to take over the O off flow because that's that's really the thing you don't 89 00:06:39.120 --> 00:06:44.120 want to do as a developer. That's super complicated. So Passport will basically 90 00:06:44.319 --> 00:06:47.399 abstract all that way from you. So you just say passport dot authenticate Google, 91 00:06:48.639 --> 00:06:53.600 and then Passport will take care of redirecting the user to Google, at 92 00:06:53.600 --> 00:06:56.720 which point, like Google steps in and does the authentication, and then Google 93 00:06:56.800 --> 00:07:00.399 sends the user back to your application in this case what's known as a redirect 94 00:07:00.480 --> 00:07:04.800 your I or call back your I. And then here again you just put 95 00:07:04.800 --> 00:07:10.399 the passport middleware on that particular route in your express application, and then Passport 96 00:07:10.439 --> 00:07:15.120 will finalize the O off their open idconnect interaction and then just supply the user. 97 00:07:16.879 --> 00:07:23.360 So it's really it's really just basically kind of in a in a end 98 00:07:23.399 --> 00:07:25.959 wave, you sort of sense like two lines of code that you add as 99 00:07:26.079 --> 00:07:30.240 middleware at these two endpoints UH to handle the processing, and then a few 100 00:07:30.240 --> 00:07:33.639 more lines of code of just configuration to set up things like your client idea 101 00:07:33.680 --> 00:07:39.319 and secrets, credentials the Google issues you in order to use. That makes 102 00:07:39.360 --> 00:07:44.199 sense, I mean that I mostly do Ruby on rails, and you know 103 00:07:44.319 --> 00:07:47.959 Warden is kind of the yeah there, right, so yeah, and then 104 00:07:47.959 --> 00:07:51.040 there's devices built on top of it and that provides you with the views and 105 00:07:51.040 --> 00:07:55.839 things like that. But yeah, that makes a lot of sense. So 106 00:07:56.480 --> 00:08:00.319 h just to kind of restate some of this effectively, then I write the 107 00:08:00.399 --> 00:08:03.360 UI, I get the request. When I get the request into my application, 108 00:08:03.879 --> 00:08:09.439 I call into passport. Passport does all of the juggling of wherever the 109 00:08:09.480 --> 00:08:13.480 authentication is happening, whether it's on my app or whether it's somewhere else, 110 00:08:13.920 --> 00:08:16.959 and then I get the authentication token or whatever other you know, credentials come 111 00:08:18.040 --> 00:08:20.920 back, and then from there I marry that up to a user in my 112 00:08:22.040 --> 00:08:26.000 system, and then I can go and do whatever I need to with an 113 00:08:26.000 --> 00:08:31.319 authenticated user at that point, Yes, one hundred percent, absolutely cool. 114 00:08:31.600 --> 00:08:33.759 So what does it take to write something like this for me personally? Are 115 00:08:33.799 --> 00:08:39.240 people dropping it in their application for you? Yeah? So, So, 116 00:08:39.360 --> 00:08:41.919 like I alluded to at the beginning, I'm a big kind of like identity 117 00:08:43.600 --> 00:08:46.240 nerd. I love the topic, So I'll just give some context here. 118 00:08:46.320 --> 00:08:50.120 So, like I said, like Passport was started back in twenty eleven, 119 00:08:52.159 --> 00:08:54.960 and I had been doing you know, this was kind of like the early 120 00:08:56.000 --> 00:08:58.320 era of the like web web two point zero, So I got super fascinated 121 00:08:58.320 --> 00:09:01.840 by opening and oh and on you know, mashups and all that sort of 122 00:09:01.879 --> 00:09:09.840 stuff. And I at that time, I guess I was just sort of 123 00:09:09.879 --> 00:09:11.559 like I had been. I had moved to the Bay Area and been here 124 00:09:11.600 --> 00:09:16.600 for about like six years doing uh, doing a startup that was more kind 125 00:09:16.600 --> 00:09:22.120 of an enterprise focus, and I was kind of looking for something new and 126 00:09:22.200 --> 00:09:24.600 I wanted to get like more involved in open source development, maybe you know, 127 00:09:24.679 --> 00:09:28.559 get something out there that had a bit of recognition behind it. And 128 00:09:28.679 --> 00:09:31.960 so that is kind of what I was looking to do. And so like 129 00:09:33.080 --> 00:09:35.519 node was real early at the time, like I said, Zarah dot too, 130 00:09:37.600 --> 00:09:41.120 and in my background is more as a systems programmer, so C and 131 00:09:41.200 --> 00:09:45.039 C plus plus And when I took a look at NOE, I was like, 132 00:09:45.080 --> 00:09:48.120 oh, this is super interesting. You know. It's basically you're writing 133 00:09:48.399 --> 00:09:52.759 io heavy applications, server applications. It's got all this event group stuff in 134 00:09:52.799 --> 00:09:56.159 it with with equal and whatnot. And it was like I first took a 135 00:09:56.159 --> 00:10:01.080 look at Node, like the internals of Note, the C and C plus 136 00:10:01.120 --> 00:10:03.200 plus stuff that's that's going on internals, I was like, Oh, that's 137 00:10:03.200 --> 00:10:07.399 super interesting. This is like a lot of the code I'm writing. But 138 00:10:07.440 --> 00:10:09.279 then they put this JavaScript layer on top, which just made it a lot 139 00:10:09.320 --> 00:10:13.679 easier to do, you know, just your business logic. It's faster development 140 00:10:13.799 --> 00:10:20.200 and reasonably past performance. And so that's kind of what drew me to Node. 141 00:10:20.279 --> 00:10:22.960 And then as I was looking into Node and like looking for maybe like 142 00:10:24.039 --> 00:10:26.799 an open source project to take on, and also very interested in security and 143 00:10:26.840 --> 00:10:31.000 identity, I was like, well, what's out there for authentication in the 144 00:10:31.039 --> 00:10:33.440 note world, And I was familiar with things like like Mordan, a devise 145 00:10:33.519 --> 00:10:39.360 from Rails, and there wasn't really anything that existed at the time for Node. 146 00:10:39.360 --> 00:10:43.639 There was another project called every auth, which I took a look at, 147 00:10:43.679 --> 00:10:46.919 but wasn't necessarily super happy with. So I was like, oh, 148 00:10:46.919 --> 00:10:50.159 okay, like I'm gonna I'm gonna try my hand to make authentication framework for 149 00:10:50.240 --> 00:10:54.440 node and see what happens. And so really it was, right, yeah, 150 00:10:54.480 --> 00:10:58.840 how hard could it be? And you know, it was like you 151 00:10:58.879 --> 00:11:01.360 know, like any any develop you know, and like I was looking for 152 00:11:01.360 --> 00:11:05.440 a challenge and and something you know, hard but also fun. I guess 153 00:11:05.879 --> 00:11:11.159 pre promises. It was so much harder than it needed to be because I 154 00:11:11.200 --> 00:11:18.600 mean that triangle pyramid waterfall callback of doom thing, I mean that that that 155 00:11:18.720 --> 00:11:24.679 made I mean I back the days looked through the passport code. It was 156 00:11:24.799 --> 00:11:30.120 difficult to read because it's like callback call back back. I mean, everything 157 00:11:30.200 --> 00:11:33.080 was back then, not not anywaysing on it, but you know, especially 158 00:11:33.159 --> 00:11:39.159 because the off flow. Yeah, I was I was trying to fix an 159 00:11:39.159 --> 00:11:46.360 issue with cookies way back in the early days because the then most OFF implementations 160 00:11:46.399 --> 00:11:50.559 require third party cookies. But of course, you know in the modern age 161 00:11:50.600 --> 00:11:54.120 that wouldn't work, and I imagine that it's you know, that's that's been 162 00:11:54.200 --> 00:11:56.639 reworked since then. But yeah, it was like trying to trying to follow 163 00:11:56.679 --> 00:12:01.360 from this callback to that callback and then like an event system that was Those 164 00:12:01.360 --> 00:12:05.200 were tough days before promises. Those were really really tough days. Yeah, 165 00:12:05.240 --> 00:12:09.840 absolutely, I mean I think, like you know, that was what one 166 00:12:09.879 --> 00:12:11.480 of my trying to like experiences. At the time. I was also just 167 00:12:11.519 --> 00:12:15.399 learning job script. I wrote some of the stuff I had done a little 168 00:12:15.440 --> 00:12:20.759 bit, but nothing significant and and honestly, like I found jobs a little 169 00:12:20.799 --> 00:12:26.000 bit confused, honestly to that point. And so like I was learning that 170 00:12:26.080 --> 00:12:28.639 at the same time. And and that said, like all the callbacks, 171 00:12:28.679 --> 00:12:31.679 you know, any any sort of like a syncoprins io where it's an vent 172 00:12:31.879 --> 00:12:35.120 and can it can be hard to read because it's you know, as you 173 00:12:35.159 --> 00:12:37.519 know, like not linyar but more driven over time. I guess you haven't 174 00:12:37.559 --> 00:12:43.399 done d But so yeah, it was kind of one of the challenges Passport 175 00:12:43.480 --> 00:12:48.120 is like design and API that that can can take those challenges and make it 176 00:12:48.240 --> 00:12:50.879 somewhat tractable, you know, and I think I think it's done a decent 177 00:12:50.960 --> 00:12:54.360 job of it. You know, obviously there can always be imp events, 178 00:12:54.600 --> 00:12:58.159 but so yeah, that's that's what I set out to do, and like 179 00:12:58.279 --> 00:13:01.559 kind of my my premise was like that middle Wattern where it's just like passport 180 00:13:01.639 --> 00:13:05.799 down authenticate and then you know, using some strategies and like that. From 181 00:13:05.840 --> 00:13:07.720 a developer standpoint, like those are the kind of things that you just repeat 182 00:13:07.759 --> 00:13:11.159 over and over. It's just configure your strategies and then like throw the authentication 183 00:13:11.240 --> 00:13:16.919 and nowhere they're and reasonably. Then I think that that mess dedication, you 184 00:13:16.960 --> 00:13:20.320 know, tractable and easy, and I think most people used it to good 185 00:13:20.320 --> 00:13:26.159 effects. So that's kind of like the background there. And then you know, 186 00:13:26.399 --> 00:13:28.799 at the time, like I said, obviously Node was new, so 187 00:13:28.879 --> 00:13:33.159 I I published Passport, you know, the first the first initial versions of 188 00:13:33.200 --> 00:13:37.320 it, and spent a lot of time just like Twitter was also kind of 189 00:13:37.320 --> 00:13:39.320 new at the times, Like the times when tweeted about Node or off, 190 00:13:39.360 --> 00:13:43.440 you know, I'd replied to them against stack upper flow and just like a 191 00:13:43.440 --> 00:13:48.399 lot of community development and reaching out to people and telling them that the project 192 00:13:48.480 --> 00:13:50.799 exists, and did that for a while and then it sort of just kind 193 00:13:50.840 --> 00:13:54.039 of threw the legs and took off from there and now it gets i don't 194 00:13:54.080 --> 00:13:58.240 know, a couple couple of million plus demos and a month and PM or 195 00:13:58.279 --> 00:14:03.679 something like that. Yeah, just it's been interesting to watch an open source 196 00:14:03.720 --> 00:14:07.960 project kind of play out over a decade plus and see how it's evolved. 197 00:14:09.000 --> 00:14:11.120 So yeah, it's been a great experience. So one thing I want to 198 00:14:11.159 --> 00:14:16.000 call out that you mentioned, and this isn't specifically to passport, but I 199 00:14:16.240 --> 00:14:22.159 talked to a number of open source developers and they're like, like the package 200 00:14:22.159 --> 00:14:28.480 and the people who just love it, and I just can't seem to get 201 00:14:28.559 --> 00:14:33.000 people to find it. And it sounds you know, your strategy where you're 202 00:14:33.000 --> 00:14:35.399 talking about, Hey, I just went on Twitter and just replied to people 203 00:14:35.399 --> 00:14:41.799 who were talking about a joscript. That's strategy that I've seen, you know, 204 00:14:41.840 --> 00:14:43.919 in the podcast in this space as well. Right wherever somebody's talking about 205 00:14:43.960 --> 00:14:48.759 whatever topic you cover on your show or if you have an episode that's relevant 206 00:14:48.759 --> 00:14:52.559 to it, right you talk about it on Twitter or Facebook or wherever. 207 00:14:54.840 --> 00:15:01.039 So you have a specific method for doing that or no specific method other than 208 00:15:01.120 --> 00:15:03.600 just like reaching out and talk to people about it. You know, I 209 00:15:03.600 --> 00:15:07.360 think, like, you know, one of the great things about how easy 210 00:15:07.360 --> 00:15:11.519 it is to just like communiate with these days, and like everyone's connected online. 