#dev 2019-03-10

2019-03-10 UTC
#
gRegorLove Aw, my poor notes feed.
#
[grantcodes] Anyone around that has some complicated redirects set up for their domain fancy seeing if they can log in here? https://indieauth-lib-wip.glitch.me/
#
aaronpk steal this javascript https://aaronparecki.com/2018/06/03/4/url-form-field
#
Loqi [Aaron Parecki] Improving the HTML type="url" Field
#
aaronpk tried with "http://aaronpk.com" and got "Error getting auth url, check logs"
#
Loqi Aaron Parecki
KartikPrabhu and eli_oat joined the channel
#
[grantcodes] Eh, can't be bothered adding clientside js to it, it is just echoing strings right for testing purposes
#
[grantcodes] But I can see what's going wrong with your domain 🙂
[schmarty] joined the channel
#
gRegorLove chrisaldrich, to answer your question yesterday, there's ~100 indiebookclub users on micro.blog
#
[grantcodes] Ok, looks like I fixed that redirect issue, I got to your login page aaronpk
#
aaronpk was that you that just clicked log in on my site?
#
[grantcodes] Haha yeah
#
[grantcodes] I was intrigued what it would do
#
aaronpk sends a push notification to my phone :)
#
aaronpk long explanation here https://aaronparecki.com/2017/10/04/23/passwordless-logins
#
Loqi [Aaron Parecki] Passwordless Logins for Your Website
#
[grantcodes] Ah, I guessed something like that after it was just spinning
anth_x joined the channel
#
[grantcodes] I want to set up something like that once I get around to building my own auth endpoint. But I'd like to try webauthn too
j12t, eli_oat, [schmarty] and [grantcodes] joined the channel
#
[schmarty] grantcodes: looks like it's not following redirects for my shortdomain http://mmg.re
#
Loqi Marty McGuire
#
[schmarty] also definitely steal the auto-http:// javascript aaronpk posted. :}
#
[schmarty] [dougbeal] i do websub on my static site.
#
[schmarty] when i do a new site build it goes into a new directory and i use rsync to copy the files over. rsync has a mode that spits out a machine-readable list of what's changed.
#
[schmarty] i grab all new and modified files from that list and do some string matching to grab the URLs that match pages with feeds
#
[schmarty] then i build a request to superfeedr to ping that they've been updated.
#
dougbeal grantcodes: I get a Missing code or state mismatch on https://crw.moe
#
[schmarty] (i do the same thing to send webmentions, but i do a different filter to only grab post permalink pages)
#
[grantcodes] If you got that far dougbeal then it worked, but currently broken on my end
#
dougbeal schmarty: is there a github repo to peruse? Sounds like what I want.
#
[schmarty] i don't think i have my hook publisher code published anywhere 😕
#
[schmarty] oh i guess i do
#
[schmarty] https://git.schmarty.net/schmarty/ssg-hook-publisher-php
#
[schmarty] https://git.schmarty.net/schmarty/ssg-hook-publisher-php/src/branch/master/src/sync/rsync.php is how i do the rsync and parsing of the rsync output
#
[schmarty] and then how i use that list to decide what to websub: https://git.schmarty.net/schmarty/ssg-hook-publisher-php/src/branch/master/src/sync_after/websub.php
#
dougbeal Ugh, omnibear can't delete syndicateTo and authEndpoint from localStorage on chrome
#
dougbeal Uncaught Error: Extension context invalidated
#
dougbeal I guess that was trying to set a breakpoint
#
dougbeal Shoujld micropub.rocks test for media query?
#
aaronpk it does
#
aaronpk wait media query? I thought you said media endpoint
#
dougbeal I meant test for querying for latest upload
#
aaronpk ah
#
aaronpk that's pretty new and I haven't added anything to micropub.rocks in a while
#
aaronpk feel free to open an issue though
#
GWG Adding basic displays to my code to show the inputs from special Quill posting types...
#
GWG Event, Itinerary...
#
GWG How does this look as a placeholder? https://wpdev.gwg.us/2019/03/10/4325/
[dougbeal] joined the channel
#
[dougbeal] 🛫 and 🛬 instead of bullets? 🙂
#
GWG [dougbeal]: Future version.
#
GWG This just allows it to display for now
#
GWG I'm going to release so event and itinerary will work and tweak in future
#
[dougbeal] Makes sense. Airline icons/logos work well for google flight search.
