Talkyard Roadmap 2020
Here's what's next for Talkyard, in no specific order (except for "Sooner" and "Later").
Feedback is welcome; you can add comments below.
Old roadmap, from 2018: https://www.talkyard.io/-171/talkyard-roadmap-2018-11-26
Improvements for Schools and Teachers: https://www.talkyard.io/-338/improvements-for-teachers-and-students.
Includes: invite links with pre-defined group membership, user badges, anonymous questions, etcetera.
Improve the UX, fix bugs / annoyances: https://www.talkyard.io/-334/potential-ux-improvements
External links previews, e.g. Twitter tweets. Currently doing this (June 2020).
Basic theming. User friendly way to edit colors and make one's Talkyard site look like a part of one's website. Slightly started.
OpenID Connect (OIDC) login support — will work with Keycloak, Azure AD, Okta etc. Talkyard would be a Replying Party (RP); those others would be Identity Providers (IDP:s).
Currently doing this — testing with KeyCloak (May, June 2020)
Backlinks, test: https://www.talkyard.io/-326/feature-consideration-backlinks (you should see a link back to this page)
- New topic type: Event. So you can add events to your community, with location, date-time. Maybe RSVP.
- StackOverflow style Reputation points and Up-Down-vote buttons.
- Sub categories.
- Rich text WYSIWYG editor. Non-tech people think Markdown+preview is confusing. Use ProseMirror — it can switch between Markdown and rich-text-WYSIWYG.
- 13 replies
- RJohannes Hass @rhywden2020-04-12 20:41:03.408Z
Eminently important for schools and teachers: A proper authentication scheme. OAuth (at least only for Facebook and the like) is strictly Verboten in the EU (and it's also not feasible to have our teachers and pupils sign up for completely unrelated services).
For my school, for example, everything that's incapable of authenticating against our single source of truth (an on-premise LDAP server) would be a very hard sell. Now, I can whip up a custom OAuth server, I can create custom APIs which provide auth against that server but currently I'm at a bit of a loss how to do that with Talkyard.
- KajMagnus @KajMagnus2020-04-16 04:48:47.730Z
Seems that's important yes — I updated the list above now, and mentioned OpenID Connect, OIDC.
OIDC is built on top of OAuth. You mentioned an on-premise LDAP server — is it OpenLDAP? Does it support OIDC?
You mean students are not allowed to login with Gmail or Facebook to their schools? I hadn't heard about that before
Hey, yes, it's OpenLDAP. It should support OIDC but I haven't got full control over its settings - that was done by a vendor we got our school management software from (we're a bit understrength when it comes to IT support so we have to take care what services we provide ourselves and what is done by external personell).
However, I can state that 3rd party services such as Moodle or Nextcloud have no problem authenticating against the server. But even if it weren't - I could setup an auth server which could act as a middleman.
And, yes, strictly speaking all European students (in principle, I can only speak for Germany, though) would be covered by that. The reason is the EU's GDPR - basically, you're required to do only minimal data collection, only as much as you need to. And requiring pupils to sign up for a 3rd party service which, let's face it, is about the absolute antithesis of data protection (Facebook/Google) would be blatantly illegal. That's why we're hosting as many services as we can on-premise.
- KajMagnus @KajMagnus2020-04-27 14:43:03.945Z
Hi Johannes, sorry for the late reply, ... I've starting reading about OIDC and ways to add it to Talkyard (there are some different OIDC client libs to choose among).
Ok, yes, requiring pupils to sign up for / with a 3rd party service, that'd be weird. Sounds good that you (and schools in general?) use your own :- )
- C@crc322020-04-13 14:45:37.076Z
I've just started using Ty and it's great. The anonymous questions feature is something that would be incredibly useful.
- JJon Altschuler @jonalt2020-07-07 20:36:53.866Z
Just started using TalkYard and love the flexibility and capability of the software.
One thing that would really improve the user experience is the addition of a rich text editor for the posts. PLEASE prioritize this as its currently painful for people to add links and other formatting.
Keep up the great work!
- S@scorsair2020-08-26 11:58:03.488Z
Looking forward for OIDC support. I think it is a major update for on-premise installations. If you need some help to test OIDC support with Keycloak just PM me.
- KajMagnus @KajMagnus2020-08-26 20:31:35.011Z
That'd be lovely! Working with OIDC right now (works but things left to do, e.g. refactoring "ugly code", admin settings, auto tests — which will run against Keycloak b.t.w.).
I'll message you next week or the week after probably.
Will migration of existing deployments to OIDC be supported in sense that existing accounts will be used with new authentication method?
I may also be willing to assist with OIDC testing, should you need more test subjects please feel free to reach out to me. Thanks!
- KajMagnus @KajMagnus2020-08-29 05:57:39.533Z
How would you want the migration to OIDC to work?
By default, it'll work, yes, like so:
If someone logs in via OIDC, with an email (from the OIDC user-info endpoint) that matches an existing Talkyard user account email addr,
then that already-existing account will get reused (the one who logs in via OIDC will log in to the old before-OIDC account).
Some things to think about:
Should that person thereafter be allowed to login both via OIDC and the old way to login?
Should OIDC co-exist with other ways to login? E.g. a company's employees log in via OIDC, but there's also Gmail, GitHub, FB, etc login for the company's users and customers?
I suppose such things will need to be configurable.
Looking at Keycloak, seems one might want "lots of" config options to specify how the first logins / migration should happen:
may also be willing to assist with OIDC testing
Yes that'd be great :- ) and maybe good for you too so nothing unexpected happens if you migrate old user accounts to OIDC.