211 00:15:13.320 --> 00:15:15.600 So yeah, and also you know, like when you have a project 212 00:15:15.639 --> 00:15:18.559 like that, you're just super passionate. I don't want to talk about people 213 00:15:18.600 --> 00:15:22.320 anyway, right, So yeah, I just reach out to anyone who who 214 00:15:22.320 --> 00:15:26.039 seemed interested or you know, and like, especially when you're saying, hey, 215 00:15:26.279 --> 00:15:28.919 check out this project's free. Maybe your problem, you know, it's 216 00:15:28.960 --> 00:15:33.559 like you're really not asking them to do a whole life. Yeah, pretty 217 00:15:33.559 --> 00:15:41.360 pretty easy to to you know self. I guess yeah, yeah, No, 218 00:15:41.440 --> 00:15:43.600 I was going to say, like, the one other thing that I 219 00:15:43.600 --> 00:15:46.240 think I would for it's like for for people that are relying too kind of 220 00:15:46.399 --> 00:15:52.320 raizareness of the things that they're doing is what the documentation. You know. 221 00:15:52.639 --> 00:15:56.799 I think the other thing is, like you know, I do for any 222 00:15:56.799 --> 00:15:58.960 project that I wanted to promote. It just gives it a sort of like 223 00:16:00.120 --> 00:16:06.159 polished and professional, you know, appearance if you can have a website and 224 00:16:06.200 --> 00:16:08.639 read the documentation, because that's one of the things that I think people struggle 225 00:16:08.679 --> 00:16:11.480 with and adoption. You know, it's like a GitHub red Megle and he 226 00:16:11.559 --> 00:16:18.159 go so far, especially if it's a somewhat bigger or more substantial. Yeah, 227 00:16:18.159 --> 00:16:22.080 I think we've all run into that right where it's hey, this package 228 00:16:22.200 --> 00:16:26.960 or this library or this product says it's going to solve my problem, and 229 00:16:26.519 --> 00:16:30.720 you get in and you're trying to follow along in the documentation and you just 230 00:16:30.720 --> 00:16:36.159 can't figure out how to make all the pieces connect, right yep, and 231 00:16:36.240 --> 00:16:38.679 yeah it's down to their documentation. It's like, look, this isn't comprehensive 232 00:16:38.759 --> 00:16:42.360 enough for me to figure out how to get the gears to mash, so 233 00:16:42.440 --> 00:16:47.840 I'm out of luck. And yeah, a lot of times on that. 234 00:16:47.919 --> 00:16:52.559 I would love to hear everybody's perspective on this, But I think the the 235 00:16:52.639 --> 00:17:02.320 biggest issue with that is either a not recognizing that the developer is not at 236 00:17:02.360 --> 00:17:06.559 where you're at. So there's a lot of tools out there that people are 237 00:17:06.599 --> 00:17:10.759 asked to use that they're not necessarily a NO developer or Python developer whatever, 238 00:17:10.839 --> 00:17:14.759 and just having the you need to have installed node and you need to have 239 00:17:15.480 --> 00:17:19.480 you know, done some other thing, you know, create a run n 240 00:17:19.559 --> 00:17:23.000 PM and NIT or something like that. Like there's these there's like two or 241 00:17:23.000 --> 00:17:26.559 three steps that you have to do with every single project that people often omit 242 00:17:26.599 --> 00:17:30.160 from their read mes because it's like, well, duh, if you're one 243 00:17:30.200 --> 00:17:32.920 of these developers, you're going to know how to do that. But if 244 00:17:32.960 --> 00:17:36.880 you're coming to something where you're building a new project. And I would imagine 245 00:17:37.039 --> 00:17:41.359 that, particularly with Passport, you observe this is because people are not necessarily 246 00:17:41.440 --> 00:17:42.599 Node experts, are like, oh, what's the easiest way to get an 247 00:17:42.599 --> 00:17:45.759 app together with this type of oof? And they, you know, they 248 00:17:45.839 --> 00:17:52.920 end up on Passport. Or Number two would be that the examples are are 249 00:17:52.000 --> 00:17:57.200 either too concrete or too abstract, And by that I mean it's difficult to 250 00:17:57.240 --> 00:18:03.519 tell which values are variables and which values are part of the framework's options. 251 00:18:03.559 --> 00:18:07.079 So like, if everything's just foofoofoofoo foo, it can be difficult to tell, 252 00:18:07.160 --> 00:18:11.200 okay, which of these foods was supposed to be a r L And 253 00:18:11.240 --> 00:18:18.559 if everything is like exactly literal, then it's hard to tell, Okay, 254 00:18:18.000 --> 00:18:22.000 do I am I roping into? For example? I know that passport doesn't 255 00:18:22.039 --> 00:18:26.759 do this, but am I roping into passport dot com in order to run 256 00:18:27.400 --> 00:18:30.559 this thing? Or is passport dot com just an example? You're out, 257 00:18:32.960 --> 00:18:34.920 Well, let me let me play Devil's Advocate on you for one. AJA. 258 00:18:36.519 --> 00:18:44.720 Oh right, so you were talking about, you know, making assumptions 259 00:18:44.720 --> 00:18:48.559 about this developer able to do this or that. One of the frustrating things 260 00:18:48.559 --> 00:18:52.319 for me that I read when i'm and I'm looking for a lot of Larra 261 00:18:52.359 --> 00:18:55.799 bell, you know, help on different things. And I'll come across the 262 00:18:55.799 --> 00:19:00.160 Bond posts all the time, and I swear nine times out of ten and 263 00:19:00.440 --> 00:19:03.799 half of the blog post or three quarters of the blog post is just getting 264 00:19:03.799 --> 00:19:07.279 a later Velt project up and running. Oay, install this, do this, 265 00:19:07.319 --> 00:19:10.359 create this, And I'm like, good lord, just get to what 266 00:19:10.400 --> 00:19:14.839 the blog post is about. As if there's not a bazillion references elsewhere about 267 00:19:15.039 --> 00:19:18.200 excuse me, including the Lavo website about how to get a basic layer Velt 268 00:19:18.200 --> 00:19:23.039 project up and running. Don't pollute three quarters of a blog post unless you're 269 00:19:23.079 --> 00:19:26.400 just trying to make it look longer than it really is. You know, 270 00:19:26.480 --> 00:19:30.880 so you look better, but at some point gets you got But you've got 271 00:19:30.880 --> 00:19:34.039 to make some assumptions about some basic knowledge at some point. If you're a 272 00:19:34.079 --> 00:19:37.799 developer, you can't every blog post, every reading's not going to have, 273 00:19:37.240 --> 00:19:40.680 you know, one hundred steps on how to just get to the point where 274 00:19:40.680 --> 00:19:42.440 you're ready to use this. And there's i mean, the internet's a big 275 00:19:42.440 --> 00:19:47.599 place. There's lots of tutorials on getting basic stuff up and running, and 276 00:19:47.640 --> 00:19:52.279 so as a user, if i'm you know, searching Oh, here's a 277 00:19:52.319 --> 00:19:55.279 blog post that the title says, I'm going to talk about this, and 278 00:19:55.640 --> 00:19:57.640 it takes you three quarters of the way through just to get to what they're 279 00:19:57.680 --> 00:20:00.559 talking about. And that's a tiny part of the blog post. Now I'll 280 00:20:00.599 --> 00:20:07.680 kick me off and I'll go away faster than anything else. I agree on 281 00:20:07.799 --> 00:20:11.480 that, But what I'm saying, no, I'm just saying that like a 282 00:20:11.519 --> 00:20:15.559 couple of either a couple of bullet points or like here's the two lines you 283 00:20:15.640 --> 00:20:19.119 copy and paste. Yes, if it's if it's like one hundred steps to 284 00:20:19.160 --> 00:20:23.720 create a Larabel project, then yeah, the link to it, right. 285 00:20:25.519 --> 00:20:29.720 Yeah. One one thing I want to add to that is just in Steve's 286 00:20:29.759 --> 00:20:33.680 example, the thing that always trips me up is it's here's the here's the 287 00:20:33.720 --> 00:20:37.440 three quarters of the thing that's boiler plate. But halfway through that three quarters 288 00:20:37.799 --> 00:20:41.880 is a critical step. Oh yeah, right, because I'll skim it and 289 00:20:41.960 --> 00:20:45.920 I'll go, okay, I know all this stuff, and then it's why 290 00:20:45.960 --> 00:20:48.759 isn't this working? Right? And so yeah, having the it's hey, 291 00:20:48.759 --> 00:20:52.119 look you need to take this step if you have an existing project, because 292 00:20:52.119 --> 00:20:56.160 you probably have an existing project, Jared, I kind of want to come 293 00:20:56.200 --> 00:21:00.599 back to the idea though, So it was documentation. I mean, obviously 294 00:21:00.640 --> 00:21:03.079 it was the right problem people needed to solve, but it was the documentation 295 00:21:03.160 --> 00:21:10.039 and the interaction that grew the project, right Yeah, well yeah, I 296 00:21:10.079 --> 00:21:12.480 would say, like certainly over the course of time. So I think one 297 00:21:12.519 --> 00:21:17.200 of my learnings here is just like you know, kind of maintaining an open 298 00:21:17.200 --> 00:21:19.720 source project for over ten years, you start to see like more more cycles 299 00:21:19.720 --> 00:21:22.680 come through. So like I want to talk about this documentation a little bit. 300 00:21:22.720 --> 00:21:26.759 It's relevant to what you guys are all saying. So like in the 301 00:21:26.799 --> 00:21:30.960 early days, you know, I set up the Passport website and some documentation, 302 00:21:30.559 --> 00:21:36.000 and and the documentation was really fully a little bit more conceptual in nature, 303 00:21:36.839 --> 00:21:38.880 which which was fine at those days. So think about like again, 304 00:21:38.960 --> 00:21:41.599 like Node back in zero dot two, zero dot four, you know, 305 00:21:41.640 --> 00:21:45.640 the three one zero days, like Node itself was attracting sort of a different 306 00:21:45.720 --> 00:21:51.279 audience and developer you had like very like leading edge developers who are willing to 307 00:21:51.279 --> 00:21:53.240 get in the bleeding edge and reading a lot of code. Like when I 308 00:21:53.240 --> 00:21:56.519 was writing Passport, I was reading a lot of code of other other libraries 309 00:21:56.559 --> 00:22:00.839 at the time just to understand the And I think that was that that was 310 00:22:00.880 --> 00:22:04.440 common. Like a lot of the people that started using passport, even though 311 00:22:04.440 --> 00:22:08.160 it made it relatively easy, I think they were you know, the type 312 00:22:08.160 --> 00:22:11.119 of developer that was willing to get and read the code and the internals. 313 00:22:11.160 --> 00:22:15.119 Like like you were saying, ah, whether whether they understood it all or 314 00:22:15.480 --> 00:22:18.759 not, you know that you had people digging into it, and so like 315 00:22:18.799 --> 00:22:22.440 the documentation was a little bit more geared towards them. But like as you 316 00:22:22.440 --> 00:22:25.880 think about this at the scales, just in like number of adopters and like 317 00:22:25.960 --> 00:22:30.160 over time, you start like note has attracted different different developers over time. 318 00:22:30.200 --> 00:22:32.960 Now it's much more of an established thing, you know, like it's not 319 00:22:33.119 --> 00:22:36.640 leading edge anymore. People people adopt it because they know that they can write 320 00:22:36.599 --> 00:22:40.319 stable applications in it, and you have developers that just kind of you know, 321 00:22:40.599 --> 00:22:42.359 maybe aren't going to read the code of the libraries that they pull in 322 00:22:42.400 --> 00:22:48.079 as dependencies and just want the documentation to be there. So I've involved the 323 00:22:48.079 --> 00:22:52.400 website over time a lot as well to like add documentation, which is which 324 00:22:52.440 --> 00:22:57.000 has really helped a lot. So one of the frameworks that that I used 325 00:22:57.200 --> 00:23:00.640 was have you guys come across diete, I'm not quite sure how you say 326 00:23:00.640 --> 00:23:04.960 it's like a documentation framework. That's interesting. I'll send you guys a link 327 00:23:06.319 --> 00:23:10.200 and we can put in the notes or whatever. But it's really talking about, 328 00:23:10.240 --> 00:23:14.160 like think about the challenges that you face as a developer. There's different 329 00:23:14.200 --> 00:23:18.640 challenges that you face in terms of like you might be coming into something very 330 00:23:18.680 --> 00:23:21.960 new where you want just that step by step tutorial. So like on the 331 00:23:21.960 --> 00:23:25.319 Passport website, I have step by step tutorials for people who might not have 332 00:23:25.359 --> 00:23:27.839 ever used Node or Passport. So it like it assumes some knowledge, like 333 00:23:27.839 --> 00:23:30.839 you have note up and running, but you can follow just step by step. 334 00:23:30.880 --> 00:23:33.799 This is what you do to get off in your thing. This is 335 00:23:33.799 --> 00:23:37.960 what you do like on an HTML page to add the log in form. 336 00:23:37.079 --> 00:23:41.359 This is the type of route that you will add to your express app. 337 00:23:41.359 --> 00:23:44.480 And it's just you follow it step by step. You don't have to have 338 00:23:44.519 --> 00:23:47.640 any knowledge, and then at the end of it you have a working sample 339 00:23:47.680 --> 00:23:52.839 application. There's also just more reference style documentation where it's like, hey, 340 00:23:52.880 --> 00:23:56.119 I just want to know like the APIs and that sort of stuff options. 