#
GWG [dougbeal]: Also, itinerary supports other transit methods
#
GWG Oops, made a minor error. Lucky I caught it.
#
GWG There it is.
#
GWG [dougbeal]: You can try the update now.
[eddie] joined the channel
#
GWG Hello, [eddie]
#
[eddie] Hey GWG
#
GWG Late night Indiewebbing?
#
[eddie] Well late night chat checking lol
#
[eddie] Then it’s bedtime. 😴
#
GWG I just finished something I committed to during a session last night
#
GWG If you post an event using Micropub, it now does a basic display
#
[eddie] Nice! Very cool!!
#
[eddie] I’ve got AutoAuth fun waiting for me in the morning 😁
#
[eddie] Private posts, here I come!
jeremych- joined the channel
#
GWG I have to watch that
jeremych_ and kants_ joined the channel
#
[eddie] AutoAuth session wasn’t recorded because not all the attendees were able to log into the Google Hangout so we did Jitsi and Recording wasn’t available
#
[eddie] But we have some good notes on the session page
globbot joined the channel
#
GWG Darn
gRegorLove, barpthewire and KartikPrabhu joined the channel
#
sknebel GWG: always happy to talk about/explain AutoAuth
jgmac1106 and [jgmac1106] joined the channel
#
jgmac1106 https://quickthoughts.jgregorymcverry.com/2019/03/10/update-on-indiewebcamp-hack-day-proect-the-guestbook
#
jgmac1106 zegnat my questgion is did I write the echo statements, I am saving the file with W (off to learn A and append) but I can’t dispaly the data
#
Zegnat jgmac1106, I would do it like this, only echo the variables and keep the HTML as HTML: https://gist.github.com/Zegnat/c6709adf85c73315cb79daa769e5af0c
#
Zegnat Nice thing about PHP is that you can start and end PHP code anywhere within HTML, so you do not need to care about escaping quotes and what not.
#
jgmac1106 ahh didn’t know that, thought echo had to be in front
#
jgmac1106 got me closer: https://jgregorymcverry.com/guestbook.php?user_name=rrrc&user_text=rr&user_instagram=rr&user_twitter=+xsdq&user_email=wqd%40emial.ocm&msg=wdqacc
#
jgmac1106 now styled: https://jgregorymcverry.com/guestbook.php?user_name=rrrc&user_text=rr&user_instagram=rr&user_twitter=+xsdq&user_email=wqd%40emial.ocm&msg=wdqacc but no data displayiing…so close
ancarda joined the channel
#
jgmac1106 wooo hoo! https://jgregorymcverry.com/guestbook.php?user_name=Greg&user_text=jgregorymcverry.com&user_instagram=jgmac1106&user_twitter=giugp%3Bio&user_email=jgmac1106%40gmail.com&msg=hello
#
Zegnat For whoever was looking at JSON schema validation of mf2 objects ([grantcodes], jacky?) I just updated mine to reflect the latest additions to the spec (ids and image alts): https://gist.github.com/Zegnat/65ed9a9fb0546fb8c4aa0c0b790b8a40
#
jgmac1106 zegnat everything working…except my last variable, coming out blank, but thanks for the help…huge progress
NinjaTrappeur joined the channel
#
sknebel hm, thinking about the structure of the AutoAuth document. Wondering if it makes sense to reorder it and start with just the server-to-server part, and then in a second section add the bits that allow a client to do it (vs an integrated component that doesn't need to)
#
sknebel (am also in the jitsi room, but found it more helpful to type this out now)
#
Zegnat I would almost want to see the diagram first. So it is easy to draw (even if just in your mind) a circle around “this is the part we focus on first”.
#
sknebel sure, diagram is on the list too, looking for a good drawing tool for sequence diagrams right now
swentel joined the channel
#
sknebel diagram draft: https://www.svenknebel.de/temp/autoauth_diagram.svg
#
sknebel (a less technical one would also be helpful)
#
Zegnat My sketch of the back and forth (slightly less technical) that I think is the important part: https://zegnat.net/tmp/diagdraft.jpeg
#
GWG Morning all
#
Zegnat Morning GWG
#
sknebel (diagram made with https://bramp.github.io/js-sequence-diagrams/
[jgmac1106] joined the channel
#
[jgmac1106] Morning GWG
#
sknebel What is a sequence diagram?
