No internet connection
  1. Home
  2. Development

Talkyard Roadmap 2020

By KajMagnus @KajMagnus2020-03-01 08:00:13.533Z2020-08-23 13:41:38.652Z

Here's what's next for Talkyard, in no specific order (except for "Sooner" and "Later").
Feedback is welcome; you can add comments below.
Old roadmap, from 2018: https://www.talkyard.io/-171/talkyard-roadmap-2018-11-26

Sooner:

Later:

  • New topic type: Event. So you can add events to your community, with location, date-time. Maybe RSVP.
  • StackOverflow style Reputation points and Up-Down-vote buttons.
  • Sub categories.
  • Rich text WYSIWYG editor. Non-tech people think Markdown+preview is confusing. Use ProseMirror — it can switch between Markdown and rich-text-WYSIWYG.
  • 13 replies
  1. R
    Johannes Hass @rhywden2020-04-12 20:41:03.408Z

    Eminently important for schools and teachers: A proper authentication scheme. OAuth (at least only for Facebook and the like) is strictly Verboten in the EU (and it's also not feasible to have our teachers and pupils sign up for completely unrelated services).

    For my school, for example, everything that's incapable of authenticating against our single source of truth (an on-premise LDAP server) would be a very hard sell. Now, I can whip up a custom OAuth server, I can create custom APIs which provide auth against that server but currently I'm at a bit of a loss how to do that with Talkyard.

    1. KajMagnus @KajMagnus2020-04-16 04:48:47.730Z

      Seems that's important yes — I updated the list above now, and mentioned OpenID Connect, OIDC.

      OIDC is built on top of OAuth. You mentioned an on-premise LDAP server — is it OpenLDAP? Does it support OIDC?

      You mean students are not allowed to login with Gmail or Facebook to their schools? I hadn't heard about that before

      1. RJohannes Hass @rhywden2020-04-16 11:46:38.137Z

        Hey, yes, it's OpenLDAP. It should support OIDC but I haven't got full control over its settings - that was done by a vendor we got our school management software from (we're a bit understrength when it comes to IT support so we have to take care what services we provide ourselves and what is done by external personell).
        However, I can state that 3rd party services such as Moodle or Nextcloud have no problem authenticating against the server. But even if it weren't - I could setup an auth server which could act as a middleman.

        And, yes, strictly speaking all European students (in principle, I can only speak for Germany, though) would be covered by that. The reason is the EU's GDPR - basically, you're required to do only minimal data collection, only as much as you need to. And requiring pupils to sign up for a 3rd party service which, let's face it, is about the absolute antithesis of data protection (Facebook/Google) would be blatantly illegal. That's why we're hosting as many services as we can on-premise.

        1. KajMagnus @KajMagnus2020-04-27 14:43:03.945Z

          Hi Johannes, sorry for the late reply, ... I've starting reading about OIDC and ways to add it to Talkyard (there are some different OIDC client libs to choose among).

          Ok, yes, requiring pupils to sign up for / with a 3rd party service, that'd be weird. Sounds good that you (and schools in general?) use your own :- )

    2. C
      In reply toKajMagnus:
      @crc322020-04-13 14:45:37.076Z

      I've just started using Ty and it's great. The anonymous questions feature is something that would be incredibly useful.

      1. KajMagnus @KajMagnus2020-04-16 04:49:35.336Z

        I'd love to build it (the anon questions feature) — so many things to do for the moment :- P

        1. C@crc322020-04-17 06:00:53.577Z

          I understand. Thanks for the massive amount of work you've done already! It's a fantastic piece of software.

      2. J
        In reply toKajMagnus:
        Jon Altschuler @jonalt2020-07-07 20:36:53.866Z

        Just started using TalkYard and love the flexibility and capability of the software.
        One thing that would really improve the user experience is the addition of a rich text editor for the posts. PLEASE prioritize this as its currently painful for people to add links and other formatting.
        Keep up the great work!

        1. S
          In reply toKajMagnus:
          @scorsair2020-08-26 11:58:03.488Z

          Hello guys!
          Looking forward for OIDC support. I think it is a major update for on-premise installations. If you need some help to test OIDC support with Keycloak just PM me.

          1. KajMagnus @KajMagnus2020-08-26 20:31:35.011Z

            That'd be lovely! Working with OIDC right now (works but things left to do, e.g. refactoring "ugly code", admin settings, auto tests — which will run against Keycloak b.t.w.).

            I'll message you next week or the week after probably.

            1. ORoman Hatsiev @otstrel2020-08-28 18:09:34.965Z

              Will migration of existing deployments to OIDC be supported in sense that existing accounts will be used with new authentication method?
              I may also be willing to assist with OIDC testing, should you need more test subjects please feel free to reach out to me. Thanks!

              1. KajMagnus @KajMagnus2020-08-29 05:57:39.533Z

                How would you want the migration to OIDC to work?

                By default, it'll work, yes, like so:
                If someone logs in via OIDC, with an email (from the OIDC user-info endpoint) that matches an existing Talkyard user account email addr,
                then that already-existing account will get reused (the one who logs in via OIDC will log in to the old before-OIDC account).

                Some things to think about:
                Should that person thereafter be allowed to login both via OIDC and the old way to login?
                Should OIDC co-exist with other ways to login? E.g. a company's employees log in via OIDC, but there's also Gmail, GitHub, FB, etc login for the company's users and customers?

                I suppose such things will need to be configurable.

                Looking at Keycloak, seems one might want "lots of" config options to specify how the first logins / migration should happen:
                https://www.keycloak.org/docs/latest/server_admin/#_identity_broker_first_login

                ***

                may also be willing to assist with OIDC testing

                Yes that'd be great :- ) and maybe good for you too so nothing unexpected happens if you migrate old user accounts to OIDC.

                1. EJoseph Elsherbini @elsherbini2020-09-06 15:57:24.876Z

                  I'm also very willing to try to test keycloak stuff, specifically the roundabout SAML integration.