#dev 2019-03-10

2019-03-10 UTC
#
gRegorLove
Aw, my poor notes feed.
#
[grantcodes]
Anyone around that has some complicated redirects set up for their domain fancy seeing if they can log in here? https://indieauth-lib-wip.glitch.me/
#
Loqi
[Aaron Parecki] Improving the HTML type="url" Field
#
aaronpk
tried with "http://aaronpk.com" and got "Error getting auth url, check logs"
#
Loqi
Aaron Parecki
KartikPrabhu and eli_oat joined the channel
#
[grantcodes]
Eh, can't be bothered adding clientside js to it, it is just echoing strings right for testing purposes
#
[grantcodes]
But I can see what's going wrong with your domain 🙂
[schmarty] joined the channel
#
gRegorLove
chrisaldrich, to answer your question yesterday, there's ~100 indiebookclub users on micro.blog
#
[grantcodes]
Ok, looks like I fixed that redirect issue, I got to your login page aaronpk
#
aaronpk
was that you that just clicked log in on my site?
#
[grantcodes]
Haha yeah
#
[grantcodes]
I was intrigued what it would do
#
aaronpk
sends a push notification to my phone :)
#
Loqi
[Aaron Parecki] Passwordless Logins for Your Website
#
[grantcodes]
Ah, I guessed something like that after it was just spinning
anth_x joined the channel
#
[grantcodes]
I want to set up something like that once I get around to building my own auth endpoint. But I'd like to try webauthn too
j12t, eli_oat, [schmarty] and [grantcodes] joined the channel
#
[schmarty]
grantcodes: looks like it's not following redirects for my shortdomain http://mmg.re
#
Loqi
Marty McGuire
#
[schmarty]
also definitely steal the auto-http:// javascript aaronpk posted. :}
#
[schmarty]
[dougbeal] i do websub on my static site.
#
[schmarty]
when i do a new site build it goes into a new directory and i use rsync to copy the files over. rsync has a mode that spits out a machine-readable list of what's changed.
#
[schmarty]
i grab all new and modified files from that list and do some string matching to grab the URLs that match pages with feeds
#
[schmarty]
then i build a request to superfeedr to ping that they've been updated.
#
dougbeal
grantcodes: I get a Missing code or state mismatch on https://crw.moe
#
[schmarty]
(i do the same thing to send webmentions, but i do a different filter to only grab post permalink pages)
#
[grantcodes]
If you got that far dougbeal then it worked, but currently broken on my end
#
dougbeal
schmarty: is there a github repo to peruse? Sounds like what I want.
#
[schmarty]
i don't think i have my hook publisher code published anywhere 😕
#
[schmarty]
oh i guess i do
#
dougbeal
Ugh, omnibear can't delete syndicateTo and authEndpoint from localStorage on chrome
#
dougbeal
Uncaught Error: Extension context invalidated
#
dougbeal
I guess that was trying to set a breakpoint
#
dougbeal
Shoujld micropub.rocks test for media query?
#
aaronpk
it does
#
aaronpk
wait media query? I thought you said media endpoint
#
dougbeal
I meant test for querying for latest upload
#
aaronpk
that's pretty new and I haven't added anything to micropub.rocks in a while
#
aaronpk
feel free to open an issue though
#
GWG
Adding basic displays to my code to show the inputs from special Quill posting types...
#
GWG
Event, Itinerary...
#
GWG
How does this look as a placeholder? https://wpdev.gwg.us/2019/03/10/4325/
[dougbeal] joined the channel
#
[dougbeal]
🛫 and 🛬 instead of bullets? 🙂
#
GWG
[dougbeal]: Future version.
#
GWG
This just allows it to display for now
#
GWG
I'm going to release so event and itinerary will work and tweak in future
#
[dougbeal]
Makes sense. Airline icons/logos work well for google flight search.
#
GWG
[dougbeal]: Also, itinerary supports other transit methods
#
GWG
Oops, made a minor error. Lucky I caught it.
#
GWG
There it is.
#
GWG
[dougbeal]: You can try the update now.
[eddie] joined the channel
#
GWG
Hello, [eddie]
#
[eddie]
Hey GWG
#
GWG
Late night Indiewebbing?