341 00:23:56.160 --> 00:23:57.400 I just want to know what's there. I don't want to like follow it 342 00:23:57.400 --> 00:24:02.359 tutorial and then there's like conceptual documentation, which is like, Okay, I 343 00:24:02.480 --> 00:24:03.799 might have this thing running in my app, but now I need to know 344 00:24:03.880 --> 00:24:07.599 like what's actually doing, Like what is this o OP thing behind the scenes, 345 00:24:07.640 --> 00:24:10.920 which I, you know, didn't have to know from the touch oreial, 346 00:24:10.960 --> 00:24:12.680 but maybe I want to know it now that I'm you know, more 347 00:24:12.720 --> 00:24:17.119 experienced with my application and taking the production, I want to know what problems 348 00:24:17.160 --> 00:24:21.720 I might face. So like, different developers at different stages have different needs, 349 00:24:21.759 --> 00:24:26.000 so like writing documentation to those needs is really important, and I saw 350 00:24:26.039 --> 00:24:30.240 that like one of the kind of motivating factors for me to add some of 351 00:24:30.279 --> 00:24:33.240 that documentation to the website was just like the sheer number of GitHub issues being 352 00:24:33.279 --> 00:24:37.079 filed of like you know things like you said, is like okay, like 353 00:24:37.119 --> 00:24:38.480 I just holded this library and like trying to put in my app, it's 354 00:24:38.519 --> 00:24:41.400 just not working. I don't know how to fit all the pieces of right, 355 00:24:42.279 --> 00:24:47.759 which is maybe not something I obviously would have like seen being the developer 356 00:24:47.759 --> 00:24:49.200 of it. I'm of course, like too familiar with the details, so 357 00:24:49.519 --> 00:24:52.240 I don't necessarily think about those problems all the time. But then you start 358 00:24:52.240 --> 00:24:56.960 to see the influx of issues of people having them, and so like taking 359 00:24:56.960 --> 00:25:00.720 a step back and writing documentation that just kind of assumes very little knowledge about 360 00:25:00.759 --> 00:25:04.920 the system has like greatly reduced my own how of support load. It just 361 00:25:04.960 --> 00:25:08.400 like cut those issues down because now there's just a tutorial to point too if 362 00:25:08.400 --> 00:25:11.359 someone has a question or you know, the questions off to go away because 363 00:25:11.400 --> 00:25:15.240 they find the tutorial in their own So it's just kind of a way to 364 00:25:15.279 --> 00:25:19.200 scale I guess my time or a maintainer's yeah, yeah, makes sense. 365 00:25:19.519 --> 00:25:27.200 I kind of want to take us back working on passport JS and onto authentication. 366 00:25:27.960 --> 00:25:30.839 So let's talk a little bit about authentication here for a minute too. 367 00:25:32.119 --> 00:25:36.279 You get this basic functionality up where you know, maybe it does oh off 368 00:25:36.480 --> 00:25:41.160 or open ID or something, and you know you can you can maybe bring 369 00:25:41.200 --> 00:25:45.640 some other strategies. When when did the new strategies come in? Was that 370 00:25:45.680 --> 00:25:48.240 something that was there from the get go or was that something that ye, 371 00:25:48.759 --> 00:25:53.079 yeah, the strategies were there from from the get go. So I think 372 00:25:53.799 --> 00:26:00.000 like if I if I remember the evolution of this basically like the first stround 373 00:26:00.319 --> 00:26:04.160 where your typical like user name and password and then oh off and open ID, 374 00:26:04.279 --> 00:26:07.640 and I think it was like oh off one and open id like two 375 00:26:07.680 --> 00:26:10.640 point zero at the time, sort of like you know, technologies that have 376 00:26:10.720 --> 00:26:15.440 sort of baited over time. But yeah, the strategies were always central to 377 00:26:15.519 --> 00:26:18.200 the framework because like author is so disparate and I wanted a way to unify 378 00:26:18.240 --> 00:26:23.720 those things. I think the O off ones came like most of the initial 379 00:26:23.720 --> 00:26:29.440 passport was done, like development was done within like a month or so, 380 00:26:29.440 --> 00:26:30.839 so like I think it was like it took two weeks to write like the 381 00:26:32.200 --> 00:26:36.960 framework and the first log in, like the use name and password strategy, 382 00:26:37.079 --> 00:26:41.680 and then and then I think I added some like basic off and like you 383 00:26:41.680 --> 00:26:45.200 know, the API style authentication, and then I added oh stuff, you 384 00:26:45.200 --> 00:26:48.119 know, all all within the span of about a month, I think. 385 00:26:48.400 --> 00:26:52.160 But like the OFF piece, like once that was working, I knew the 386 00:26:52.200 --> 00:26:56.319 framework sort of had what it needed to handle the all the use cases because 387 00:26:56.400 --> 00:26:59.960 that's like you know, that's a broad range of different functionality that you need 388 00:27:00.039 --> 00:27:03.640 and like accomplish hat and it all sort of fit within this nice like strategy 389 00:27:03.640 --> 00:27:07.039 pattern in the middleware pattern and that was pretty satisfied. Yeah. Yeah, 390 00:27:07.039 --> 00:27:11.839 I think I think the larger question I'm trying to ask because that kind of 391 00:27:11.839 --> 00:27:14.599 sets up you know, Okay, this is where this is where we started, 392 00:27:14.599 --> 00:27:17.640 and this is kind of how things evolved as far as strategies went. 393 00:27:17.720 --> 00:27:22.839 But like, how has the problem set for authentication changed over the last ten 394 00:27:22.920 --> 00:27:27.559 years that you've been working on this, right? Yeah, so good, 395 00:27:27.599 --> 00:27:33.960 good question. I think authentication is one of those topics is like constantly changing 396 00:27:33.000 --> 00:27:36.720 and it seems like, you know, always something new new to learn. 397 00:27:37.000 --> 00:27:42.119 H Like, I would say, like one of the biggest changes has been 398 00:27:42.240 --> 00:27:49.319 like just the like single page applications and MOREK front and focused stuff and so 399 00:27:51.039 --> 00:27:55.440 like, and I'm not even sure like how to explain this stuff succinctly necessarily 400 00:27:55.480 --> 00:28:00.119 because it's still still quite complicated. But you've just got so many different styles 401 00:28:00.160 --> 00:28:04.960 of application development, even within the scope of like web applications. Right, 402 00:28:06.000 --> 00:28:11.880 So you've got your typical like traditional back end web applications where it's all HTML 403 00:28:11.960 --> 00:28:17.480 user interfaces and like login forms and session management. Right, You've got like 404 00:28:17.599 --> 00:28:21.119 newer API style stuff where you just might be writ and just chase on APIs 405 00:28:21.119 --> 00:28:23.720 and you don't care about any front end stuff. And then you've got you 406 00:28:23.759 --> 00:28:30.519 know, single page applications and mobile applications accessing those APIs where like the logging 407 00:28:30.680 --> 00:28:33.079 is done completely on the front end, somewhat disconnected from the back end, 408 00:28:33.079 --> 00:28:38.519 and you get like token based authentication, And there's a lot of similarities between 409 00:28:38.519 --> 00:28:41.440 those things, but also a lot of like key differences just in terms of 410 00:28:41.480 --> 00:28:45.519 like architectural stuff that you have to understand. And I would say, like 411 00:28:45.799 --> 00:28:51.599 that to me, has been the biggest change is that these sort of like 412 00:28:52.119 --> 00:28:56.720 single page applications and mobile applications are like you know, far more popular and 413 00:28:56.759 --> 00:29:03.720 predominant today than traditional web application and sort of like understanding those differences has been 414 00:29:04.000 --> 00:29:08.039 the biggest challenge, uh, looking forward a little bit more, and this 415 00:29:08.119 --> 00:29:11.319 is this is stuff I'm excited about. But you have things like web then 416 00:29:11.440 --> 00:29:17.519 happening now and and there's some kind of newer work that's out there to do, 417 00:29:18.240 --> 00:29:21.440 uh to make sessions a little bit more secure. So we can talk 418 00:29:21.440 --> 00:29:25.960 about that if you want, but more things like token binding so that things 419 00:29:26.000 --> 00:29:30.680 are actually tied to the device and not just bear tokens. These are the 420 00:29:30.759 --> 00:29:36.119 areas that authentication is is pushing into. That are that are pot topics and 421 00:29:36.200 --> 00:29:44.680 challenges today. So I'm I'm very interested in where web often is going. 422 00:29:44.759 --> 00:29:51.160 My understanding is that is the rebrand of Fido, so like, and this 423 00:29:51.200 --> 00:29:56.160 stuff is changing like super fast now. For a long time that these things 424 00:29:56.160 --> 00:30:00.400 were kind of stagnant. But now Windows Hello is in a it, mac 425 00:30:00.480 --> 00:30:04.240 Os is integrating it, and then the browsers are also integrating it, which 426 00:30:04.240 --> 00:30:08.799 sometimes starts to get confusing because there's like multiple layers of web off in. 427 00:30:11.000 --> 00:30:15.200 Yes, yeah, so like what what what have you seen in weboth in 428 00:30:15.279 --> 00:30:18.599 And where is it headed? Is it actually? I mean it's it seems 429 00:30:18.640 --> 00:30:23.599 like it's gotten to the point where all I have to do is is just 430 00:30:23.759 --> 00:30:29.960 hit okay because of the operating system integration. And at that point I'm thinking, 431 00:30:30.000 --> 00:30:32.839 okay, is this actually more secure? Did we just get rid of 432 00:30:32.880 --> 00:30:36.680 the whole thing, the security? Yeah? Yeah, no, no, 433 00:30:36.880 --> 00:30:40.240 No, It's fascinating. I mean it does feel like magic at times, 434 00:30:40.319 --> 00:30:42.400 especially with the stuff that you're talking about, like with Window slo and you 435 00:30:42.440 --> 00:30:47.559 know like touch I D and face id on on math now. So yeah, 436 00:30:48.440 --> 00:30:52.039 it's nice that it feels like magic because if I don't want to fight 437 00:30:52.079 --> 00:30:56.839 it, right, I can just reach for something like passport and not have 438 00:30:56.920 --> 00:30:59.759 to worry about it until I have to worry about it. Yeah, for 439 00:30:59.799 --> 00:31:02.519 sure. And I think the other thing, like, yeah, when I 440 00:31:02.559 --> 00:31:04.720 say magic, I don't mean that in any sort of like derogatory sense. 441 00:31:04.720 --> 00:31:11.160 I think like web then and technologies like that are both more secure and easier 442 00:31:11.200 --> 00:31:14.640 to use, which is like a very rare thing to happen in the security 443 00:31:14.720 --> 00:31:18.279 environment usually, like making something more secure makes it harder to use. It 444 00:31:18.440 --> 00:31:25.079 was less secure because there's more knows where people go around. The hoop I 445 00:31:25.119 --> 00:31:27.480 have to jump through is on fire, yeah for sure, for sure. 446 00:31:27.559 --> 00:31:32.720 So yeah, so I think like some context here, you said like web 447 00:31:32.960 --> 00:31:37.839 then is coming with the rebrand of Fido, which is more or less true. 448 00:31:37.119 --> 00:31:41.039 Fido is actually like the organization that started doing the protocols for like how 449 00:31:41.119 --> 00:31:44.759 you talk to the hardware, so that ubiky that you held up, like 450 00:31:44.799 --> 00:31:48.119 the USC protocols, how all that hardware to hardware stuff happens at a low 451 00:31:48.240 --> 00:31:52.400 level, and they did some initial like job script work, but they took 452 00:31:52.400 --> 00:31:56.640 their job script work to the W three C and that's where web oftn happens. 453 00:31:56.640 --> 00:32:00.359 So it's kind of like web of then and Fido are married together in 454 00:32:00.359 --> 00:32:05.400 some sense. But some of the early work there on Fido is like all 455 00:32:05.440 --> 00:32:09.119 based on like hardware security tope right. So it's like you got your Fio 456 00:32:09.200 --> 00:32:14.160 device that you plug in or you might be built into your computer, and 457 00:32:14.200 --> 00:32:19.400 it makes it super secure and fishion resistant. But one of the one of 458 00:32:19.440 --> 00:32:22.920 the sort of things that happens as an implication of that when you have hardware 459 00:32:22.079 --> 00:32:25.319 based devices for login, is like what happens if you lose that device? 460 00:32:25.559 --> 00:32:30.279 Right? So if I've got my Fido key and my laptop and I've got 461 00:32:30.319 --> 00:32:32.480 both of those registered, but like the final keys plugged in the laptop and 462 00:32:32.799 --> 00:32:37.240 my laptop gets stolen or lost or whatever I have, I have no hardware 463 00:32:37.279 --> 00:32:39.519 devices left, right, So how do I get into my account? And 464 00:32:39.559 --> 00:32:45.160 that's not necessarily in the strictest sense, like an authentication problem, but because 465 00:32:45.200 --> 00:32:49.240 authentication is such a cross cutting concern, you get into these other issues pretty 466 00:32:49.319 --> 00:32:52.880 quickly, you know, maybe without you even realizing, you know. So 467 00:32:52.920 --> 00:32:54.200 think about a developer. They might just say, oh, like Fino is 468 00:32:54.240 --> 00:32:58.880 the latest thing is a secure implement that. Now you've got a customer that 469 00:32:58.920 --> 00:33:00.640 calls you off on the phone, like I can't log in anymore because I've 470 00:33:00.680 --> 00:33:05.440 only had Fido credentials, Like what do I do? Right? And so 471 00:33:05.960 --> 00:33:08.680 never seen that in the wild though that's like, well, that's like the 472 00:33:08.720 --> 00:33:14.200 crypto nerds dream. But it's like yeah, yeah, so I know, 473 00:33:14.400 --> 00:33:20.319 is never well except except now that the iCloud I was it iCloud keychain. 