#[eddie]Uh oh, my micropub posts have been randomly failing 😞 Ever since I introduced my weather module… I think I must not be handling weather API failures well 😞
#[eddie]Good news I dump every micropub request to a log file immediately upon receiving it, so I still have all the data available, I’ll just have to manually repush some of the data through my micropub endpoint
#AngeloGladdingGWG thanks. Can't figure out how to approach the idea of letting Alice click a bookmark button on an article on Bob's site and have Alice redirected to a pre-filled "Create bookmark" UI on her own site. Bob's site shouldn't have or need `create` scope nor can he have the option of leaving out `post-status=draft`.
#GWGIsn't Bob's site acting as a client in this scenario?
#GWGI've never tried to implement what you are suggesting, but why not have a scope that only allows drafts to be posted?
#Ruxton^-- So i wrote a script that steps through Indieweb sites hunting down images and creating a best-nine. The major issue is people are either not using rel="next" or in the case of Known, it's implemented backwards (prev is actually next)
#Ruxtonso, if I look for next and it exists, you drill down, if you look for next and it doesn't exist, you switch to prev and drill back, you can't do that with Known.
#KartikPrabhumy homepage has no rel-prev or next too
#KartikPrabhuin any case, I am not sure prev and next imply chronology. and I haven't seen any spec that says they imply chronology
#Ruxtonyou're correct, they imply document sequence, if you want to implement chronology backwards, then providing a "next" on the homepage breaks that
#KartikPrabhuno, it is next in the rev-chronology order
#Ruxton"A document with no previous sibling is the start of its sequence"
#KartikPrabhuRuxton: still does not imply chronological sequence
#aaronpkIn a reverse chronological sequence i would assume the first page I see is the last page in the sequence so rel=prev would give me the "next" page in the reverse chronological ordering
#Ruxton" a document with no next sibling is the end of its sequence."
#aaronpkIf Known is doing that then I'd say that specifically is the bug rather than trying to imply anything about time order
#KartikPrabhuok maybe I got confused about the two issues
#aaronpkRegardless of time ordering, you should be able to determine whether a page is the start or end of the sequence based on the presence of a next or prev link
#tantekthe burden should be on provider devs, not millions of users
#ZegnatNo. My point is the wiki has *never* referred to its login as IndieAuth. Quill and Telegraph are examples of websites that have always referred to IndieAuth. Those last two *require* the extra link.
#ZegnatBut I can spin this off into an issue for discussion in a bit :) Will mention you so you’ll find it in your GitHub notifications when you have time
#tantekZegnat: "wiki *never* claimed to use IndieAuth" is false or at best obstinately misleading / narrow interpreting a particular view of the IndieAuth naming debacle (.net service vs protocols etc.)
#tantekthat's a historical fact and you (nor anyone) gets to change that
#ZegnatYeah, I’ll make sure to link to older wiki pages in the GitHub issue. At some point IndieAuth was changed from being “an implementation of Web sign-in/RelMeAuth with an HTTP API” to being “an identity layer on top of OAuth 2.0” (from spec).
#tantekI'm not linking to older wiki pages above in my citations ^^^ those are the current instructions
#ZegnatThose are current instructions under the specific header for using IndieAuth.com, and also incomplete instructions per IndieAuth spec.
#ZegnatThe whole discussion is about how those instructions are outdated with the new spec. So I am saying change the instructions, and you are saying change the spec.
#tantekif the current spec forces every user to add a second item of configuration then it is broken from a usability perspective and very much not fine
#tantekwe don't need to repeat that fragile mistake of openid 1
#ZegnatI am just not sure how you would codify the fallback if no auth-endpoint it linked into the spec, without discouraging implementers.
#ZegnatI don’t agree there. If you start a spec as something almost nobody wants to implement it is irrelevant how easy it is for users. You are not going to see adoption.
#tantekif you start a spec without an implementation first or at least a prototype you are pursuing an aspirational spec and it's likely to fail regardless
#tantekthat does not apply to the current situation
#tantekwe spec'd both relmeauth and indieauth only *after* we had working implementations that demonstrated implementability
#tanteknearly no one (outside academic / research circles) makes up a spec then hopes for impls
#ZegnatAnd I am saying the IndieAuth spec is doing just that because it reflects how everyone who says they do IndieAuth has implemented IndieAuth: without RelMeAuth fallback ;)
#tantekno, the first implementation (for the wiki) did relmeauth and that was essential to get adoption
#ZegnatI for one would never have written an IndieAuth implementation if it had to offer a RelMeAuth fallback... the only fallback I can imagine supporting is on mailto:-links, and that’s not useful for most people.
