#Loqipagination is a UI pattern for navigation across (typically chronologically) sequential pages that show one or more posts such as permalink post pages, archives, search results, and lists of tagged posts https://indieweb.org/pagination
#ZegnatDon’t start by fixing whitespace. I just did it because this PR was touching most lines of index.php anyway. If you are also already touching most lines, that’s when you can make sure all of them comply.
#Zegnatsknebel, here I thought you were getting good at reading PHP ;)
#ben_thatmustbemeEveryone has to look up like every function in PHP. Such an inconsistent language
#sknebelZegnat: "reading" and "reviewing" is a difference, since for reading you can skip/skim a lot of stuff and assume it'll do what you think it does
#ZegnatAnd even if you read the docs, my input_filters were failing for the longest time because I misread the way they expected the nested arrays.
#ZegnatWhich is why I do like this review setting on GitHub :)
#sebselSo with this new warning, do I still have to state I'm okay with the licenses?
#ZegnatI would say that the moment you accepted the invite you agreed to the licences
#Zegnat(Lets be honest, all the licence stuff are just guestimations anyway until you are big enough to get a lawyer on board)
#sknebelwhich brings me to the question of "tests?". at least for pieces like the validation
#ZegnatThe functions I wrote should work 100% stand-alone, so we could take the code signing/verification as well as the content negotiation functions out and write tests for them
#ZegnatThe problem is that you will be adding more files to the repository again. While the base idea was to have just the index.php file with the optional setup.php for setup.
#sknebelis "download the entire repo" so much easier than "download these two files"?
#ZegnatYes. GitHub gives you a button to download the repo as zip file
#sebselIsn't there an option to exclude files from the zip-file?
#sknebelyou can make a "release", there you can determine what goes in
#ZegnatI think there was ... maybe ... with .gitattributes
#sknebelthe download-repo button always is the full repo as far as I know
#Zegnatcan you pick and chose files there, sknebel? I thought releases at the same auto-generated zip? Releases do allow us to upload our own ZIPs alongside the autogenerated ones, that I know
#Loqi[sebsel] aaronpk I was trying to spin up my own instance of Compass, but it seems like my new auth endpoint does not play well with it (also not on your instance). It is not requesting any scopes, but if I read the code correctly, it IS asking the token endpo...
#Zegnatif the client making the request (e.g. compass) requests no scope – i.e. omit the scope property or have it as an empty string – it seems the endpoint should return an error
#ZegnatThat is also my reading of the spec linked by sknebel
#sknebelnot sure if that's valid for the token endpoint though
#sknebelbut at least I am now again of the opinion that my selfauth comment was right ;)
#ZegnatI am of two minds on this. There is no reason why selfauth can’t issue a code with scope, on the other hand, it is completely agnostic to what other tools exist so it can never make sense of any scopes that are requested
#aaronpkall it needs to do is show the scopes that are requested
#ZegnatRight now, scope is actually supported. It is shown to the user, and the user can accept them. The code issued by selfauth is signed with the secret, so a different token endpoint with the same secret can validate it and will then know that the user accepted whatever scope was asked for.
#aaronpkyeah, it's the authenticatioin layer on top of OAuth
#aaronpksimilar to how OpenID Connect is authentication on top of OAuth
#sebselIf I do not state my token endpoint in my rels, Compass works just fine, because it checks my auth-code with my auth endpoint, and I think it should do that anyway, since it does not request scopes.
#sebselseems like Compass also does not store the token, only the 'me' in it, in a session. So I am storing a token for compass, and it will request one every time I log in.
#ZegnatTime to go stateless, sebsel, go selfauth ;)
#sebselZegnat My seblog.nl/auth is already stateless, only my seblog.nl/token is not :)
#ZegnatI guess the problem with stateless is it becomes hard to retract access tokens
#aaronpksebsel: yeah that's kind of why i think compass shouldn't request a token, because all it;'s really trying to do is verify that you are at your computeer when you sign in
#sebselZegnat re stateless access tokens: yes, that's why I have what I have now. I already have JWT for /auth, so I could use it for /token too, but I like having a list of active tokens.