474 00:33:20.680 --> 00:33:24.079 iCloud keychain is now integrated. Actually, I take it back, Since iCloud 475 00:33:24.160 --> 00:33:28.720 keychain has been integrated, I think that a few providers have actually been adding 476 00:33:28.759 --> 00:33:31.640 it as the first method. But then you're away from the hardware. It's 477 00:33:31.759 --> 00:33:37.200 virtualizing the hardware through the software in the cloud. Yeah, one hundred percent. 478 00:33:37.240 --> 00:33:38.240 So that's that's kind of where I was going with that, right, 479 00:33:38.319 --> 00:33:42.799 So it's like, you have this recovery problem statement, so like how do 480 00:33:42.839 --> 00:33:45.359 you solve that recovery problem statement? And like Apple kind of really led the 481 00:33:45.440 --> 00:33:50.039 charge here as you as you noted with iCloud, where they basically said, 482 00:33:50.079 --> 00:33:53.519 okay, look well we'll basically make these Fido style keys, these web than 483 00:33:53.599 --> 00:33:57.599 keys, but we will sink them on iCloud, so they sink across the 484 00:33:57.640 --> 00:34:00.400 devices. So if you register it on your phone, it'll sink to your 485 00:34:00.480 --> 00:34:04.480 laptop, and as long as you can like log into your iCloud account, 486 00:34:04.559 --> 00:34:07.639 you can get a new device and it'll it'll sink there. So there's there's 487 00:34:07.679 --> 00:34:10.559 obviously some wrinkles here, and we can like poke at it, of course, 488 00:34:12.519 --> 00:34:16.800 but it does sort of nicely solve the recovery problem if you're willing to 489 00:34:16.880 --> 00:34:22.119 accept that, like iCloud as a sufficient recovery for you, right, and 490 00:34:22.239 --> 00:34:25.039 like that begs its own questions, but like you know, more than likely 491 00:34:25.079 --> 00:34:29.800 someone's going to remember their iCloud password so that they can set up a new 492 00:34:29.840 --> 00:34:34.880 device, whereas they might not remember like the random recovery password for you know, 493 00:34:34.960 --> 00:34:38.079 the site that they don't use to for you. So yeah, like 494 00:34:38.119 --> 00:34:40.760 I said, trade offs there, but like that was sort of the turning 495 00:34:40.800 --> 00:34:45.199 point with with web off ends. Once they introduce these what they call pass 496 00:34:45.239 --> 00:34:49.519 keys now, which are these thinkable credentials to go across device now, it 497 00:34:49.679 --> 00:34:52.760 kind of opens up the room for adoption and to make that magical experience where 498 00:34:52.960 --> 00:34:58.280 not only is the authentication easy, but like the recovery and the sort of 499 00:34:59.280 --> 00:35:04.199 you know, you're just scenarios are also trying to It feels like we've come 500 00:35:04.320 --> 00:35:09.039 full circle back to O off though, because now it's it's like iCloud is 501 00:35:09.119 --> 00:35:14.400 the new O OFF. If you're using iCloud or Windows Hello is the new 502 00:35:14.440 --> 00:35:20.039 o off. So now rather than registering through Facebook, which I think Facebook 503 00:35:20.480 --> 00:35:22.880 I could be wrong. I think they're in massive decline. So I think 504 00:35:23.079 --> 00:35:27.440 most sites are either Apple Login or Google log in right now. And then 505 00:35:27.480 --> 00:35:30.360 if you're on a business tool like an Outlook or whatever, it's got the 506 00:35:30.400 --> 00:35:37.559 Microsoft log But it seems like the social login is being replaced with an operating 507 00:35:37.599 --> 00:35:40.920 system login that you know, once you you know, squint right and erase 508 00:35:42.000 --> 00:35:45.119 some of the magic, it's just oh off again. Yeah, yeah, 509 00:35:45.159 --> 00:35:47.239 I definitely see where you're coming from there. Like, that's a topic we 510 00:35:47.239 --> 00:35:51.320 could go in for a long time. I think it'll be interesting to see 511 00:35:51.320 --> 00:35:55.360 how this trend plays out. Like it's from a user's sort of experience, 512 00:35:55.400 --> 00:35:59.119 it's very much the same. It's like, okay, like I either see 513 00:35:59.159 --> 00:36:01.280 like a for Google button and I click it and do the OT dance, 514 00:36:01.360 --> 00:36:04.960 or I see like a log in with passy button and I click that and 515 00:36:04.960 --> 00:36:07.599 then do the do the passy prompt thing. So it's very much just kind 516 00:36:07.599 --> 00:36:12.239 of a one click log in from a from a user's experience, there's a 517 00:36:12.280 --> 00:36:15.480 couple of technical differences underneath the hood that I think are super important to point 518 00:36:15.559 --> 00:36:21.480 out. One like with o author's there's a lot of privacy concerns in the 519 00:36:21.519 --> 00:36:24.599 sense that like the provider you use for for oh off sees a lot of 520 00:36:24.639 --> 00:36:29.800 your activity, all the sites that you log into, et cetera. Which 521 00:36:29.920 --> 00:36:32.000 you know, I'm not going to say good, good batter indifferent there, 522 00:36:32.000 --> 00:36:37.480 but like it's something that you have to be aware of with with webf in, 523 00:36:37.159 --> 00:36:42.960 even though your you know, your credentials might all be synced through iclouds 524 00:36:43.039 --> 00:36:45.880 or you're sort of a reliant on Apple that's your provider of choice. Apple 525 00:36:45.920 --> 00:36:50.679 doesn't see all that activity. Like if I log in with webf in and 526 00:36:50.760 --> 00:36:53.280 use use my iPhone to do it on every site, I can log into 527 00:36:53.280 --> 00:36:57.440 every site on the Internet with that, and Apple doesn't know that I have 528 00:36:57.559 --> 00:37:00.079 done that. So there's a lot of big privacy wins there is that true? 529 00:37:00.800 --> 00:37:06.280 Yeah, Yeah, that's definitely definitely true. How Apple also wrote the 530 00:37:06.519 --> 00:37:09.320 OS, so if they are spying on it, there are other ways they 531 00:37:09.320 --> 00:37:15.559 could do it already. Yeah, that's that's my question is because if you 532 00:37:15.679 --> 00:37:22.360 control the whole chain of software saying that it's into end encrypted, we don't 533 00:37:22.400 --> 00:37:25.559 look pinky promise, Like, yeah, I don't know if I trust that 534 00:37:27.480 --> 00:37:29.760 sure, Like obviously, if we're looking full stack, you know, Apple 535 00:37:29.760 --> 00:37:31.159 writes the browser et cetera, et cetera, like Yogile does that too. 536 00:37:31.159 --> 00:37:36.440 So there's there's lots of insertion points by which they can like like monitor things. 537 00:37:37.000 --> 00:37:39.800 I'm strictly speaking from the authentication sense, yeah, right, like in 538 00:37:39.880 --> 00:37:44.360 the in the middle. Yeah, in the world, Like you have them 539 00:37:44.360 --> 00:37:46.599 in the middle, and they can see your activity by virtual of just that 540 00:37:46.760 --> 00:37:52.519 single like protocol O off here, Like that layer alone gives them that activity. 541 00:37:52.920 --> 00:37:57.199 Now Web often eliminates that, and we can talk about how if you're 542 00:37:57.239 --> 00:38:00.400 interested. Of course, there's other layers in the whole stack to make work 543 00:38:00.440 --> 00:38:04.760 which like things could be happening, but at least at the authentication layer there's 544 00:38:04.800 --> 00:38:08.599 more privacy guarantees. O. The other trend I think that's like interesting to 545 00:38:08.599 --> 00:38:14.480 watch here is just like how that interaction model evolves, Like as these things 546 00:38:14.559 --> 00:38:19.079 change, is like there's a lot more development like wallet style interactions and things 547 00:38:19.119 --> 00:38:22.920 like verifiable credentials where a lot of the patterns that you see with OA in 548 00:38:23.000 --> 00:38:29.079 terms of like granting access to something or proving that you know, like you're 549 00:38:29.079 --> 00:38:31.880 a certain person or have certain characteristics, you can start to shift to more 550 00:38:31.880 --> 00:38:38.960 of these like wallet style interactions where like my transactions with another third party are 551 00:38:39.239 --> 00:38:43.519 just kind of point to point and there's a lot of like privacy benefits to 552 00:38:43.599 --> 00:38:46.760 that that shift it out of like you know, your typical identity provider model 553 00:38:46.800 --> 00:38:51.800 where there's a person. So like these things are all happening and I think 554 00:38:51.800 --> 00:38:55.880 it's like quite interesting. They ultimately lead to like very similar user experiences, 555 00:38:55.960 --> 00:39:02.639 but very different sort of like technical and architectural. So just you know, 556 00:39:02.760 --> 00:39:08.719 kind of coming back to authentication with JavaScript maybe using passport. Are these things 557 00:39:08.719 --> 00:39:13.639 that Passport currently has strategies for? Are these things that you're looking at? 558 00:39:14.320 --> 00:39:17.239 Yeah, yeah, to some level of development effect your job too, is 559 00:39:17.239 --> 00:39:22.760 the other question. Yeah, So so yeah, Passport has been like a 560 00:39:22.800 --> 00:39:24.840 good framework to evolve here. So like the strategies have been there from the 561 00:39:24.840 --> 00:39:29.320 beginning. So like you know, web then didn't obviously exists at the time 562 00:39:29.360 --> 00:39:34.280 Passport was written, but because the strategy mechanism is flexible, you can implement 563 00:39:34.360 --> 00:39:37.840 strategies to do this. So Passport does have a web FND strategy that's that's 564 00:39:37.880 --> 00:39:43.880 workable today today. There's you know, there's some that web then is like 565 00:39:44.239 --> 00:39:47.039 in development and like lots of kind of new features happening constantly as the W 566 00:39:47.159 --> 00:39:51.079 three C and the browser vendors sort that stuff out. So there's some features 567 00:39:51.079 --> 00:39:54.159 that probably aren't yet implemented in the Passport strategy, but I've got my eye 568 00:39:54.199 --> 00:39:58.400 on them, and I know other people have some poor requests out there for 569 00:39:58.440 --> 00:40:01.760 them. So that's that's a work in progress, but you can get started 570 00:40:01.800 --> 00:40:06.119 on today. For things that are further out in the horizon, the things 571 00:40:06.159 --> 00:40:09.760 I mentioned like Verify viable credentials, those are much more experimental today, so 572 00:40:09.840 --> 00:40:14.840 there's not a strategy out there for them that I know of anyway, but 573 00:40:14.880 --> 00:40:17.639 it's it's certainly doable and something that I kind of play around with in the 574 00:40:17.639 --> 00:40:22.320 background. So if and when those things become become adoptable, there will be 575 00:40:22.360 --> 00:40:27.920 a strategy for those. There's more a question of like maturity of the technology 576 00:40:27.960 --> 00:40:30.119 and things like that. Yeah, yeah, exactly, And that's one of 577 00:40:30.159 --> 00:40:35.559 the benefits of like that strategy pattern. Like you know, kind of one 578 00:40:35.559 --> 00:40:37.400 of the things I try to do with with Passport is make it like an 579 00:40:37.440 --> 00:40:43.239 open ecosystem. So like there's now I don't know, well over five hundred 580 00:40:43.239 --> 00:40:45.440 strategies, it might be approaching close to a thousand I kind of quick counting 581 00:40:45.800 --> 00:40:51.000 at a certain point. But like lots of developers published strategies for tons of 582 00:40:51.039 --> 00:40:54.800 different authentic ways of doing authentication, and it's you know, permissionless in the 583 00:40:54.840 --> 00:40:58.480 sense of, like you know, anyone can do it and the API is 584 00:40:58.519 --> 00:41:00.400 there for you to do it imself. At the beginning, kind of wrote 585 00:41:00.559 --> 00:41:04.519 like fifty or so of the initial strategy, so you can see how it 586 00:41:04.960 --> 00:41:08.519 took off off from there. But like you know, as these technologies, 587 00:41:08.559 --> 00:41:13.480 like I know people who like pursue some of these more experimental technologies who will 588 00:41:13.480 --> 00:41:16.360 write a passport strategy as a way of like proving that it's it's implementable or 589 00:41:16.519 --> 00:41:21.000 show that it's real. And then as you know, you know, those 590 00:41:21.039 --> 00:41:24.840 technologies can succeed or fail on their own merits, but support. So another 591 00:41:24.960 --> 00:41:30.079 question that I have of passport is it's old, right. I mean, 592 00:41:30.360 --> 00:41:34.800 like you said, it started in the point two days. I I imagine 593 00:41:34.840 --> 00:41:40.400 it's probably gone through a major refactor or two as JavaScript has evolved to have 594 00:41:40.559 --> 00:41:47.480 native crypto primitives and promises and stuff like that. But us old dogs and 595 00:41:47.639 --> 00:41:53.199 anybody sensible is using Express because it's just it's just simpler, right, and 596 00:41:53.239 --> 00:41:58.679 it's dead and dead things don't change, they don't break on you. But 597 00:41:59.840 --> 00:42:05.559 it's not cool, it's not hip, it's not making any headlines. If 598 00:42:05.599 --> 00:42:09.440 Express five finally releases after what's it been seven years in beta now, no 599 00:42:09.480 --> 00:42:15.519 one will probably care. So with with the future of Passport, are you 600 00:42:16.199 --> 00:42:21.960 making it available for or or adaptations of it or a different version of it 601 00:42:22.000 --> 00:42:27.360 for things like Fastify or what's that? What's that? I'm forgetting the name 602 00:42:27.400 --> 00:42:29.920 of the one that we had on just a few weeks ago. Can somebody 603 00:42:29.920 --> 00:42:34.599 help me? What was it called? Uh? It's it's one that's written 604 00:42:34.639 --> 00:42:39.920 for bon but it works and not as well at least is it at least 605 00:42:40.440 --> 00:42:46.039 Alisia Elisia? Okay, Elisia. You know you got Bud, you got 606 00:42:46.119 --> 00:42:51.239 you got Dino are are are you just staring like this is tried, it's 607 00:42:51.280 --> 00:42:53.840 true, it's stable. You know people that people that want that are going 608 00:42:53.920 --> 00:42:58.639 to have this or are you doing anything to play towards the younger crowd? 