Add support for write.as profiles
Proposal to add support for write.as profiles.
This is possible using their public api: https://developers.write.as/docs/api/#retrieve-a-post
Proofs will be published in the form of a single post and the the ID of that post will somehow have to be included in the proof verification URL.
Issues to be solved
The API returns no data whatsoever about the user that published the post. We'll most likely have to include either the userId in the API URL or, preferentially, include the postId in the profile page URL.
Will work on soon.
I have not worked on it :/
So, taking a fresh look at it again. I have made a test post:
Problem: The API call needed is https://developers.write.as/docs/api/#retrieve-a-post, but the API call wants data that is not here, namely the post's ID (for the test post above: ktcwhjgy2zb8kleb).
Solution (hack #1): People would have to include the post ID in their identity claim, which is not great.
So the identity claim would become: https://write.as/yarmo?postId=ktcwhjgy2zb8kleb
Now, the DOIP library can properly make the API call: https://write.as/api/posts/ktcwhjgy2zb8kleb
Problem: the API call's response contains no data about the user. This means that impersonation is as easy as taking someone else's postId and append it to your username (for example, https://write.as/imposter?postId=ktcwhjgy2zb8kleb would show as verified!)
Solution (hack #2): the post also needs to contain the username against which we can test the username in the claim.
I'll be honest, as much as I want to be able to verify WriteFreely accounts, this specific verification process would require two hacks, both of which are easy to do wrong and have potential bad consequences.
Hopefully someone sees a better solution that I don't
Deleting a branch is permanent. It CANNOT be undone. Continue?