#
Loqi It looks like we don't have a page for "sequence diagram" yet. Would you like to create it? (Or just say "sequence diagram is ____", a sentence describing the term)
#
[jgmac1106] Yeah I love pencils and graph paper, best diagram tools I have found to date
#
Zegnat It is just the paper->computer step that is annoying
#
sknebel sequence diagram are diagrams showing the flow of messages/requests between multiple participants and are helpful to visualize protocols like IndieAuth.
#
Loqi ok
#
[jgmac1106] Yeah... That part stinks, that tool is really cool
#
Zegnat I considered buying some of that “smart” paper that you can scan with your phone, but those pads are so overpriced
#
sknebel sequence diagram << [https://bramp.github.io/js-sequence-diagrams/ in-browser tool to generate diagrams from a relatively simple text form]
#
Loqi ok, I added "[https://bramp.github.io/js-sequence-diagrams/ in-browser tool to generate diagrams from a relatively simple text form]" to a brand new "See Also" section of /sequence_diagram https://indieweb.org/wiki/index.php?diff=57932&oldid=57931
#
[jgmac1106] Especially as I have to explain any diagram in text for accessibility
#
[jgmac1106] This would eliminate they need... Maybe... Wonder how screen readers hit it.
#
[jgmac1106] .... Speaking of which I have to make step by step guide for the mf2 podcast videos I did
#
[jgmac1106] Gwg whatchya working on today?
#
GWG I released a new version of Post Kinds last night with bug fixes5
#
GWG Gives a bunch of fixes before I move on to more fixes.
#
jgmac1106 any major UI changes? Do I need update tutorials video?
#
GWG jgmac1106: Not this time. All under the hood.
#
jgmac1106 gwg++
#
Loqi gwg has 42 karma in this channel over the last year (169 in all channels)
#
GWG Eat and Drink from Teacup now map to the right kinds.
#
GWG Itinerary and Event, if posted from Micropub, display in a basic way
#
GWG Shrunk the size of the package.
#
GWG Changed the icons to inline from sprites
#
Zegnat I owe you a PR, GWG. Working on it
#
GWG You do? It was more of an FYI
#
Zegnat Might as well spare you the trouble
#
sknebel https://github.com/sknebel/AutoAuth/pull/12
#
Loqi [sknebel] #12 RFC: reorder document structure, putting client parts separately
#
Loqi Ok, I'll tell them that when I see them next
#
sknebel !tell aaronpk would love feedback from you on https://github.com/sknebel/AutoAuth/pull/12
#
Loqi [sknebel] #12 RFC: reorder document structure, putting client parts separately
#
jgmac1106 borrowing from chrisaldrich’s idea of wanting to track h/t would this work: <p><span class=p-category" value="hattip"><a class="h-card" href="https://www.svenknebel.de">Sven</a></span></p>
#
jgmac1106 well Known strips away too much for me to do it manually so I hvae to do it like this: https://quickthoughts.jgregorymcverry.com/2019/03/10/js-sequence-diagrams-by-bramp
[schmarty] joined the channel
#
[schmarty] jgmac1106 that makes the post include a tag of Sven. I don't believe anything currently understands a value attribute on span?
#
jgmac1106 okay makes sense then why Known would strip the value from span
#
jgmac1106 I ended up doing Sven as a tag and adding a top hat emoji
#
jgmac1106 ehy isn’t there a h/t emoji?
#
Zegnat jgmac1106, https://web.archive.org/web/20181207213253/http://www.curatorscode.org/ tried to do icons fofr hat tips / vias / etc. But never caught on
khurt joined the channel
#
Zegnat wonders why Known so aggresively strips html
#
jgmac1106 <—worries if I figure out this guestbook I will need to figure out my own notes next….the rich text editor there reaks havoc on micropub clients and I can’t use any HTML
#
jacky .
#
jgmac1106 zegnat if I use GET instead of POST though then each entry technically gets its own URL correct?