609 00:43:00.079 --> 00:43:01.599 Probably more on the former, like it's kind of tried as true, it's 610 00:43:01.599 --> 00:43:06.440 stable. I think like you know, uh, you know, Express might 611 00:43:06.480 --> 00:43:08.440 be old and not cool anymore. But like I've also gotten old and not 612 00:43:08.519 --> 00:43:14.519 cool anymore too, so so I'm maybe okay with that. Yeah, I 613 00:43:14.559 --> 00:43:16.760 guess I'm one of those people who like I like stable technology, I like 614 00:43:16.800 --> 00:43:21.880 boring technology, and like something that works works. The man who has in 615 00:43:22.039 --> 00:43:27.239 no zero point two well, fair enough, fair enough, fair enough. 616 00:43:28.119 --> 00:43:30.119 Yeah, you know, there's always going to be something new. I think 617 00:43:30.159 --> 00:43:35.000 that's like part of what makes technology development exciting. But like, also I'm 618 00:43:35.039 --> 00:43:37.760 not one to want to break things that that are working well either, So 619 00:43:38.559 --> 00:43:43.920 I'll talk to that a little bit, like specifically, So with the passport, 620 00:43:44.199 --> 00:43:46.800 Uh, there's a notion although it doesn't really get like talked about too 621 00:43:46.880 --> 00:43:52.679 much or probably leveraged all that often of like having different like frameworks that you 622 00:43:52.719 --> 00:43:54.760 can like plug in underneath it. So like this is more of an internal 623 00:43:54.800 --> 00:43:59.480 thing, but like Passport in the way it's sort of like dispath dispatches, 624 00:43:59.519 --> 00:44:04.920 it's offen cation handling out to like the containing web framework if you will. 625 00:44:05.320 --> 00:44:08.360 It's somewhat pluggable, so like it sort of defers to express and calls express 626 00:44:08.400 --> 00:44:13.320 specific stuff, but you can swap in other frameworks if you want to, 627 00:44:13.519 --> 00:44:15.760 and like back in the day again, this is gonna be like old stuff, 628 00:44:15.760 --> 00:44:21.239 but like that was leveraged by Happy if people remember that, okay and 629 00:44:21.320 --> 00:44:22.400 so, and I think, you know, that probably doesn't get used as 630 00:44:22.480 --> 00:44:27.559 much anymore, but I know people have used that similar technique, like there's 631 00:44:27.639 --> 00:44:30.800 there's ways to use it in in next JS. I've played around with it 632 00:44:30.840 --> 00:44:34.719 and Fastify too, as like an experiment. I'm not sure if it like 633 00:44:34.760 --> 00:44:37.840 gets widely used in that ecosystem, but this is something that's always on the 634 00:44:37.840 --> 00:44:40.880 back of my mind, is like, okay, like how park can be 635 00:44:40.920 --> 00:44:45.719 made to play with these frameworks in a better way. It's never quite reached 636 00:44:45.719 --> 00:44:47.159 the level of priority where I'm like, okay, like I'm going to really 637 00:44:47.199 --> 00:44:51.719 like stabilize this pattern and promote it. It just doesn't, you know, 638 00:44:52.400 --> 00:44:57.159 uh, seem to have that people asking forward commanding it that much. But 639 00:44:57.239 --> 00:45:00.719 as I like play with things and refactor on my own, I'm that's something 640 00:45:00.719 --> 00:45:05.239 that's always there and like maybe at some point I'll get interested enough in one 641 00:45:05.280 --> 00:45:08.199 of these alternative frameworks to prove out and show people how it can be done. 642 00:45:08.440 --> 00:45:15.519 But otherwise I'm pretty satisfied with where it is. Yeah, I think, 643 00:45:15.840 --> 00:45:19.360 yeah, just to reiterate like it's stable and you know, I feel 644 00:45:19.360 --> 00:45:22.639 no need to break it if I wanted to jump to like a completely different 645 00:45:22.880 --> 00:45:27.800 framework and probably look at you know, doing it completely new, you know, 646 00:45:28.400 --> 00:45:30.719 JavaScript style and that sort of stuff like a job script world is involved 647 00:45:30.719 --> 00:45:34.639 in, like things like winter CG and stuff like that, I think are 648 00:45:34.679 --> 00:45:37.719 worth paying attention to and kind of like changing what it means to write like 649 00:45:37.840 --> 00:45:43.199 portable portable packages. But I don't like, there's just a long tail and 650 00:45:43.360 --> 00:45:45.719 of historical packages that will probably like never make that move and I don't know 651 00:45:45.760 --> 00:45:50.800 what that does over time, but you know that's that's just kind of like 652 00:45:51.440 --> 00:45:54.320 you gotta got to know your history. I guess for some of these things. 653 00:45:54.400 --> 00:45:58.480 You know. So I was also thinking, and this is a question 654 00:45:58.519 --> 00:46:00.599 I like to ask just in general, is okay, well, what's the 655 00:46:00.679 --> 00:46:05.599 other I guess major alternative to this, And the thing that I'm coming up 656 00:46:05.599 --> 00:46:08.159 with, And you said you work for them is Octa or zero which is 657 00:46:08.159 --> 00:46:14.960 owned by Octa now, And so when would you pick one and when would 658 00:46:15.000 --> 00:46:19.920 you pick the other? Because I I've used both or at least both strategies, 659 00:46:19.960 --> 00:46:23.199 right, I've used the Warden strategy for my rails apps, and I've 660 00:46:23.280 --> 00:46:30.480 used Octa and sometimes it made sense and sometimes one of them caused a way 661 00:46:30.519 --> 00:46:34.840 too much pain and I moved to the other. And so in your estimation, 662 00:46:34.960 --> 00:46:37.360 yeah, when do I start thinking, Okay, am I going to 663 00:46:37.440 --> 00:46:40.760 get done for you? Or am I going to do it myself? Yeah? 664 00:46:40.840 --> 00:46:45.440 So so good question. So I'll give some background here. So, 665 00:46:46.440 --> 00:46:53.159 like, so Passport started and like you know, like I said, twelve 666 00:46:53.960 --> 00:47:00.159 and I joined Osto, and I think like early twenty fifteen, like shortly 667 00:47:00.280 --> 00:47:02.320 maybe like a year after it got started. I was pretty early there. 668 00:47:04.199 --> 00:47:08.320 And you know, Ausara was like a big proponent of passport and promoted passport 669 00:47:08.519 --> 00:47:14.519 and also like passport works well with Austerero. So I view these things as 670 00:47:14.559 --> 00:47:19.119 like really symbiotic in a way, and I'll talk about that what that means. 671 00:47:19.840 --> 00:47:22.559 But basically, like so if you look at passport, it's trying to 672 00:47:22.599 --> 00:47:29.039 solve the authentication problem generally, right, So there's always this notion of okay, 673 00:47:29.079 --> 00:47:30.920 like you can build everything yourself, right, So like if you want 674 00:47:30.920 --> 00:47:34.800 to build your own log informs and all that sort of stuff, like go 675 00:47:34.920 --> 00:47:38.119 for it, And a lot of people do and consider that something that's important 676 00:47:38.119 --> 00:47:42.280 to them, and I don't think i'd ever at this point like try to 677 00:47:42.320 --> 00:47:45.960 talk you out of it if that's something that you wanted to do. That 678 00:47:45.079 --> 00:47:49.599 being said, I think one of the things that's important to understand as you 679 00:47:49.679 --> 00:47:53.400 like build authentication is you end up tackling a lot of problems that aren't just 680 00:47:53.760 --> 00:47:57.800 authentication. Right. Like you might start saying, Okay, I'm gonna build 681 00:47:57.800 --> 00:48:00.119 my own log inform, but now you've got to you know, pass your 682 00:48:00.159 --> 00:48:05.400 passwords and like you know, keep your passes up to date. You've got 683 00:48:05.519 --> 00:48:09.320 recovery problem statements like how do you email people? Like password reset links. 684 00:48:09.360 --> 00:48:13.880 You've got great limiting problem statements if you get to any scale and people just 685 00:48:13.880 --> 00:48:17.760 start to attack you, and there's just all these sort of problems that like 686 00:48:17.920 --> 00:48:22.400 you might not know at the outset, but that eventually you run into, 687 00:48:22.719 --> 00:48:24.880 right, And it's not just about authentication, but it's about all the stuff 688 00:48:24.880 --> 00:48:30.519 around it. And so that's really like the premise of using a service like 689 00:48:30.559 --> 00:48:34.199 Assero or Octa, which is okay, like you know, you want to 690 00:48:34.199 --> 00:48:37.559 build an application, you need authentication that entails a whole bunch of stuff that 691 00:48:37.599 --> 00:48:44.159 you really probably don't want to do. If you're you know, you're going 692 00:48:44.199 --> 00:48:47.639 to have any like significant traction in the market, so just kind of like 693 00:48:47.679 --> 00:48:52.159 outsource that, right, and so like that's that's the value of using assistant 694 00:48:52.159 --> 00:48:54.480 that way, and I think it's it's probably recommended first people who are you 695 00:48:54.519 --> 00:49:01.239 know, intending to launch like a widely deployed That being said, even when 696 00:49:01.239 --> 00:49:05.800 you choose to use a zero, for example, you still have to do 697 00:49:05.880 --> 00:49:08.760 authentication problem statements in your own application, right, So one of the ways 698 00:49:08.760 --> 00:49:15.039 of using a zero is just like talk to a zero via open id connects. 699 00:49:15.039 --> 00:49:17.599 So a zero becomes like your identity server, but your application needs to 700 00:49:17.639 --> 00:49:21.679 speak open id connect to it in order to authenticate. So it's like, 701 00:49:21.800 --> 00:49:25.320 yes, Austerero is doing the authentication, but you might drop passport in via 702 00:49:25.320 --> 00:49:30.079 the open ID connect strategy to have your application kind of authenticate against austereo. 703 00:49:30.760 --> 00:49:35.760 Similarly, like you might be building APIs and like all Stero is issuing the 704 00:49:35.800 --> 00:49:38.239 tokens for those APIs, but you need to authenticate them in your own application. 