#
[eddie]
Well late night chat checking lol
#
[eddie]
Then it’s bedtime. 😴
#
GWG
I just finished something I committed to during a session last night
#
GWG
If you post an event using Micropub, it now does a basic display
#
[eddie]
Nice! Very cool!!
#
[eddie]
I’ve got AutoAuth fun waiting for me in the morning 😁
#
[eddie]
Private posts, here I come!
jeremych- joined the channel
#
GWG
I have to watch that
jeremych_ and kants_ joined the channel
#
[eddie]
AutoAuth session wasn’t recorded because not all the attendees were able to log into the Google Hangout so we did Jitsi and Recording wasn’t available
#
[eddie]
But we have some good notes on the session page
globbot joined the channel
#
GWG
Darn
gRegorLove, barpthewire and KartikPrabhu joined the channel
#
sknebel
GWG: always happy to talk about/explain AutoAuth
jgmac1106 and [jgmac1106] joined the channel
#
jgmac1106
zegnat my questgion is did I write the echo statements, I am saving the file with W (off to learn A and append) but I can’t dispaly the data
#
Zegnat
jgmac1106, I would do it like this, only echo the variables and keep the HTML as HTML: https://gist.github.com/Zegnat/c6709adf85c73315cb79daa769e5af0c
#
Zegnat
Nice thing about PHP is that you can start and end PHP code anywhere within HTML, so you do not need to care about escaping quotes and what not.
#
jgmac1106
ahh didn’t know that, thought echo had to be in front
ancarda joined the channel
#
Zegnat
For whoever was looking at JSON schema validation of mf2 objects ([grantcodes], jacky?) I just updated mine to reflect the latest additions to the spec (ids and image alts): https://gist.github.com/Zegnat/65ed9a9fb0546fb8c4aa0c0b790b8a40
#
jgmac1106
zegnat everything working…except my last variable, coming out blank, but thanks for the help…huge progress
NinjaTrappeur joined the channel
#
sknebel
hm, thinking about the structure of the AutoAuth document. Wondering if it makes sense to reorder it and start with just the server-to-server part, and then in a second section add the bits that allow a client to do it (vs an integrated component that doesn't need to)
#
sknebel
(am also in the jitsi room, but found it more helpful to type this out now)
#
Zegnat
I would almost want to see the diagram first. So it is easy to draw (even if just in your mind) a circle around “this is the part we focus on first”.
#
sknebel
sure, diagram is on the list too, looking for a good drawing tool for sequence diagrams right now
swentel joined the channel
#
sknebel
(a less technical one would also be helpful)
#
Zegnat
My sketch of the back and forth (slightly less technical) that I think is the important part: https://zegnat.net/tmp/diagdraft.jpeg
#
GWG
Morning all
#
Zegnat
Morning GWG
[jgmac1106] joined the channel
#
[jgmac1106]
Morning GWG
#
sknebel
What is a sequence diagram?
#
Loqi
It looks like we don't have a page for "sequence diagram" yet. Would you like to create it? (Or just say "sequence diagram is ____", a sentence describing the term)
#
[jgmac1106]
Yeah I love pencils and graph paper, best diagram tools I have found to date
#
Zegnat
It is just the paper->computer step that is annoying
#
sknebel
sequence diagram are diagrams showing the flow of messages/requests between multiple participants and are helpful to visualize protocols like IndieAuth.
#
[jgmac1106]
Yeah... That part stinks, that tool is really cool
#
Zegnat
I considered buying some of that “smart” paper that you can scan with your phone, but those pads are so overpriced
#
sknebel
sequence diagram << [https://bramp.github.io/js-sequence-diagrams/ in-browser tool to generate diagrams from a relatively simple text form]
#
Loqi
ok, I added "[https://bramp.github.io/js-sequence-diagrams/ in-browser tool to generate diagrams from a relatively simple text form]" to a brand new "See Also" section of /sequence_diagram https://indieweb.org/wiki/index.php?diff=57932&oldid=57931
#
[jgmac1106]
Especially as I have to explain any diagram in text for accessibility
#
[jgmac1106]
This would eliminate they need... Maybe... Wonder how screen readers hit it.