#
Zegnat Yes
#
Zegnat But you also put all the personal info inside the URL, inside all visitors’ browser histories, etc
#
jgmac1106 okay something to think about…ahhh okay see why that is bad
#
jacky I _think_ I'm more or less done with my 'group' idea
#
jacky https://v2.jacky.wtf/groups/iwc2019online is the 'demo' thus far
#
jacky (pushing a fix for the icons + missing text)
#
jacky having my address book built made this a lot easier since that's a light whitelist
#
jacky (although anyone can provide a webmention to that page; it just won't show if they aren't on the list)
#
Zegnat That sound correct jacky. If the group is public, people may want to refer to it (and thus end up sending webmentions to its URL), but only actual group members will trigger their posts being displayed
#
jacky sweet
#
sknebel !tell aaronpk found an error on https://www.oauth.com/oauth2-servers/device-flow/token-request/ - in the last example, it needs to say "expires_in" instead of "expires" (per https://tools.ietf.org/html/rfc6749#section-5.1 / https://tools.ietf.org/html/draft-ietf-oauth-device-flow-14#section-3.5)
#
Loqi Ok, I'll tell them that when I see them next
JohnL1 joined the channel
#
@EndlessMason ↩️ @edent @sonniesedge oh. webmention notify form. (twitter.com/_/status/1104750983341662210)
sandro_ joined the channel
#
jacky yup I think I'm all good with my 'group' page!
#
jacky I could work on adding some CRUD for my webmentions but ehe
#
jacky does it by hand for now
#
GWG Trying to decide if I should continue with Post Kinds enhancements or do some webmention fixes.
#
GWG Maybe I should run a poll
#
jacky ah that reminds me
#
jacky I wanted to look if anyone implemented polling markup
#
jacky I remember seeing something on the microformats wiki
#
jacky like a `vote-of` kind of thing
#
Zegnat You might be thinking of http://microformats.org/wiki/VoteLinks ?
#
jacky yup!
#
jacky makes a note to consider implementing that
#
sknebel maybe take it as inspiration, but that' not fit to be implemented today
#
jacky I was considering modelling that and rsvp logic
#
jacky `in-reply-to` + `p-vote`
[tonz] joined the channel
#
jgmac1106 accidently posted to meta: stilll can’t figure out why everything but the note will display in this…ignore me trying to echo the file….that is the next problem for me to solve: https://gist.github.com/jgmac1106/c4cd4bef98acd88729289d9e4c3b9fe6
#
jgmac1106 where var6 should be returns an empty <p></p> but in other news displaying the results of text file. gonna play with that a bit
[eddie] joined the channel
#
[eddie] Great job on the groups page jacky!
#
jacky thank you!
#
sknebel good morning [eddie]!
#
sknebel [eddie]: https://github.com/sknebel/AutoAuth/pull/12 you can also see if that structure makes more sense for what part does what
#
Loqi [sknebel] #12 RFC: reorder document structure, putting client parts separately
#
jacky is hammering his heads on Phoenix sockets
#
jacky once I get this going, I can play around with doing real time updates on my site
#
[eddie] sknebel: Yeah that definitely seems more clear to me :thumbsup:
#
jacky ah finally
#
jacky my goal is to show a real time 'ticker' of successful authorizations
#
jacky something like https://updown.io/ and how it shows real time checks
#
jacky though I figure that's running off an average and not actually showing real time stats
#
sknebel Zegnat: re autoauth extensions, did you see this API? https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onAuthRequired
#
Zegnat Yeah, but wasn’t the idea that we wouldn’t have to return 4xx status for AutoAuth?
#
sknebel ah, for the other case
#
sknebel where you'd need to trigger a new request after the first has discovered the auth header
#
Zegnat It is the WWW-Authenticate header that shows auth may be used, any of those 4xx would only be given when the page has a hard requirement for login
#
Zegnat Yeah
sketchess joined the channel
#
Zegnat E.g. I do not want to return a 4xx for my h-feed everytime someone isn’t authenticated through AutoAuth. Wouldn’t make much sense
#
sknebel sure
KidReese777 joined the channel
#
Zegnat Well, this looks like I might be able to show it off at demos: https://wiki.zegnat.net/temp/concept.png
[kevinmarks] joined the channel
#
[eddie] haha, nice!
jgmac1106 and [davidmead] joined the channel
#
[eddie] sknebel: If I’m understanding this right, the main difference in the Token Request for the protected resource in AutoAuth is the existence of a callback_url
#
[eddie] So when my token endpoint is determining whether it is an internal request or an external request, I check for the callback_url and if it exists, it’s an external request.
#
sknebel main difference to what?
#
[eddie] ohhh the me as well
#
[eddie] That’s what I should key off of. If me = https://eddiehinkle.com/ it’s requesting a token AS me
#
[eddie] if me is something else, it’s an AutoAuth request as someone else
#
sknebel the closest in IndieAuth https://indieauth.spec.indieweb.org/#token-request
#
[eddie] Yep, exactly. Those are the two I was comparing and I was trying to determine the difference because my code has to differentiate
#
[eddie] But AutoAuth as the callback_url, so I know it’s external and of course the me value changes to not be ME
#
sknebel the main thing is probably the context information: root_uri, callback_url, ...
