#ZegnatI still need to do the write-up. But if anyone ever needs to login to a Micropub client again but doesn’t want IndieAuth set-up, hosted version of the gist I linked: http://wiki.zegnat.net/media/token-provider.php
#Zegnatraziellight++ thanks for prompting me to make a shortcut around requiring full IndieAuth before being able to test Micropub.
#ZegnatThat is pretty sparce. Introduces another endpoint (I would personally avoid that? But maybe that’s good? Not sure.) and it just POSTs the known token to it to get it revoked.
#aaronpkWell it says the method of finding the endpoint is out of scope so we could reuse the same token endpoint
#aaronpkalso says client authentication should be included but since we only use public clients we wouldn't need that. We could say that the client should include its client id tho
#aaronpkwe could also say that the method of finding the token revocation url is to take the token endpoint and append a query string parameter like action=revoke
#ZegnatThat could work. You probably want something to differentiate the revoking from the requesting. Else it comes down to “if you receive a POST with the parameter token, revoke the token specified in the parameter”.
#ZegnatAt least that is the entire transaction as far as RFC7009 seems to be concerned
#ZegnatIt doesn’t conflict with any of the current spec’ed requests, true, as those would use access_token as a parameter. But it does feel a bit iffy, imho
#aaronpkThe only post request to the token endpoint right now is with an authorization code right?
#ZegnatYes, sorry, access_token is used in response
#aaronpkYeah I can't decide whether being explicit by adding the query param is necessary or if that adds too weird an extra aspect to it
#ZegnatThe query param can be seen as explicitly creating the separate endpoint, I guess. So how serious do you want to take the “additional endpoint” aspect of RFC7009
#aaronpkin other news, let's see if i can finish up this podcast publishing client so i can publish the next episode of Percolator
#ZegnatFiled an issue against two Micropub clients and a Micropub server today. Made a tool for bypassing IndieAuth for Micropub clients. And I still do not use Micropub! Haha. That should be my todo for IWC Berlin, I guess.
#ZegnatConfirmed working with shpub and Omnibear, and works perfectly fine from localhost for those local clients. So hopefully people will find it useful.
#Loqizegnat has 32 karma in this channel (137 overall)
#Loqi[eddie]: snarfed left you a message 19 hours, 42 minutes ago: as you all have noticed, following/reading/post propagation between indieweb and fedsocnets is definitely the biggest hole in bridgy fed that still really needs to be nailed down
#Loqi[eddie]: snarfed left you a message 19 hours, 42 minutes ago: you all have researched more than me so far, and i may not prioritize it myself near term, so i'd love your input! e.g. https://github.com/snarfed/bridgy-fed/issues/14
#sknebelZegnat++ that's a clever way of solving it!
#Loqizegnat has 33 karma in this channel (138 overall)
#ZegnatI just thought, hey, I have a little knowledge of IndieAuth, I can shortcut this ;)
#sknebelI thought about something in this direction, but didn't have an obvious good idea
#Loqiok, I added "http://wiki.zegnat.net/media/token-provider.php ([https://gist.github.com/Zegnat/9d3945f9b342d9b6af5ee33476003966 source]) is a small tool to complete an IndieAuth flow with a pre-determined token. Useful for testing (local) micropub servers with clients that expect to do full [[IndieAuth]] flow for auth." to the "See Also" section of /tools
#ZegnatUgh, of course there is /tools and it has sebsel’s gimme-a-token.5eb.nl on there ... I spent like 15 minutes looking for it in chat logs before.
#sknebelZegnat: oops. yeh, kind of tricky sometimes to rmemember where stuff is, especially if you don't want totally litter the namespace with "what is sebsels token thingy" "what is the token-thing", ...
#ZegnatI added it to obtaining-an-access-token which is linked to from a couple of IndieAuth pages
#sknebelA token is an identifier with which apps authenticate between each other, in Indieweb software you might be looking for [[access_token]] obtained via [[IndieAuth]].
#ZegnatIf you want to make it even more opaque, the IndieAuth access token is a Bearer token as defined by RFC 6750 and is bound to the character set defined for it there ;)
#ZegnatSorry I didn’t have time to PR dgold. Your solution seems right. HTTP/2 will send all headers lowercased anyway IIRC, so lowercasing seems a good idea.
#Zegnatdgold, any reason for using fwrite and file_put_contents for writing to the same place?
#dgoldZegnat: the real answer is that I'm still (re)learning PHP
#dgoldI haven't done any PHP coding since ... Zend 1.0? That was PHP 3 -> 4, right?
#Zegnatgetallheaders() returns an array or false. Best is to just do $headers = getallheaders(); (without the encapsulating array() you have now) and exit() early if($headers === false).
#ZegnatThen all headers are just a single flat array within $headers for you to work with. Get rid of the extra ['0'] you have everywhere now.
#dgold(tempted to use a 418 error for failing to send headers)
#ZegnatAh, that’s just setting $data to an empty array. That’s not really a problem, especially since otherwise $data may not get set at all (as json_decode happens within an if).
#dgoldyeah, that's why I originally set it that way
#ZegnatYeah, so you will want it to be set. array() is fine there. Or just [] if you are on a modern PHP version, not sure what versions you want to support
#ZegnatI might try to get some people to show me docker and some VPS management stuff at IWC, so I can start working with whatever PHP version I want rather than what my hoster cares to provide
#dgoldi have to say, I really like nginx. created an apache instance recently to experiment with piwik, and found the experience much more difficult over nginx
#ZegnatI kinda wish I didn’t need to know any of it. But none of the hosting services so far keep up with PHP updates the way I would want them to. So I see no other option then to go self-managed.
#sknebelor get something packaged for heroku and put it next to the rest of mf.io
#sknebelhas anyone heard from glenn in like the last half a year? afaik it was running on his server, and e.g. my PRs against the the parser are also still open
#dgoldZegnat: does that latest commit do the necessary?
#Zegnatdgold, you will want to do the $headers === false check before you do array_change_key_case(). Otherwise array_change_key_case() is going to error because you can be passing it false instead of an array