#
[jgmac1106]
.... Speaking of which I have to make step by step guide for the mf2 podcast videos I did
#
[jgmac1106]
Gwg whatchya working on today?
#
GWG
I released a new version of Post Kinds last night with bug fixes5
#
GWG
Gives a bunch of fixes before I move on to more fixes.
#
jgmac1106
any major UI changes? Do I need update tutorials video?
#
GWG
jgmac1106: Not this time. All under the hood.
#
Loqi
gwg has 42 karma in this channel over the last year (169 in all channels)
#
GWG
Eat and Drink from Teacup now map to the right kinds.
#
GWG
Itinerary and Event, if posted from Micropub, display in a basic way
#
GWG
Shrunk the size of the package.
#
GWG
Changed the icons to inline from sprites
#
Zegnat
I owe you a PR, GWG. Working on it
#
GWG
You do? It was more of an FYI
#
Zegnat
Might as well spare you the trouble
#
Loqi
[sknebel] #12 RFC: reorder document structure, putting client parts separately
#
Loqi
Ok, I'll tell them that when I see them next
#
sknebel
!tell aaronpk would love feedback from you on https://github.com/sknebel/AutoAuth/pull/12
#
Loqi
[sknebel] #12 RFC: reorder document structure, putting client parts separately
#
jgmac1106
borrowing from chrisaldrich’s idea of wanting to track h/t would this work: <p><span class=p-category" value="hattip"><a class="h-card" href="https://www.svenknebel.de">Sven</a></span></p>
#
jgmac1106
well Known strips away too much for me to do it manually so I hvae to do it like this: https://quickthoughts.jgregorymcverry.com/2019/03/10/js-sequence-diagrams-by-bramp
[schmarty] joined the channel
#
[schmarty]
jgmac1106 that makes the post include a tag of Sven. I don't believe anything currently understands a value attribute on span?
#
jgmac1106
okay makes sense then why Known would strip the value from span
#
jgmac1106
I ended up doing Sven as a tag and adding a top hat emoji
#
jgmac1106
ehy isn’t there a h/t emoji?
#
Zegnat
jgmac1106, https://web.archive.org/web/20181207213253/http://www.curatorscode.org/ tried to do icons fofr hat tips / vias / etc. But never caught on
khurt joined the channel
#
Zegnat
wonders why Known so aggresively strips html
#
jgmac1106
<—worries if I figure out this guestbook I will need to figure out my own notes next….the rich text editor there reaks havoc on micropub clients and I can’t use any HTML
#
jgmac1106
zegnat if I use GET instead of POST though then each entry technically gets its own URL correct?
#
Zegnat
But you also put all the personal info inside the URL, inside all visitors’ browser histories, etc
#
jgmac1106
okay something to think about…ahhh okay see why that is bad
#
jacky
I _think_ I'm more or less done with my 'group' idea
#
jacky
(pushing a fix for the icons + missing text)
#
jacky
having my address book built made this a lot easier since that's a light whitelist
#
jacky
(although anyone can provide a webmention to that page; it just won't show if they aren't on the list)
#
Zegnat
That sound correct jacky. If the group is public, people may want to refer to it (and thus end up sending webmentions to its URL), but only actual group members will trigger their posts being displayed
#
jacky
sweet
#
Loqi
Ok, I'll tell them that when I see them next
JohnL1 joined the channel
sandro_ joined the channel
#
jacky
yup I think I'm all good with my 'group' page!
#
jacky
I could work on adding some CRUD for my webmentions but ehe
#
jacky
does it by hand for now
#
GWG
Trying to decide if I should continue with Post Kinds enhancements or do some webmention fixes.