#
sknebel me could technically be you
#
sknebel if your reader wants to access private parts of your site
#
[eddie] ohhhhh
#
[eddie] that’s true
#
sknebel and doesn't special-case that
#
[eddie] that makes sense, so leave the me alone in that context
#
[eddie] root_uri makes sense, so I should probably verify that the root_uri is under my ownership or else reject the request
#
jgmac1106 Okay I am off for the day, my demo will be recorded asynch…if I finish….getting close, but stuck now not even knowing the questions I need to ask, ultimate marker that you hit knowledge limit
#
jgmac1106 but heading to birthday party with the kids
#
[eddie] Have fun jgmac1106!
jgmac1106 joined the channel
#
jgmac1106 yhx eddie great jopb this weekend
#
sknebel [eddie]: so you're making private posts first? Guess we'll have to see if Zegnat's proxy still works, otherwise we have no way of trying to fetch content :D
#
Zegnat Woops, and I got totally sidetracked by my assumptions idea from yesterday so haven’t touched the proxy
#
[eddie] haha no worries and yeah I got confused and started working on the private posts 😆
#
[eddie] No confused from the spec just confused inside my website
#
[eddie] Maybe I should pause here and switch over to the authentication side! haha that way I can test something
#
jgmac1106 as far as I got: https://jgregorymcverry.com/guestbook.php saving to plain text, couldn’t figure out how to write save to either guestbook.html or guestbook.php and keep all the html formatting: https://jgregorymcverry.com/guestbook.php
#
jgmac1106 tried first saving HTML to the plain text file thinking I could just get all the data, didn’t work, then tried fwrite with one line for every line of html editing gustbook.html that didn’t work….more learning to do
#
jacky after some fighting and chasing after my dog (today's her day but blergh), I got the rel-me verification happening on the fly now
#
jgmac1106 sweet jacky
#
sknebel [eddie]: btw, if you see mentions of "base_uri", ignore those
#
sknebel I just noticed that I forgot to remove some mentions of it
#
aaronpk I was wondering about that
#
Loqi aaronpk: sknebel left you a message 3 hours, 46 minutes ago: would love feedback from you on https://github.com/sknebel/AutoAuth/pull/12
#
Loqi aaronpk: sknebel left you a message 2 hours, 39 minutes ago: found an error on https://www.oauth.com/oauth2-servers/device-flow/token-request/ - in the last example, it needs to say "expires_in" instead of "expires" (per https://tools.ietf.org/html/rfc6749#section-5.1 / https://tools.ietf.org/html/draft-ietf-oauth-device-flow-14#section-3.5)
#
sknebel (context: https://github.com/sknebel/AutoAuth/issues/5 )
#
Loqi [sknebel] #5 Include fewer pieces in Access Token Callback?
#
aaronpk oh dear thanks sknebel
#
aaronpk dang it's wrong in the print book too
#
[eddie] sknebel: Gotcha! Will ignore
#
sknebel (it's a bit confusing how in AutoAuth the authorization endpoint acts towards the client like a token endpoint would in "normal" OAuth cases... gotta make a note of that somewhere)
#
aaronpk i'm not sold on the name 'external_token' right now, but I haven't mentioned it yet because it still feels like we're solving the high level stuff right now
#
sknebel you know what they say about naming things...
#
GWG If I decided to add PKCE, how would I test it, save asking for a reviewer?
#
aaronpk GWG: assuming you're talking about testing your server, you'd need a client that does PKCE. I probably have some sample code handy
#
GWG aaronpk, just wondering if there was an existing client that did it
#
GWG If not, I might put it off as lower priority
#
aaronpk Alternatively you could bribe me into adding it to quill or something
#
GWG aaronpk, out of blind curiousity, what sort of bribe do you accept?
#
GWG Is there a price list on your website?
#
sknebel I heard aaronpk needs taxes done :D
#
GWG I assume this is barter, not actual currency exchange
#
GWG I have a guy for that
#
aaronpk mainly a promise that you will actually go use it then :)
#
GWG aaronpk, how about this? If I write the branch first, then I will wait to merge it till something tests it.