#tantekthe others have a fraction of the adoption, that's the point
#ZegnatYes, I get your point. You are saying that even though IndieAuth spec is used by the wiki to communicate with IndieAuth.com, and this spec does *not* include RelMeAuth, because the IndieAuth.com interface does allow RelMeAuth that should be considered as part of the spec.
#tantekthe non rel-me uses are <1% noise in comparison currently
#tantekso to use them to justify an argument is very unscientific
#tantekand worse to make life harder for the 99% of rel=me users
#tantekcertainly not very empathetic, and self-defeating per the openid example
#ZegnatI’ll open the issue against the spec and link to this chat, do not want to give the impression that I am rephrasing or changing your opinion in the issue itself :) Thanks for the discussion!
#tantekZegnat I think the miscommunication is that you are trying to be strictly logical with your argument, and I am making an argument from the point of view of actual usage
#Loqibest nine is a popular aggregation and summary post practice on Instagram, supported by services like https://2017bestnine.com/ which only ask you for your username then return a 3x3 grid of your 9 most liked photos https://indieweb.org/best_nine
#ZegnatIt also doesn’t help that my mind has already set in the wiki-uses-web-sign-in and micropub-clients-use-indieauth paths, tantek. Which means I have a very hard time treating the wiki as something that uses IndieAuth.
#tantekZegnat except that the wiki documents itself as using indieauth
#ZegnatBut my mind being set that way doesn’t make your argument invalid, which is why I do think this should be discussed in relation to the IndieAuth spec
#tantekso I'm not sure how you set your mind in contradiction to what the wiki has said and taught people for years
#ZegnatBecause the login page of the wiki has never told me it was using IndieAuth. The external service used being called IndieAuth has never made me consider the tech as also being called IndieAuth.
#tantekthe login page? that's just one part of the login flow which says IndieAuth all over itself
#tantekyes most login UIs don't say what they're using until you start the process. often they just have a "Login" link
#ZegnatAh, interesting, thanks for the comments [eddie], Ruxton.
#LoqiZegnat: [eddie] left you a message 4 minutes ago: Thanks for creating the issue on GitHub. Great place for me to be able to add my thoughts to the discussion 🙂
#ZegnatThat definitely needed to be pointed out, though I don’t think that changes anything about my personal feelings against declaring a specific fallback.
#Ruxtonwelll.. it maybe points out an issue in the spec, in that the idea of authentication, is tied to authorization tokens. Authentication alone doesn't need that stuff
#Ruxtonor just that the terminology is easily confused
#ZegnatThe soon is definitely the reason I halted updating the /IndieAuth wiki page
#aaronpkIt’ll same code tho so any text changes on that prompt will still be useful
#[kevinmarks]Don't the "comment with facebook" widgets create comments on a post pointing to the current page though?
#ZegnatI think my main issue with RelMeAuth, as an implementer, is that I need to register my client with every OAuth provider separately. I commend aaronpk for tackling this with indielogin.com, but I just don’t see other people doing the same thing.
#ZegnatI foresee this will cause partial implementations or an indielogin.com monoculture. Both undesirable.
#aaronpkAlso the point you mentioned about there not actually being any providers in common between the user and the site they’re logging into necessarily
#aaronpkI want to make a new IndieAuth server just so there are more options than indieauth.com
#ZegnatHow do you mean? A second service? A replacement?
#aaronpkA second one that doesn’t do RelMeAuth at all
#aaronpkEither local accounts or proxying to something like google
#ZegnatI’ve been thinking about a local accounts one. Basically selfauth-as-a-service. Then offer 2FA and login history, which is hard to support in an easy to set-up 1 file IndieAuth implementation.
#ZegnatBut if you are using XRay (either as library or hosting it as a service) you can just clone my repo’s YouTube branch and do not have to change anything else
#grantcodesHey aaronpk is there any way of getting a list of subscribed feeds via the microsub api yet? I'm trying to build a settings ui for channels so you can see what you are subscribed to and unsubscribe easily.
#ZegnatWow. Looks like YouTube playlist API does not include the separate video authors. Just puts the playlist author in there.
#ZegnatSo you need to make a separate call for every video in a playlist to get that. And then for every author you find another call to retrieve their actual information.
#ZegnatOh, I just noticed the login prompt on indieauth.com that is currently used by the wiki has exactly the same text as used to be on the wiki itself :) It calls its own login /Web_sign-in
#ZegnatI guess the only “branding” on the login page is the big IndieAuth.com in the header, which is about the change anyway.