#
GWG
Maybe I should run a poll
#
jacky
ah that reminds me
#
jacky
I wanted to look if anyone implemented polling markup
#
jacky
I remember seeing something on the microformats wiki
#
jacky
like a `vote-of` kind of thing
#
jacky
makes a note to consider implementing that
#
sknebel
maybe take it as inspiration, but that' not fit to be implemented today
#
jacky
I was considering modelling that and rsvp logic
#
jacky
`in-reply-to` + `p-vote`
[tonz] joined the channel
#
jgmac1106
accidently posted to meta: stilll can’t figure out why everything but the note will display in this…ignore me trying to echo the file….that is the next problem for me to solve: https://gist.github.com/jgmac1106/c4cd4bef98acd88729289d9e4c3b9fe6
#
jgmac1106
where var6 should be returns an empty <p></p> but in other news displaying the results of text file. gonna play with that a bit
[eddie] joined the channel
#
[eddie]
Great job on the groups page jacky!
#
jacky
thank you!
#
sknebel
good morning [eddie]!
#
sknebel
[eddie]: https://github.com/sknebel/AutoAuth/pull/12 you can also see if that structure makes more sense for what part does what
#
Loqi
[sknebel] #12 RFC: reorder document structure, putting client parts separately
#
jacky
is hammering his heads on Phoenix sockets
#
jacky
once I get this going, I can play around with doing real time updates on my site
#
[eddie]
sknebel: Yeah that definitely seems more clear to me :thumbsup:
#
jacky
ah finally
#
jacky
my goal is to show a real time 'ticker' of successful authorizations
#
jacky
something like https://updown.io/ and how it shows real time checks
#
jacky
though I figure that's running off an average and not actually showing real time stats
#
Zegnat
Yeah, but wasn’t the idea that we wouldn’t have to return 4xx status for AutoAuth?
#
sknebel
ah, for the other case
#
sknebel
where you'd need to trigger a new request after the first has discovered the auth header
#
Zegnat
It is the WWW-Authenticate header that shows auth may be used, any of those 4xx would only be given when the page has a hard requirement for login
sketchess joined the channel
#
Zegnat
E.g. I do not want to return a 4xx for my h-feed everytime someone isn’t authenticated through AutoAuth. Wouldn’t make much sense
KidReese777 joined the channel
#
Zegnat
Well, this looks like I might be able to show it off at demos: https://wiki.zegnat.net/temp/concept.png
[kevinmarks] joined the channel
#
[eddie]
haha, nice!
jgmac1106 and [davidmead] joined the channel
#
[eddie]
sknebel: If I’m understanding this right, the main difference in the Token Request for the protected resource in AutoAuth is the existence of a callback_url
#
[eddie]
So when my token endpoint is determining whether it is an internal request or an external request, I check for the callback_url and if it exists, it’s an external request.
#
sknebel
main difference to what?
#
[eddie]
ohhh the me as well
#
[eddie]
That’s what I should key off of. If me = https://eddiehinkle.com/ it’s requesting a token AS me
#
[eddie]
if me is something else, it’s an AutoAuth request as someone else
#
[eddie]
Yep, exactly. Those are the two I was comparing and I was trying to determine the difference because my code has to differentiate
#
[eddie]
But AutoAuth as the callback_url, so I know it’s external and of course the me value changes to not be ME
#
sknebel
the main thing is probably the context information: root_uri, callback_url, ...
#
sknebel
me could technically be you
#
sknebel
if your reader wants to access private parts of your site
#
[eddie]
ohhhhh
#
[eddie]
that’s true
#
sknebel
and doesn't special-case that
#
[eddie]
that makes sense, so leave the me alone in that context
#
[eddie]
root_uri makes sense, so I should probably verify that the root_uri is under my ownership or else reject the request
#
jgmac1106
Okay I am off for the day, my demo will be recorded asynch…if I finish….getting close, but stuck now not even knowing the questions I need to ask, ultimate marker that you hit knowledge limit
#
jgmac1106
but heading to birthday party with the kids
#
[eddie]
Have fun jgmac1106!