705 00:49:38.480 --> 00:49:44.239 So authentication exists on like both sides of the wire, right, So 706 00:49:44.280 --> 00:49:46.440 it's like you might build it all yourself and you can use passport as like 707 00:49:46.559 --> 00:49:52.360 one piece and your toolkit to do it. But really you shouldn't have to 708 00:49:52.360 --> 00:49:55.039 build it all yourself, but you still have to do handle authentication bits in 709 00:49:55.039 --> 00:49:59.239 your own application, even though you've outsourced most of it so you can use 710 00:49:59.280 --> 00:50:01.159 them together. Well, I want to be mindful of time, but I 711 00:50:01.159 --> 00:50:04.719 think we've got a few more minutes if somebody else has something they want to 712 00:50:04.719 --> 00:50:07.280 go into, or if there's something we didn't cover. Jared, No, 713 00:50:07.480 --> 00:50:09.960 this, this has been great. Your questions are awesome. Yeah. Sorry, 714 00:50:10.000 --> 00:50:14.159 I'm not much of a no just user errortic, I know, but 715 00:50:16.119 --> 00:50:20.679 so I would like the smarter people ask the questions. I mean, I 716 00:50:20.719 --> 00:50:24.400 will say this that I mean in my experience dealing with authentication listening to other 717 00:50:24.400 --> 00:50:28.599 people talk with it, it's not some road I want to go down, 718 00:50:29.639 --> 00:50:32.360 you know. I like to be able to some of the distributions that I 719 00:50:32.480 --> 00:50:37.079 use have a lot of that built in for me, you know, whether 720 00:50:37.119 --> 00:50:40.719 it's simple stuff and there's something more complex, And it's just nice when I 721 00:50:40.760 --> 00:50:43.639 can start up an app and not have to deal with that. I just 722 00:50:43.639 --> 00:50:46.599 know that my users can be authenticated and I'm not having to reinvent the wheel, 723 00:50:47.159 --> 00:50:52.480 so to speak. So amen and people like you that do that for 724 00:50:52.519 --> 00:50:55.719 me, welcome, what about you and like, what's what problems do you 725 00:50:55.760 --> 00:50:59.920 see? Like on authentication. I'm always curious to like, you know, 726 00:51:00.039 --> 00:51:02.159 people who are in the weeds on this stuff, like what are the challenges 727 00:51:02.199 --> 00:51:06.280 and you're facing these days? As far as I know, Well, I 728 00:51:06.280 --> 00:51:09.800 haven't, I haven't really looked. I've been building something incrementally uh for a 729 00:51:09.800 --> 00:51:15.280 few different clients, but having the ability for people to have their own single 730 00:51:15.360 --> 00:51:24.480 sign on and having the authentic having more like a library for authentication than a 731 00:51:25.480 --> 00:51:35.360 than something that's frameworky. That the reason for that being that if you're if 732 00:51:35.360 --> 00:51:39.960 you're building it rather than using OKTA, there's something special that you care about 733 00:51:40.000 --> 00:51:49.000 that you need to tweak. And the the more that's abstracted away, the 734 00:51:49.239 --> 00:51:52.920 more difficult it is to find the area to do the whatever it is that 735 00:51:53.000 --> 00:52:00.400 the tweak need to be. But yeah, I that that's something I've got. 736 00:52:00.599 --> 00:52:05.000 I've got a little a little project that I've used in a few places 737 00:52:05.000 --> 00:52:09.000 over a few nations, and I have tentatively called it lib off because the 738 00:52:09.039 --> 00:52:15.320 idea is that it's at some point I'll have like a lib off innit and 739 00:52:15.400 --> 00:52:17.719 lib off a knit will write out the routes and it'll have a lot of 740 00:52:17.719 --> 00:52:22.519 boilerplate in it. So if you need to go tweak something, you'll go 741 00:52:22.559 --> 00:52:29.400 tweak the boiler plate rather than having it abstracted into a single function where you 742 00:52:29.519 --> 00:52:35.840 have to re implement the strategy to move those few things around to track it 743 00:52:35.880 --> 00:52:42.119 in a different way or whatever. So I I'm not I'm not building a 744 00:52:42.159 --> 00:52:47.000 lot of new applications, so I'm not dealing with off often. But those 745 00:52:47.199 --> 00:52:52.280 those are kind of the two things is as a company gets larger, they 746 00:52:52.320 --> 00:52:54.559 want other companies to be able to integrate with their API, and so then 747 00:52:54.599 --> 00:53:00.760 they need a single sign on for themselves to export out. And then, 748 00:53:01.400 --> 00:53:07.320 like I said, just is there where is the middle ground to export the 749 00:53:07.360 --> 00:53:10.320 primitives? And in some ways it starts to feel like, well, these 750 00:53:10.360 --> 00:53:15.039 functions are so small and so tiny, you could just implement them, But 751 00:53:15.159 --> 00:53:19.800 then it's all those little bits over and over again. Your function would ended 752 00:53:19.840 --> 00:53:22.840 up being one hundred lines long. But if you you know so, it's 753 00:53:22.880 --> 00:53:31.159 like, where's that nice middle ground where it's not just abstracting away trivial things 754 00:53:31.440 --> 00:53:36.960 that granted end up being one hundred lines long. If you don't abstract them 755 00:53:37.000 --> 00:53:40.079 away, but you're also not abstracting away the meat and potatoes to the point 756 00:53:40.079 --> 00:53:45.920 where you have to copy paste and publish a new strategy. Yeah, no, 757 00:53:46.679 --> 00:53:50.840 I track exactly what you're saying there. I think that points to like 758 00:53:51.039 --> 00:53:55.039 why authentication is so interesting kind of challenging is it's such a cross cutting concern 759 00:53:55.519 --> 00:54:00.760 in an application and a lot of people have very like specific requirements have when 760 00:54:00.800 --> 00:54:02.719 they want it, and you touched on like something there, which is like, 761 00:54:02.800 --> 00:54:06.280 okay, you've got your your clients, and what they really want to 762 00:54:06.280 --> 00:54:08.880 do is like provide sso and access to own API. So it's kind of 763 00:54:08.920 --> 00:54:14.360 like at that point they want to be their own oothser effectively, right, 764 00:54:15.519 --> 00:54:19.320 which is which is a common thing that that companies do as they grow. 765 00:54:20.320 --> 00:54:23.760 But it's in my view, even though these things are related, that you're 766 00:54:23.800 --> 00:54:29.400 moving from authentication into more like authorization problem statements and you get like a lot 767 00:54:29.519 --> 00:54:32.079 more things around like oh, how do I prompt my user for consent and 768 00:54:32.159 --> 00:54:36.519 like you know scopes. I need to present them dialogues to say what they're 769 00:54:36.519 --> 00:54:39.760 granting access to in a way that's understandable, and that gets to be like 770 00:54:40.280 --> 00:54:44.480 you know, now you're deep into like kind of the domain model of the 771 00:54:44.519 --> 00:54:47.960 application itself at that point, at at some layer. Right. And also, 772 00:54:49.559 --> 00:54:53.599 you know you talked earlier about the SPA stuff. So this this off 773 00:54:53.679 --> 00:55:00.480 library that the result of it today, it's I've started it over a few 774 00:55:00.559 --> 00:55:06.360 times, but almost every single time I've hunkered down and been like, Okay, 775 00:55:06.400 --> 00:55:08.119 I'm really gonna flesh this thing out and I'm gonna I'm gonna make it 776 00:55:08.119 --> 00:55:14.719 into a real thing. The next day is you know, major update to 777 00:55:14.800 --> 00:55:19.920 browsers. Uh you know, I Frames no longer support it. Yes, 778 00:55:20.000 --> 00:55:22.239 right, It's like, okay, so now we can't have seamless authentication anymore 779 00:55:22.280 --> 00:55:27.079 because of clickjacking whatever. All right, so okay, scrap this, come 780 00:55:27.119 --> 00:55:29.280 back to it a couple of years later. All Right, I'm gonna I'm 781 00:55:29.280 --> 00:55:32.440 gonna write this thing again. Then, you know, like literally I'm almost 782 00:55:32.639 --> 00:55:37.800 done, and uh, you know, Firefox, Safari and all other browsers 783 00:55:37.800 --> 00:55:43.039 except for Google no longer our third party cookies starting next month. And it's 784 00:55:43.159 --> 00:55:49.800 like, oh, well that's not gonna work, you know. So that's 785 00:55:49.920 --> 00:55:55.400 kind of one of the frustrating things, is be the primitives that allowed us 786 00:55:55.519 --> 00:56:01.960 to make authentication seamless keep on getting removed, the buggy things don't get better. 787 00:56:02.000 --> 00:56:05.400 I mean, I think that we still have that problem. If you're 788 00:56:05.440 --> 00:56:08.679 on an iPhone web view, if you call window dot closed, it doesn't 789 00:56:08.679 --> 00:56:14.079 close. You can't redirect, and so then like the user so so like 790 00:56:14.840 --> 00:56:19.360 the things that were easier getting removed, and the things that are blocking us 791 00:56:19.360 --> 00:56:23.400 from having a simiss experience, those bugs aren't actually getting fixed. Yeah. 792 00:56:23.840 --> 00:56:30.000 Yeah, and it's and it's like every couple of years there's some major change 793 00:56:30.039 --> 00:56:35.920 to the way that browsers work between third parties. Yeah, I think you 794 00:56:35.960 --> 00:56:39.400 know that speaks to the sort of like interplay between effectively like an under client 795 00:56:39.480 --> 00:56:45.199 side authentication concerns and like back end server side concerns and like, uh, 796 00:56:45.280 --> 00:56:47.199 you know, I guess fortunately, in the case of the passport Jass, 797 00:56:47.199 --> 00:56:51.679 I like really focused on the back end concerns itself, right, and like 798 00:56:51.760 --> 00:56:54.880 kept all the client side stuff out of it. And and you know that's 799 00:56:54.920 --> 00:57:00.599 been scalable and evolvable and in a relatively sustainable way. But to your point, 800 00:57:00.719 --> 00:57:05.119 like maybe makes the developer do more of the front end stuff that themselves, 801 00:57:05.239 --> 00:57:09.000 right, it's less abstracted that front end stuff it's all broken like it's 802 00:57:09.039 --> 00:57:13.519 all, well, yeah, any strategy that you ever would have tried to 803 00:57:13.559 --> 00:57:16.519 do this stuff on the front end, it's all broken over the last ten 804 00:57:16.599 --> 00:57:20.599 years, Like yeah, it's been for sure, for sure. Yeah, 805 00:57:20.960 --> 00:57:24.159 So it turns out that the only thing that has reliably worked over the last 806 00:57:24.199 --> 00:57:29.280 decade has been put the whole thing on the back end. Yeah yeah, 807 00:57:29.559 --> 00:57:32.400 yeah, And I think I think that is probably like still the trend. 808 00:57:32.559 --> 00:57:37.599 Like in my own kind of like ideal world, I've often toyed with like 809 00:57:37.960 --> 00:57:42.679 kind of marrying like passport or any really back end off the framework with like 810 00:57:42.920 --> 00:57:45.559 a seamless like front end framework. I think that'd be interesting, like from 811 00:57:45.639 --> 00:57:50.719 my identity nerd type of standpoint, like that's a challenge that that would be 812 00:57:50.760 --> 00:57:54.159 fun to solve. But to your point, like it's I've took stabs at 813 00:57:54.159 --> 00:57:58.800 it like here and there over the years, but I've never really felt satisfied 814 00:57:58.840 --> 00:58:02.920 with like the levels of abstraction that can be achieved and making it like DEBX 815 00:58:02.920 --> 00:58:07.760 friendly. So I still think there's like room room out there to like improve 816 00:58:07.800 --> 00:58:13.679 the front end side of things and then upgrade. Are you aware of the 817 00:58:13.760 --> 00:58:19.559 portal spec portal spec? No, I have not come across this we will 818 00:58:19.599 --> 00:58:22.679 see whether or not a this is ever implemented, and by implemented, Like 819 00:58:22.760 --> 00:58:27.920 my thought is basically on the front end, if you're a responsible developer, 820 00:58:28.239 --> 00:58:31.360 you shouldn't be using anything that hasn't been around for two years. And unless 821 00:58:31.440 --> 00:58:35.840 unless, I mean that's not entirely true, because a lot of times you 822 00:58:35.840 --> 00:58:38.199 can bet on the future and by the time your product rolls out, that 823 00:58:38.239 --> 00:58:43.119 thing has been available for two years. But a lot of times it's already 824 00:58:43.159 --> 00:58:46.880 been deprecated, deprecated or taken off of the standards track within two years. 825 00:58:46.920 --> 00:58:51.960 So that's where it's like, and then you end up with the Babbel story 826 00:58:52.000 --> 00:58:54.159 where for the rest of time and eternity you have to either use Babbel or 827 00:58:54.159 --> 00:58:58.599 you have to use something like like back in the website of the days, 828 00:58:58.599 --> 00:59:05.519 what was that one called the soup super popular web socket framework socket I own 829 00:59:05.599 --> 00:59:09.119 right like soccket io still implements like an I frame strategy, or they may 830 00:59:09.159 --> 00:59:14.639 have removed, you know, like you end up with that with that that 831 00:59:14.719 --> 00:59:21.039 kind of thing. So portals, if it actually comes to fruition, my 832 00:59:21.199 --> 00:59:27.039 understanding is that will be a secure I frame where the I frame changes the 833 00:59:27.199 --> 00:59:30.280 UURL and the UURL bar, so a portal pops up like a modal. 