#sebselYeah, I'm not saying that's the best thing to do for SelfAuth, but those are two strategies to think about.
#ZegnatDefault list needs to come from somewhere. The Micropub spec hardlinks to https://indieweb.org/scope for “a list of all currently used values”. That’s why I would like to shy away from that. (My opinion can of course be changed, will see where the discussion goes.)
#ZegnatThe /scope seems very lackluster and not very list-y
#Loqi[sknebel] #26 Allow changing the granted scopes
#voxpelliFeels like the /scope needs to be extended with more examples especially – seems like a few here are using more scopes than documented there? Only me + aaronpk in there now
#Zegnatvoxpelli, I agree, especially if the W3 Micropub spec links to it for a list. I have nothing to add there though.
#sebselbut in the end, it's just the question of 'can I do this'?
#sebselThe app just hints what it thinks it might need.
#sebselI can also use scopes in Dutch, like 'bewerk' for 'update'. I just need to make sure to give the app the scope 'bewerk' if it asks for 'update'.
#sebselIt is my site that checks which operation is allowed by which app at what point.
singpolyma joined the channel
#voxpelliit's fairly good to try do standardize on a fairly limited set though so apps can clearly state what scopes they need for what operations and that way apps can be given as strict access as possible
#voxpellielse it can easily be that all apps are given all access and the point of scopes pretty much is lost
#voxpelli(not a problem with current indieweb generation, but with future generations and as things scale it can be)
#sebselalso: if the app knows which scopes it has, it can already anticipate a 403 if it did not receive a, for example, update scope.
#ZegnatYes, that’s why apps get a list of scopes returned to them when they verify the indieauth code. So they know exactly what scopes they were granted and follow through accordingly
#jeremycherfasAnyone got any good examples of styling webmentions from voxpelli’s Heroku app? I’d like to have a starting point with which to tinker.
#voxpellijeremycherfas: I assume you have looked at my voxpelli.com ;) Also http://www.kevinmarks.com/ shows what it looks like when you get a _lot_ of mentions
KartikPrabhu, KevinMarks, KevinMarks_ and [kevinmarks] joined the channel
#seblog.nledited /scope (+2) "/* Scopes used by IndieWeb apps */ OwnYourGram now asks for create" (view diff)
KevinMarks joined the channel
#[kevinmarks]My styling is not exactly good, but it is different from voxpelli's
#jeremycherfasVoxpelli The classes on your webmentions differ from the ones I got in the examples. Is that because you are using bleeding edge?
#jeremycherfasKevinmarks: Thanks. Will get there in the end
j12t joined the channel
#voxpellijeremycherfas: Was a while since I worked on that specific code, it may be that I cleaned up the class names in bleeding edge (better not to use bleeding edge right now though, it's a work in progress to support Salmentions)
#jeremycherfasOK. I’ll go with the classes I have in examples.
KevinMarks_ and KevinMarks joined the channel
#dgoldsorry to ask such a basic question but, checking for either scope 'create' or scope 'post'
#ZegnatI don’t know what your $scope variable looks like
#dgoldscope is from indie-auth response - I'm trying to do a check so that if the scope has neither 'create' nor 'post' then the endpoint serves a 403
#Zegnatif (strpos($scope, 'create') === false && strpos($scope, 'post') === false) { /* the string 'create' and the string 'post' do not exist in $scope */ }
#Loqizegnat has 23 karma in this channel (121 overall)
#Zegnatstrpos could have false positives, e.g. a scope "imposter" would have matched as including "post". This way you get around that.
#ZegnatIf for whatever reason I made a typo in that code or it ends up not working you know where to find me ;)
#dgoldthe !notation and either/ors make my head hurt
#Zegnatin_array() will give false when the string isn’t there, and in this case you want to test for the false result so you need the ! (or `=== false` comparison). And then you want to do that twice and not have it exit after the first test (thus &&)
[miklb], j12t, KevinMarks_ and eli_oat joined the channel
#jeremycherfasVoxpelli: Is there a way to test whether the script that pulls in webmentions contains anything, so I can modify the display conditionally?
KartikPrabhu, [miklb] and KevinMarks joined the channel
#voxpellijeremycherfas: don't think so with current version, add an issue and I'll try to make it so eventually :)
#dgoldaaronpk: sorry to ask such a question but; if i'm indieauth'd onto one site - example.com, and micropubbing to that site, and I need to upload to a media endpoint - media.example.com - is that a separate 'login'?
#schmartydgold: the media endpoint should accept the same token as your main micropub endpoint
#dgoldthat's the bit I'm not understanding, schmarty
#dgoldlooking over the endpoint aaronpk posted to github - I can't see where that logic resides?
#sknebelZegnat: right, we should look at moving your draft over again, or at least large parts of it. or wait for the spec, cross-check everything and then?
#ZegnatWaiting for indielogin.com might make sense. Note that I did add a pretty clear note on top of https://indieweb.org/IndieAuth with one of my last edits :)
KevinMarks joined the channel
#ZegnatThat note isn’t in my draft page, because hopefully the draft page wouldn’t need such ntoes
#sebselIt's actually easier in CMS plugins, because you just need to call header(), instead of asking the user 'add this to' or finding the right hook to do so.
#ZegnatI think it is great to be able to tell to people to copy an HTML link element for set-up. But for development headers are so nice and easy. Get them through a HEAD request, add them to server config and instantly have them available site-wide.
#sknebelwell, the auth_endpoint you odn't need sitewide, but still, no editing templates
#ZegnatAnd unlike with webmention endpoints where you might want to really scope it to separate pages, I think most people will just use a single authorization-endpoint for everything so it could be added to server configs without any penalties