jgmac1106 joined the channel
#
jgmac1106
yhx eddie great jopb this weekend
#
sknebel
[eddie]: so you're making private posts first? Guess we'll have to see if Zegnat's proxy still works, otherwise we have no way of trying to fetch content :D
#
Zegnat
Woops, and I got totally sidetracked by my assumptions idea from yesterday so haven’t touched the proxy
#
[eddie]
haha no worries and yeah I got confused and started working on the private posts 😆
#
[eddie]
No confused from the spec just confused inside my website
#
[eddie]
Maybe I should pause here and switch over to the authentication side! haha that way I can test something
#
jgmac1106
as far as I got: https://jgregorymcverry.com/guestbook.php saving to plain text, couldn’t figure out how to write save to either guestbook.html or guestbook.php and keep all the html formatting: https://jgregorymcverry.com/guestbook.php
#
jgmac1106
tried first saving HTML to the plain text file thinking I could just get all the data, didn’t work, then tried fwrite with one line for every line of html editing gustbook.html that didn’t work….more learning to do
#
jacky
after some fighting and chasing after my dog (today's her day but blergh), I got the rel-me verification happening on the fly now
#
jgmac1106
sweet jacky
#
sknebel
[eddie]: btw, if you see mentions of "base_uri", ignore those
#
sknebel
I just noticed that I forgot to remove some mentions of it
#
aaronpk
I was wondering about that
#
Loqi
aaronpk: sknebel left you a message 3 hours, 46 minutes ago: would love feedback from you on https://github.com/sknebel/AutoAuth/pull/12
#
Loqi
aaronpk: sknebel left you a message 2 hours, 39 minutes ago: found an error on https://www.oauth.com/oauth2-servers/device-flow/token-request/ - in the last example, it needs to say "expires_in" instead of "expires" (per https://tools.ietf.org/html/rfc6749#section-5.1 / https://tools.ietf.org/html/draft-ietf-oauth-device-flow-14#section-3.5)
#
Loqi
[sknebel] #5 Include fewer pieces in Access Token Callback?
#
aaronpk
oh dear thanks sknebel
#
aaronpk
dang it's wrong in the print book too
#
[eddie]
sknebel: Gotcha! Will ignore
#
sknebel
(it's a bit confusing how in AutoAuth the authorization endpoint acts towards the client like a token endpoint would in "normal" OAuth cases... gotta make a note of that somewhere)
#
aaronpk
i'm not sold on the name 'external_token' right now, but I haven't mentioned it yet because it still feels like we're solving the high level stuff right now
#
sknebel
you know what they say about naming things...
#
GWG
If I decided to add PKCE, how would I test it, save asking for a reviewer?
#
aaronpk
GWG: assuming you're talking about testing your server, you'd need a client that does PKCE. I probably have some sample code handy
#
GWG
aaronpk, just wondering if there was an existing client that did it
#
GWG
If not, I might put it off as lower priority
#
aaronpk
Alternatively you could bribe me into adding it to quill or something
#
GWG
aaronpk, out of blind curiousity, what sort of bribe do you accept?
#
GWG
Is there a price list on your website?
#
sknebel
I heard aaronpk needs taxes done :D
#
GWG
I assume this is barter, not actual currency exchange
#
GWG
I have a guy for that
#
aaronpk
mainly a promise that you will actually go use it then :)
#
GWG
aaronpk, how about this? If I write the branch first, then I will wait to merge it till something tests it.
#
GWG
Then the burden is on me first before you
#
GWG
Especially since I have to understand it first to try implementation
#
GWG
That may take time
#
aaronpk
is adding PKCE to indieauth-client-php
#
GWG
aaronpk, 4 people have PKCE on their issue list
#
GWG
So, we'll get it
#
Zegnat
Because conceptualising AutoAuth is hard, does this help? https://svgshare.com/i/BhB.svg
#
jacky
that works for me tbh
swentel joined the channel
#
Loqi
[David Shanske] First check-in using Indigenous.
#
swentel
woohoow :)
#
GWG
swentel, seems to have worked
#
swentel
GWG, PTD question. On your site, do you have notes with photos ? Or, basically, when a photo comes in, post kinds will see it as a photo post ?
#
GWG
If it has a photo property, it's classified as a photo post
#
GWG
Do you want to see my ptd code?
#
swentel
oh not necessarily
#
swentel
it's something I've been thinking about the last week
#
swentel
whether a) add a 'photo form' in indigenous. But I don't think I'll be doing that.
#
swentel
and b) to add that to Drupal
#
swentel
basically now, in drupal, you can map an incoming request to a content type. If it as title and content -> go to article content type. If no title and content -> note.