834 00:59:30.360 --> 00:59:35.840 When you click into the portal, the URL changes in the r L bar, 835 00:59:36.440 --> 00:59:38.480 and then you have the ability to expand the portal to take up the 836 00:59:38.480 --> 00:59:44.159 whole screen, and potentially some sort of CSS transition so that you could do, 837 00:59:44.639 --> 00:59:47.519 for example, an O off flow without a redirect. You open up 838 00:59:47.519 --> 00:59:51.880 a portal like opening up an I frame, but the portal takes over the 839 00:59:52.000 --> 00:59:53.519 r L bar, and then when the portal goes away, the r L 840 00:59:53.679 --> 00:59:58.920 bar goes back, so it almost looks like in all respects a redirect, 841 00:59:59.519 --> 01:00:02.920 except the redirect never happens. The state of the application and the background, 842 01:00:04.360 --> 01:00:08.800 like the form that you were halfway through filling out or whatever, stays while 843 01:00:08.960 --> 01:00:15.880 the flow in the foreground happens. And it sounds really really promising if they 844 01:00:15.880 --> 01:00:19.920 figure out how to do CSS transitions so that it'll work the way that people 845 01:00:20.119 --> 01:00:22.239 want to, which it sounds like it probably will, because I think they're 846 01:00:22.280 --> 01:00:29.639 already doing CSS transitions for redirects. Now, if I remember correctly, there's 847 01:00:29.679 --> 01:00:34.880 some sort of spec to basically say you can have a CSS transition that if 848 01:00:34.920 --> 01:00:38.079 you load a new page, the new page will load with the transition, 849 01:00:38.159 --> 01:00:43.239 it'll feel like a single page application on multiplage. But that's something I've got 850 01:00:43.239 --> 01:00:45.480 my fingers crossed for because it essentially solves all the problems. It solves the 851 01:00:45.480 --> 01:00:52.559 security concerns, it solves the state management concern If portals land, it will 852 01:00:52.599 --> 01:01:00.000 be the perfect tool for seamless authentication. We'll finally have what we had back 853 01:01:00.079 --> 01:01:04.960 in the two thousands without your clicking and tell somebody to do the clickjacking, 854 01:01:04.960 --> 01:01:07.760 and then we'll lose it again. Yeah, yeah, that sounds promising. 855 01:01:07.840 --> 01:01:10.079 I mean, that state management problem is like one of the things that has 856 01:01:10.079 --> 01:01:14.880 always like hung up, like oh off adoption and you know, like spots 857 01:01:14.880 --> 01:01:16.760 in particular, it's like you redirect and you lose all your state that's that's 858 01:01:16.840 --> 01:01:20.639 sitting there in the browser, and then you've got to like reconstitute that on 859 01:01:20.679 --> 01:01:24.039 the redirect back and it never works, right, which would totally be fine 860 01:01:24.119 --> 01:01:28.360 if we could use the pop ups, except we can't use the pop ups 861 01:01:28.400 --> 01:01:32.280 because they don't work on mobile. Yeah yeah, all right, I'm going 862 01:01:32.320 --> 01:01:36.679 to push us to picks just in the interest of time. Before we do 863 01:01:36.719 --> 01:01:38.800 that, though, Jared, if people have questions or if they want to 864 01:01:39.400 --> 01:01:43.199 you know, follow what anything else you're doing. Where do people find you 865 01:01:43.239 --> 01:01:47.760 online? Yeah, so Jared Hansen is my handle pretty much upper on Twitter, 866 01:01:47.880 --> 01:01:52.840 slash x get hub. You can go to passport jass dot org and 867 01:01:52.079 --> 01:01:55.159 and everything will be linked from there. So yeah, check it out. 868 01:01:55.280 --> 01:02:00.360 Shoot me questions. Awesome, All right, Well let's do some picks, 869 01:02:01.039 --> 01:02:05.119 Steve. You want to start some picks. Yes, I will start with 870 01:02:05.199 --> 01:02:07.559 picks, and I actually have a couple lower level picks before we get to 871 01:02:07.559 --> 01:02:15.960 the high point of the podcast. News breaking today as of this recording that 872 01:02:15.920 --> 01:02:22.119 would be a rather large issue in the design community is that Figma and Adobe 873 01:02:22.159 --> 01:02:28.519 have bailed on their merger. The top of a hacker news, Dylan Field, 874 01:02:28.519 --> 01:02:31.559 who's the CEO of Figma, put out a blog post and basically they 875 01:02:31.599 --> 01:02:36.880 said there was just too many regulatory hurdles and so they have bailed. And 876 01:02:36.920 --> 01:02:40.280 I think if I remember correctly, the number was something like twenty billion dollar 877 01:02:40.360 --> 01:02:45.440 merger. Oh wow, it was pretty huge, and a lot of I 878 01:02:45.480 --> 01:02:49.960 remember hearing a lot of designers saying, all right, Adobe's going to screw 879 01:02:50.000 --> 01:02:52.599 up Pigma. Now I'm getting out of Pigma. I'm going to something else, 880 01:02:52.280 --> 01:02:55.800 so it'll be interesting to see if this I'd be curious to see number 881 01:02:55.800 --> 01:03:00.800 one, how many people actually did leave Pigma, and two how many people 882 01:03:00.840 --> 01:03:05.760 come back after this. So that's some interesting news. And then in the 883 01:03:05.840 --> 01:03:10.840 burgeoning and very important world of interior design for automobiles, this sort of struck 884 01:03:10.880 --> 01:03:15.320 me because I've seen this happen elsewhere too. There's a story on the Drive 885 01:03:15.400 --> 01:03:23.039 about how with the newest designs of Volkswagen has really got a lot of pushback 886 01:03:23.199 --> 01:03:29.280 because in their terriers they've gotten rid of tactful physical buttons and everything's been on 887 01:03:29.320 --> 01:03:35.639 touch screens, and so when things don't work a lot of the time, 888 01:03:35.719 --> 01:03:38.599 people get really frustrated, which is pretty common. And so what they have 889 01:03:38.679 --> 01:03:42.760 said is they're going to go back to using actual buttons for a number of 890 01:03:42.800 --> 01:03:46.559 features within the car. And I saw the same thing recently from Hyundai as 891 01:03:46.599 --> 01:03:51.840 well. They're chief designer had said he's going to keep using buttons because people 892 01:03:51.840 --> 01:03:53.280 are used to them and actually work. You don't run into a lot of 893 01:03:53.280 --> 01:03:59.639 the issues that you do with touch screens on digital displays. You know, 894 01:03:59.679 --> 01:04:04.320 for me myself, my vehicle has some stuff on on the touch screens, 895 01:04:04.320 --> 01:04:08.039 but there's some stuff that you can actually do with physical buttons in my truck, 896 01:04:08.039 --> 01:04:11.679 and it's really nice to have that. So sort of frustrating that try 897 01:04:11.679 --> 01:04:14.920 to adjust the temperature and have to like deal with a flip and touch screen 898 01:04:14.920 --> 01:04:16.840 when you're driving, it's like just a flip and knob, Like come on, 899 01:04:17.360 --> 01:04:20.119 well a knob or even mine has a couple up and down buttons that 900 01:04:20.159 --> 01:04:25.039 you can push pretty easily as well. So yeah, it's it's one of 901 01:04:25.039 --> 01:04:29.039 those cases where you see the pendulum swinging one way and then it's coming back 902 01:04:29.119 --> 01:04:31.760 because people realize maybe this one way isn't all it's cracked up to me so 903 01:04:32.079 --> 01:04:39.280 interesting, and then experience that on my We got a new oven and they 904 01:04:39.360 --> 01:04:43.760 have digital buttons for the to set the temperature, so you turn it to 905 01:04:43.760 --> 01:04:46.280 bake and then you hit temp and then you and yeah, it's most of 906 01:04:46.280 --> 01:04:49.079 the time it works, and every once in a while I'm practically breaking my 907 01:04:49.159 --> 01:04:53.920 finger on the UI trying to get it to read that I hit the three 908 01:04:54.360 --> 01:04:59.159 and probably breaking the UI itself because you're pushing so hard. Right, yeah, 909 01:04:59.480 --> 01:05:02.679 right, Okay, time for the jet jokes of the day, and 910 01:05:02.719 --> 01:05:08.599 those of you dad joke officionados will be happy to hear that I have my 911 01:05:08.679 --> 01:05:15.920 rim shot back, so that will he be practicing for these Oh yes, 912 01:05:16.039 --> 01:05:19.880 Jared, you can either laugh or grown all. All responses are welcome. 913 01:05:21.159 --> 01:05:24.719 Sort of a simple one today, What did the sushi say to the bee? 914 01:05:26.079 --> 01:05:31.079 What Sabby? Right? So, for those of you who may be 915 01:05:31.159 --> 01:05:34.960 a fan of the Budweiser was up commercials from twenty years ago, there's a 916 01:05:34.960 --> 01:05:40.480 great one about with Sabby. Just google Budweiser with Sabby and you'll see it. 917 01:05:42.800 --> 01:05:46.199 So recently, for my son's birthday, I got him a sort of 918 01:05:46.239 --> 01:05:48.800 a simple gift. I got him an alarm clock, but it swears at 919 01:05:48.840 --> 01:05:54.000 him instead of beeping, so he's in for a rude of waiting, right. 920 01:05:55.239 --> 01:06:00.639 And then finally, you know, I've talked about of the jobs that 921 01:06:00.639 --> 01:06:02.000 I've had in the past that I get fired from, and you know, 922 01:06:02.239 --> 01:06:06.079 working at the calendar, the typewriter keyboard factory and taking off too many shifts 923 01:06:06.079 --> 01:06:12.119 and that kind of stuff. But one of my first jobs was posing like 924 01:06:12.159 --> 01:06:15.400 a mannequin in a clothing store window. I held that position for a long 925 01:06:15.440 --> 01:06:23.280 time. Thank you. Those are my picks, all right. We did 926 01:06:23.280 --> 01:06:29.119 have some silent chuckles just for the listener only, audience. Yes, even 927 01:06:29.159 --> 01:06:33.719 even Jared was, you know, having having a mondel on one of those. 928 01:06:33.800 --> 01:06:41.000 Yeah, okay, so I've got I've got a technical pick for the 929 01:06:41.039 --> 01:06:43.440 first time in a long time, I think, I think it's been a 930 01:06:43.440 --> 01:06:49.679 while since I picked a JavaScript library. But recently there's this old application that 931 01:06:49.719 --> 01:06:55.119 I'm working on, and uh it, it gives me so much anxiety. 932 01:06:55.159 --> 01:06:59.960 It's so it's so fragile. It's been getting better and better over the years. 933 01:07:00.280 --> 01:07:03.679 We've refactored a lot out of it, you know, but but there's 934 01:07:03.719 --> 01:07:13.760 just there's just times when I'm scared to push to production. And a tool 935 01:07:13.840 --> 01:07:18.159 that I found recently, as I'm trying to gradually add types to it so 936 01:07:18.199 --> 01:07:25.440 that I can feel more and more confident, I found a couple of tools. 937 01:07:25.480 --> 01:07:36.440 One is my sequel schema TS and postgress schema TS that will read you 938 01:07:36.480 --> 01:07:42.039 connect to the database. It'll read the current state of the database, not 939 01:07:42.400 --> 01:07:45.320 what's in the migrations, which may not reflect what somebody did as a hot 940 01:07:45.360 --> 01:07:55.079 fix. Uh So it'll read the actual state of the database and output typescript 941 01:07:55.079 --> 01:08:02.519 interfaces. And then there's another package TS to js dot which will translate from 942 01:08:02.800 --> 01:08:09.519 those whichever tables or if you selected the whole schema, will go through and 943 01:08:09.559 --> 01:08:15.159 then read the typescript definitions and then translate them to JS doc and so then 944 01:08:15.480 --> 01:08:19.680 you can mark your types. And I have not been able to get objection 945 01:08:19.920 --> 01:08:28.479 to work with the typescript checker in JavaScript. I hear rumor that it the 946 01:08:28.600 --> 01:08:32.359 latest version might work if you use it with typescript, or maybe the latest 947 01:08:32.439 --> 01:08:35.640 version would work a user with JavaScript, but we're pinned to the version that 948 01:08:35.680 --> 01:08:42.439 we're pinned to. But anyway, so those two tools have helped me and 949 01:08:42.840 --> 01:08:47.479 help me find a few bugs because I can basically manually overwrite a call to 950 01:08:47.520 --> 01:08:51.960 the database and say, ignore what you think type the type is that's being 951 01:08:53.039 --> 01:08:58.199 returned that you're reading from the o RM. Instead, you know this is 952 01:08:58.279 --> 01:09:02.600 the type that's being returned earned And so those those two tools have been really 953 01:09:02.600 --> 01:09:09.680 helpful for me. And if you're interested in either starting new projects using JavaScript 954 01:09:09.680 --> 01:09:15.319 with types, or you are trying to migrate a project to incrementally add type 955 01:09:15.359 --> 01:09:21.600 checking. I did a presentation on this. It's up at jswithtypes dot com. 956 01:09:23.079 --> 01:09:26.520 And there's a little NPM module that you can run NPM and NIT and 957 01:09:26.560 --> 01:09:30.279 it will do the magical incantations that will make it so that you can use 958 01:09:30.319 --> 01:09:35.279 the typescript checker in JavaScript, which there's a lot of blogs out there about 959 01:09:35.279 --> 01:09:40.239 this, but there's a lot of I don't know, there's like a lot 960 01:09:40.239 --> 01:09:44.840 of little details, and if you want to get the typescript checker working with 961 01:09:44.920 --> 01:09:51.279 JavaScript, it's it's deceptively not easy. It seems like it should be straightforward. 