#grantcodesaaronpk: Another monocle question before it gets deprioritized :P Does the channel delete method work? I just keep getting 500 errors "Whoops, looks like something went wrong."
#grantcodesLike so: "https://monocle.p3k.io/microsub/2?action=channels&name=New+Demo+Channel1&channel=a9KsqZ1gaCmU5tkrcBRQWGpsndqkhyR1"
#aaronpkhopefully as post body params, not query string
#aaronpkthat definitely should not create a new channel. i'm looking at the code trying to figure out how it would. I'll try to fix these on the plane.
#grantcodesHmm that might be it 🤔 other post requests work, so not even checked if that was the problem.
barpthewire, cweiske, snarfed, KartikPrabhu, [kevinmarks] and [chrisaldrich] joined the channel
#Zegnataaronpk, I like the way you split up fetcher and parser in XRay. I just finished rewriting the fetcher part of my YouTube format. Much easier to now work with the data than with YouTube’s actual API output :D
#ZegnatI just updated my parser to also understand m. links, the mobile ones. Totally missed those the first time
#[kevinmarks]They redirect the country domains to the com
#ZegnatApparently there used to be some sort of hash-bang Ajax-y URLs too, but haven’t seen those in the wild yet. Same with localised subdomains (language code? country code?).
#ZegnatAlright, added some more possible URLs. I think this should cover most things. Only need to update the parser to build feeds and we’ll have jf2 YouTube feeds!
bengo, [tantek] and [cleverdevil] joined the channel
#[tantek]Good discussion on indie auth issue 12 by everyone. Definitely making me rethink both naming and the number of different pieces and what different parties expect each to do
#[tantek]I both like the name “IndieAuth” has been colored by the “makes it easy to login to the indie web wiki” aspect from years of documentation and blog posts etc
#[tantek]OTOH “IndieAuth” as a protocol for authorization using an independent website also makes sense
#[tantek]Also the authn vs authz distinctions made make sense. Which makes me wonder if those should make their way into names?
#[tantek]And if the protocol uses beyond the wiki are primarily or only authz (per the thread) then maybe the “minimal” protocol (that doesn’t include relmeauth) could make that explicit as IndieAuthz?
#[tantek]Then an IndieAuthn (also as a protocol) could otoh be inclusive of RelMeAuth as a fallback to do authentication
#[tantek]These are off the top of my head informal brainstorming thoughts I expect critique/pushback hence not adding it as a concrete comment on the issue
#GWGI have wanted to replace the authentication endpoint in Indieauth with the WordPress login for a while.
#GWGI wrote my first unit tests for Indieauth. Once I finish I would like to use the same tests in the Micropub implementation. Would you be able to comment on them? I always need more unit testing feedback.
#tantekaaronpk I agree with those preferences for users
#tantekthings like UI, services (domains / URLs) that users sign-up with, or happen to get delegated to
#tantekhowever the dev / IETF / protocol heads prefer more jargony terms because they feel like jargon = more precision (whether it does or not), and such jargon acts as a shibboleth for those "communities"
#Loqijargon is a specific unobvious word, concept, or technology (like Webmention), or re-use of a word to mean something other than its common meaning (like feed), or sometimes re-using a word as an acronym (like POSSE) https://indieweb.org/jargon
#gRegorLoveSounds like a good reason to use "login" or "signin" all the time, heh
#tantekgRegorLove: not if your goal is developer appeal and adoption. developers love shibboleths because it caters to a sense of inclusion or exclusivity
#gRegorLoveI'm in favor of pushing back against that exclusivity, personally.
#tantekgRegorLove: in general I agree. but if the goal is getting say, IETF acceptance as an RFC, or uptake among the OAuth / websec crowds, then shibboleths essentailly act like good marketing to them
#[kevinmarks]I registered canihaz.me and web-it.me last time we talked about this
[manton] joined the channel
#ZegnatJust stopping by on my way to bed, but wanted to comment on: “if the [IndieAuth] protocol uses beyond the wiki are primarily or only authz (per the thread)”. Are they though? As sknebel pointed out in the issue Telegraph’s usage is authn. So is my implementation in Sink. Micropub clients definitely are in it for the authz but there are non-Micropub
#Zegnat IndieAuth implementations out there already.
#Zegnat(sebsel’s implementation may also be authn only, not too sure.)
#ZegnatShould probably put that in the issue and not here. Oh well. Tomorrow.