#
swentel
but I allow both to have photos too
#
swentel
so that's the part where I'm not sure. Add another option to optionally map to photo content type
#
swentel
or leave as is
#
swentel
funny thing is
#
swentel
now that I'm writing this down
#
swentel
it makes sense to allow mapping it to a content type. However, users can always map it to the same content type internally if they want.
#
swentel
maybe I think about this one too much :)
#
GWG
We all over think
#
swentel
absolutely
#
GWG
How's the refactoring going?
KartikPrabhu joined the channel
#
swentel
focusing on adding tests first (finally)
#
swentel
have some really basic tests now which test the UI on all post types
#
swentel
click note, fill in something, etc
#
GWG
Good
#
swentel
because it's getting tedious todo it manually
#
swentel
And I've missed things in past releases already
#
GWG
I now support itineraries from Quill
#
swentel
hmm where can you add that?
#
GWG
swentel, add that?
#
GWG
Only in Quill
#
GWG
Here's my test post
#
GWG
Also added Micropub events
#
swentel
GWG, well, yes, I'm in quill now, but I don't see itineraries
#
swentel
or is it because quill listens to my supported post types
#
GWG
swentel, probably
#
GWG
I haven't added in supported types.
#
swentel
damn, the irony
#
GWG
swentel, Micropub is allowing me to support post types without having to write the UI
#
GWG
Which helps due my Gutenberg concerns
gRegorLove and KartikPrabhu joined the channel
#
aaronpk
my indieauth server supports pkce now!
#
GWG
aaronpk, yay
#
GWG
It's catching on
#
swentel
oh cool, that's on my todo list soon too
#
swentel
as well as in indigenous
#
GWG
swentel, mine too
snarfed joined the channel
#
GWG
Aaronpk, I don't quite get the code challenge method
#
sknebel
ok, bunch of AutoAuth updates pushed. mostly fixes and clarifications, but also added the mode for polling clients
#
aaronpk
GWG: the client should just always use S256 (sha 256) for now
#
aaronpk
on the server you need to support both S256 and "plain" (which means not hashing it)
#
GWG
aaronpk, that's what I needed
#
aaronpk
I also made my authorization server tell me if a client is using PKCE
Kris joined the channel
#
aaronpk
ok indieauth-client-php is updated with PKCE support
#
aaronpk
now on to Quill
#
GWG
Aaronpk, now I will build
#
aaronpk
looks like quill uses the default indieauth-client functions so all it took was updating the library and no code changes to quill!
[eddie] joined the channel
#
[eddie]
oh wow!
#
aaronpk
quill supports pkce now!
[Rose] joined the channel
#
[Rose]
What is pkce?
#
[Rose]
hopes Loqi knows.
#
Loqi
PKCE, Proof-Key for Code Exchange, (pronounced "pixie") is an extension to OAuth 2.0 that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
#
[Rose]
Aha, I thought I had read about that here!
#
Zegnat
Hmm. No way I can add that in 5 minutes to selfauth before demoes
#
Zegnat
Or rather, there is a way, but it would not really be a good idea :P
#
GWG
I think I can do PKCE this week
#
aaronpk
it didn't take me long to add, but it was more than 5minutes
#
[eddie]
Hey, while I’m working on finishing up my AutoAuth this week, I might as well throw PKCE in the mix?
#
aaronpk
might as well! it's not a huge thing to add
#
[eddie]
Yep, then that’ll give me incentive to add it to Indigenous
#
aaronpk
the hardest part is probably figuring out how to do sha256 in whatever language you're using
#
[eddie]
ahh gotcha. Yeah that’s not too bad in node.js
#
sknebel
[eddie]: what do you use for your auth?
#
[eddie]
Handrolled Node.js
#
sknebel
available somewhere standalone, or baked into your site?
#
[eddie]
Baked into my site currently
wagle and [kevinmarks] joined the channel
#
@blairmacintyre
↩️ I’m working on it. Later in the week. Indieweb, webmentions, ghost, extracting comments from disqus, tying into http://micro.blog, … so many levels of FREAKING AWESOMENESS …
(twitter.com/_/status/1104837185310769155)
snarfed and [grantcodes] joined the channel
#
dougbeal
kevinmarks: I haven't got as far as webmentions yet
[tantek] joined the channel
#
[eddie]
Based on the great commonplaces session that [chrisaldrich] led, I thought I wanted to test Own Your Swarms private checkins for checkins I might not want to blast across my front page but store for future. I hadn’t tested it since aaronpk added it.