962 01:09:51.319 --> 01:09:56.359 It seems like, oh, I'll just you know, set JavaScript types 963 01:09:56.359 --> 01:10:00.199 to true in the config file and that you know this should but there's like 964 01:10:00.239 --> 01:10:03.760 a number of things that you have to do that are not intuitive and they're 965 01:10:03.800 --> 01:10:11.479 difficult to explain. So if you run the npx JSWT in it, it 966 01:10:11.520 --> 01:10:16.520 will just do the right thing, or or if your project is set up 967 01:10:16.520 --> 01:10:19.840 in a particularly weird way, it'll you know, you can at least open 968 01:10:19.920 --> 01:10:25.359 up the convict file and hopefully see you need to change your lib directory name 969 01:10:25.600 --> 01:10:30.960 or whatever. So and I've been a huge fan. I hope this has 970 01:10:30.000 --> 01:10:33.720 come across on the shot. I'm a huge fan of JavaScript types, huge 971 01:10:33.720 --> 01:10:36.600 fan. I wish there were simpler ways to do it. I wish there 972 01:10:36.600 --> 01:10:42.079 were better tools for it, but I love JavaScript's native type system. I 973 01:10:42.079 --> 01:10:45.079 think it's amazing. I don't think it's perfect. I don't really think it's 974 01:10:45.119 --> 01:10:48.319 amazing. I think it's workable. I think it's very very workable. Not 975 01:10:48.439 --> 01:10:51.960 amazing at all, because it wasn't designed to be a type system. But 976 01:10:53.039 --> 01:10:57.520 we have JavaScript has types and we can use those to our advantage. We 977 01:10:57.560 --> 01:11:01.439 don't have to pretend like double equals. The rule double equals is not even 978 01:11:01.479 --> 01:11:08.399 an exception, it's not an acceptable option. We can use script strict strong 979 01:11:08.520 --> 01:11:12.199 typing and JavaScript. And after all, I mean, even if you're using 980 01:11:12.199 --> 01:11:15.159 a language like C, I would say that C is very weekly typed. 981 01:11:15.239 --> 01:11:17.640 The types are in the tooling. If you have bad tooling, you have 982 01:11:17.680 --> 01:11:20.520 bad types. If you have good tooling, you have good types. And 983 01:11:20.920 --> 01:11:28.840 the TSC, the Typescript Checker, is certainly acceptable and will help you have 984 01:11:28.880 --> 01:11:34.600 a better experience with jobs. Other picks a little a little quicker, hopefully. 985 01:11:35.159 --> 01:11:41.600 But I came across these speakers, so I had this issue where I 986 01:11:41.600 --> 01:11:45.239 mean, you know, it's just the world is falling apart. I'm going 987 01:11:45.319 --> 01:11:48.760 to refer back to to Jonathan Blow's talk The Collapse of Preventing the Collapse of 988 01:11:48.760 --> 01:11:54.680 civilization. Right, like, things that seem like they should work because we're 989 01:11:54.680 --> 01:11:59.680 more advanced now, don't I had these Bluetooth speakers, they would literally cause 990 01:12:00.119 --> 01:12:05.960 my Mac to eventually the Bluetooth audio model would kernel panic and then audio would 991 01:12:06.000 --> 01:12:12.520 stop working without a reboot. This is it could be that the Bluetooth speakers, 992 01:12:12.520 --> 01:12:16.960 they were fairly cheap speakers from a no name brand, right, so 993 01:12:17.159 --> 01:12:20.439 it could be that the speakers were just bad. But shouldn't the kernel be 994 01:12:20.479 --> 01:12:25.760 more resilient against malicious hardware? I mean, isn't that like the colonel's job 995 01:12:25.880 --> 01:12:30.359 is like, hey, you're malicious hardware or your hardware that doesn't follow the 996 01:12:30.399 --> 01:12:34.319 spec properly, your reset? No, like, instead the kernel resets. 997 01:12:34.760 --> 01:12:39.680 And so I bought a new pair of speakers and they're the Creative T sixties 998 01:12:40.560 --> 01:12:43.159 and they're larger than I thought they were going to be. And in my 999 01:12:43.279 --> 01:12:45.640 mind they were probably about the quarter set a quarter of the size of what 1000 01:12:45.680 --> 01:12:51.000 they really are. They are about the size of a Nintendo switch, well 1001 01:12:51.039 --> 01:12:56.159 bigger than that on just the face of them. Yeah, about that size 1002 01:12:56.159 --> 01:13:00.399 on the face of them. And then they're I don't wonder they about the 1003 01:13:00.439 --> 01:13:03.720 size of if you go back, because they're not thin like that but it 1004 01:13:04.079 --> 01:13:09.840 anyway, but they they ended up being bigger. But the sound quality is 1005 01:13:09.960 --> 01:13:13.560 actually really really good. And they connect via Bluetooth, which I have not 1006 01:13:13.720 --> 01:13:16.079 tried and I don't want to try. But they also connect via USBC, 1007 01:13:17.239 --> 01:13:21.439 which when I did the swamp between these and the other speakers that were messing 1008 01:13:21.520 --> 01:13:26.199 up, literally caused the computer to restart. I don't know what's happening with 1009 01:13:26.239 --> 01:13:29.960 the Mac operating system, but it's not good anyway. But they sound really 1010 01:13:30.000 --> 01:13:32.199 good, like they have an amazing sound stage, and there were sixty five 1011 01:13:32.199 --> 01:13:39.199 bucks like and I'm an audio snob, I you know, but these they 1012 01:13:39.479 --> 01:13:45.520 actually sound good. My only complaint is that because I'm using them via USBC, 1013 01:13:45.920 --> 01:13:48.840 because most people could probably just plug them in with the three point five 1014 01:13:48.840 --> 01:13:53.680 millimeter cable and be fine. But because I'm plugging them in with USBC, 1015 01:13:53.760 --> 01:13:57.640 I lose a volume control. So I have to use the look back app 1016 01:13:58.039 --> 01:14:02.000 to make a virtual audio device that outputs to the speakers, set my system 1017 01:14:02.039 --> 01:14:05.880 output to the virtual audio device, and now I have volume control on the 1018 01:14:05.920 --> 01:14:10.079 keyboard. Again. Why that can't be just done in MACA West, I 1019 01:14:10.119 --> 01:14:13.880 don't know. But the speakers themselves, they have the Bluetooth option, the 1020 01:14:13.920 --> 01:14:18.479 USPC option, and the three point five millimeter option, and they just they 1021 01:14:18.560 --> 01:14:24.199 sound so much better than I would have expected at sixty five dollars. So 1022 01:14:24.520 --> 01:14:30.600 Creative has done it again. I just huge shout out to them for again 1023 01:14:30.640 --> 01:14:34.760 it's the Creative t sixties. And then, Okay, I'll be fast on 1024 01:14:34.800 --> 01:14:39.520 these ones. I promise, I think, no, I promise. I 1025 01:14:39.560 --> 01:14:45.439 talked about the Hammerhead metal shower head a few weeks back. Our other shower 1026 01:14:45.479 --> 01:14:48.199 head and our other bathroom broke, so I bought another one. So I 1027 01:14:48.279 --> 01:14:51.239 brought it back to my remembers. So easy to install, and I have 1028 01:14:51.319 --> 01:14:55.920 no doubt that it will last at least as long as I do, or 1029 01:14:55.920 --> 01:15:00.279 at least as long as the house does. So if you have shower headholders 1030 01:15:00.319 --> 01:15:05.359 breaking because they're the silly plastic ones that ship with every single showerhead, which 1031 01:15:05.399 --> 01:15:13.079 no showerhead manufacturer provides as a replacement part to on their website because they really 1032 01:15:13.079 --> 01:15:15.880 don't give a darn about their eco friendly blah blah blah blah blah save the 1033 01:15:15.920 --> 01:15:18.760 planet blah blah blah blah blah. They just want you to buy new shower 1034 01:15:18.760 --> 01:15:25.720 heads. The Hammerhead metal shower head will will save you and you'll never have 1035 01:15:25.800 --> 01:15:31.720 to buy another shower head holder again. And then my wife, my wife 1036 01:15:31.760 --> 01:15:36.039 has fallen in love with me all over again because I bought a Degrees of 1037 01:15:36.079 --> 01:15:43.239 Comfort King dual heated blanket for the winter because I can't stand the house being 1038 01:15:43.239 --> 01:15:45.399 hot. She wants the house to be like one hundred degrees and I'm like, 1039 01:15:45.399 --> 01:15:49.479 it's winter, it's okay, the house can be cold. And I 1040 01:15:49.560 --> 01:15:53.680 bought this blanket for us, and it's dual heated, so each side you 1041 01:15:53.720 --> 01:15:55.920 can pick, you know how warm you want it, so I can turn 1042 01:15:55.960 --> 01:15:58.840 my side off, I can turn it on when I'm just getting into bed 1043 01:15:58.840 --> 01:16:00.199 and then turn it off when I'm about to go to sleep, and she 1044 01:16:00.199 --> 01:16:03.720 can leave her side on all night long. And this is working out great, 1045 01:16:03.760 --> 01:16:10.119 and she tells me every single day that she loves it, so uh 1046 01:16:10.600 --> 01:16:14.720 yeah, and it's it's got good ratings, and I look through dozens of 1047 01:16:14.720 --> 01:16:18.359 them before picking one, and I feel pretty confident that it's probably the best 1048 01:16:18.399 --> 01:16:23.600 one that I could have gotten. So I'll I'll give a link to that. 1049 01:16:24.000 --> 01:16:28.199 So those are my picks. All right, I'm gonna jump in. 1050 01:16:28.720 --> 01:16:31.640 I'm gonna be really really brief. I always do a game pick. The 1051 01:16:31.680 --> 01:16:35.880 one that I've been playing lately I've picked up before is Risk Legacy or game 1052 01:16:35.880 --> 01:16:40.840 geek weight of two point five to nine, which means that it's a little 1053 01:16:40.880 --> 01:16:45.640 bit more complicated than the average gamer wants to play. But if you're a 1054 01:16:45.680 --> 01:16:48.479 fan of Risk, it's actually the games go faster and it's it's it's a 1055 01:16:48.479 --> 01:16:53.119 lot of fun. So I do have to say, my friends, after 1056 01:16:53.199 --> 01:16:58.199 I won the first two games, they ganged up on me, So that 1057 01:16:58.279 --> 01:17:01.840 happens, right anyway. A couple of other picks. We're going to be 1058 01:17:01.840 --> 01:17:04.880 doing things a few things different. One of them is is we're going to 1059 01:17:04.920 --> 01:17:09.680 tweet out before we go live every week, so keep an eye on that. 1060 01:17:09.720 --> 01:17:13.000 You can follow us as a JS jabber on Twitter, you can find 1061 01:17:13.039 --> 01:17:17.319 a Facebook page. The YouTube channel is top Endevs and you can go check 1062 01:17:17.359 --> 01:17:24.239 all that out. And then in addition to that, we're putting up the 1063 01:17:24.239 --> 01:17:26.840 premium version of the podcast, which just doesn't have the ads in it. 1064 01:17:26.920 --> 01:17:31.880 But a bonus I decided I was going to add was that if you want 1065 01:17:31.920 --> 01:17:35.000 to help us decide what to talk about, right, so it's like hey, 1066 01:17:35.000 --> 01:17:38.640 so and so, it would be a good guest or Hey, I'm 1067 01:17:38.800 --> 01:17:41.199 learning about this topic and I think you ought to talk about it on the 1068 01:17:41.239 --> 01:17:44.279 show, right, So maybe you go try out web often and it's like, 1069 01:17:44.319 --> 01:17:46.039 I want to learn more about webth end. Is there a web off 1070 01:17:46.119 --> 01:17:48.279 end guy you know? And it turns out yeah, I probably do. 1071 01:17:48.960 --> 01:17:54.880 So we'll get that lined up and I'm going to be doing those once a 1072 01:17:54.880 --> 01:17:58.159 month, and all you have to have is that premium level. Now. 1073 01:17:58.159 --> 01:18:02.880 I'm also putting together videos weekly videos on training, kind of like what rails 1074 01:18:02.880 --> 01:18:05.479 casts used to do for Rails, except it's going to be JavaScript focused. 1075 01:18:05.479 --> 01:18:10.920 I'm also doing the React series, and then we're going to have JavaScript Geniuses, 1076 01:18:11.239 --> 01:18:15.800 which is going to be three meetups per month. They'll all be at 1077 01:18:15.800 --> 01:18:18.840 the same time of day, same day, every week, and we're probably 1078 01:18:18.840 --> 01:18:23.119 going to have an expert one week we'll do a Q and a one week 1079 01:18:25.279 --> 01:18:28.880 we'll kind of do a workshop or live coding or something else the other week, 1080 01:18:29.279 --> 01:18:31.359 and then it also includes a meet up with the rest of them, 1081 01:18:31.600 --> 01:18:36.319 the Ruby Geniuses and the React Geniuses where we talk about career stuff. Right, 1082 01:18:36.439 --> 01:18:41.720 so tools, careers, things that are not specific to a language or 1083 01:18:41.720 --> 01:18:45.880 framework. So you definitely go check all those out. And then I'm also 1084 01:18:45.079 --> 01:18:49.680 finally working on the how to Get a Programmer Job book. I released it 1085 01:18:49.720 --> 01:18:54.039 a while back, but there were some updates I wanted to make to it, 1086 01:18:54.079 --> 01:18:56.760 so that'll come out next year, and I'm self publishing it so you'll 1087 01:18:56.760 --> 01:19:00.399 be able to just get it on Amazon or off of the website. What 1088 01:19:00.439 --> 01:19:04.680 are your picks? A picks? So I recently moved into a new house, 1089 01:19:04.720 --> 01:19:09.279 so I've been kind of setting up new house stuff. The pick I 1090 01:19:09.319 --> 01:19:15.760 will throw out is Ubiquities networking gear if anyone's looking for like house Wi Fi 1091 01:19:15.840 --> 01:19:23.399 networking gear. It's a pretty nice equipment that I've enjoyed. Nice. I've 1092 01:19:23.399 --> 01:19:29.520 heard that recommended rather ubiquitously whenever I look for networking gear. Yep, highly 1093 01:19:29.560 --> 01:19:33.600 recommended, slick, works well, easy to configure. Nice. All right, 1094 01:19:33.640 --> 01:19:38.119 Well, thanks for coming Jared, This was fun. Thanks for having 1095 01:19:38.119 --> 01:19:41.479 It's always interesting to dive into this stuff too. Well, we'll wrap it 1096 01:19:41.520 --> 01:19:43.359 up here till next time, folks. Max out