#
Zegnat
[grantcodes], you showed the me parameter wrt redirects, I didn’t spot its use quick enough but thought I’d let you know that the me parameter in the requests has mostly been removed since https://github.com/indieweb/indieauth/issues/19
#
Loqi
[00dani] #19 Allow the 'me' parameter to authorization endpoints to be omitted?
#
[eddie]
I tested a fake private checkin and saw it on the homepage. 😞 Fail. Until I realized I was logged in. Log out and success! 🙌
#
Zegnat
E.g. selfauth has completely stopped looking at it https://github.com/Inklings-io/selfauth/pull/43
#
Loqi
[Zegnat] #43 Remove all uses of the client supplied me
chrisaldrich joined the channel
#
[grantcodes]
Zegnat: Yes it doesn't use it in the redirect back to the client. My demo showed it redirecting to the auth endpoint which does need the me parameter. My auth endpoint was just a blank page was all
#
[eddie]
sknebel++
#
Loqi
sknebel has 42 karma in this channel over the last year (105 in all channels)
#
[eddie]
Zegnat++
#
Loqi
Zegnat has 56 karma in this channel over the last year (167 in all channels)
#
[eddie]
for AutoAuth sketches that help visualize things today
#
@JanElznic
#Webmentions, zajímavý nápad, jak se mohou dvě strany navzájem notifikovat o tom, že na sebe odkazují: https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet Aktuálně ve stádiu #W3C Recommendation: https://www.w3.org/TR/webmention/
(twitter.com/_/status/1104844857393250304)
iasai joined the channel
#
GWG
aaronpk, WordPress doesn't hash with SHA256 as an option because it wasn't introduced until 5.3.2
#
aaronpk
what's the lowest version of php you need to support?
#
GWG
aaronpk, I just bumped the minimum to 5.4 and changed all hashing to sha256 for Indieauth
#
GWG
aaronpk, 5.2, but WordPress is moving to minimum 5.6 then 7.0 within the year, so 5.4 is fine
#
GWG
Most of the Indieweb plugins are either 5.3 or.5.4
#
aaronpk
it's hard to find docs but it looks like the hash function is in php 5.1
#
GWG
I tried to keep it as close to minimum for WordPress as possible
#
GWG
aaronpk, it is, but SHA256 wasn't in till later
#
aaronpk
where'd you see that? I couldn't find that on php.net/hash
#
aaronpk
I think your best option is to add a check and just don't do PKCE at all on php <5.2
#
aaronpk
and use the sha256 hash function if it's there. then when wordpress changes to min 5.6 you can remove the version check
#
GWG
I don't think raising the version is an issue regardless, but will add the fallback.
#
GWG
And if it works, Quill will show it in the dashboard?
iasai joined the channel
#
aaronpk
a client won't know whether the server supports pkce or not
#
aaronpk
either the pkce flow will work, or the server will ignore the pkce parameters, and that looks the same to the client
#
GWG
I may ask you to review the PR then
#
aaronpk
quill will always do PKCE now though
[Rose], iasai, snarfed and gRegorLove_ joined the channel
#
Zegnat
Should PKCE be mentioned as a SHOULD in the spec?
iasai and [grantcodes] joined the channel
#
[grantcodes]
Ok, got a proof of concept micropub client that will post everything from examples.tpxl.io
#
[grantcodes]
Not recommended on a live site
iasai and [jgmac1106] joined the channel
#
Zegnat
Hmm. Thought I would run it against sink.zegnat.net, but got a state error. Will need to debug tomorrow.
eli_oat joined the channel
#
Zegnat
The glitch app tells me “State doesnt match”
#
aaronpk
Zegnat: possibly yeah. let's wait til we get a few more implementations tho
tw2113, snarfed, eli_oat, iasai, gRegorLove and KartikPrabhu joined the channel