#
GWG Then the burden is on me first before you
#
GWG Especially since I have to understand it first to try implementation
#
GWG That may take time
#
aaronpk is adding PKCE to indieauth-client-php
#
GWG aaronpk, 4 people have PKCE on their issue list
#
GWG So, we'll get it
#
Zegnat Because conceptualising AutoAuth is hard, does this help? https://svgshare.com/i/BhB.svg
#
jacky that works for me tbh
swentel joined the channel
#
GWG swentel, https://david.shanske.com/2019/03/10/2743/
#
Loqi [David Shanske] First check-in using Indigenous.
#
swentel woohoow :)
#
GWG swentel, seems to have worked
#
swentel GWG, PTD question. On your site, do you have notes with photos ? Or, basically, when a photo comes in, post kinds will see it as a photo post ?
#
GWG If it has a photo property, it's classified as a photo post
#
GWG Do you want to see my ptd code?
#
swentel oh not necessarily
#
GWG https://github.com/dshanske/parse-this/blob/master/includes/functions.php
#
swentel it's something I've been thinking about the last week
#
swentel whether a) add a 'photo form' in indigenous. But I don't think I'll be doing that.
#
swentel and b) to add that to Drupal
#
swentel basically now, in drupal, you can map an incoming request to a content type. If it as title and content -> go to article content type. If no title and content -> note.
#
swentel *has
#
swentel but I allow both to have photos too
#
swentel so that's the part where I'm not sure. Add another option to optionally map to photo content type
#
swentel or leave as is
#
swentel funny thing is
#
swentel now that I'm writing this down
#
swentel it makes sense to allow mapping it to a content type. However, users can always map it to the same content type internally if they want.
#
swentel maybe I think about this one too much :)
#
GWG We all over think
#
swentel absolutely
#
GWG How's the refactoring going?
KartikPrabhu joined the channel
#
swentel focusing on adding tests first (finally)
#
swentel have some really basic tests now which test the UI on all post types
#
swentel click note, fill in something, etc
#
GWG Good
#
swentel because it's getting tedious todo it manually
#
swentel And I've missed things in past releases already
#
GWG I now support itineraries from Quill
#
swentel hmm where can you add that?
#
GWG swentel, add that?
#
GWG Only in Quill
#
GWG https://wpdev.gwg.us/2019/03/10/4324/
#
GWG Here's my test post
#
GWG Also added Micropub events
#
GWG https://wpdev.gwg.us/2019/03/10/test-event-from-indigenous/
#
swentel GWG, well, yes, I'm in quill now, but I don't see itineraries
#
swentel or is it because quill listens to my supported post types
#
GWG swentel, probably
#
GWG I haven't added in supported types.
#
swentel damn, the irony
#
GWG swentel, Micropub is allowing me to support post types without having to write the UI
#
GWG Which helps due my Gutenberg concerns
gRegorLove and KartikPrabhu joined the channel
#
aaronpk my indieauth server supports pkce now!
#
GWG aaronpk, yay
#
GWG It's catching on
#
swentel oh cool, that's on my todo list soon too
#
swentel as well as in indigenous
#
GWG swentel, mine too
snarfed joined the channel
#
GWG Aaronpk, I don't quite get the code challenge method
#
sknebel ok, bunch of AutoAuth updates pushed. mostly fixes and clarifications, but also added the mode for polling clients
#
aaronpk GWG: the client should just always use S256 (sha 256) for now
#
aaronpk on the server you need to support both S256 and "plain" (which means not hashing it)
#
GWG aaronpk, that's what I needed
#
aaronpk I also made my authorization server tell me if a client is using PKCE
Kris joined the channel
#
aaronpk ok indieauth-client-php is updated with PKCE support
#
aaronpk now on to Quill
#
GWG Aaronpk, now I will build
#
aaronpk looks like quill uses the default indieauth-client functions so all it took was updating the library and no code changes to quill!
[eddie] joined the channel
#
[eddie] oh wow!
#
aaronpk quill supports pkce now!
[Rose] joined the channel
#
[Rose] What is pkce?
#
[Rose] hopes Loqi knows.
#
Loqi PKCE, Proof-Key for Code Exchange, (pronounced "pixie") is an extension to OAuth 2.0 that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
#
[Rose] Aha, I thought I had read about that here!
#
Zegnat Hmm. No way I can add that in 5 minutes to selfauth before demoes
#
sknebel lol
#
Zegnat Or rather, there is a way, but it would not really be a good idea :P
#
GWG I think I can do PKCE this week
#
aaronpk it didn't take me long to add, but it was more than 5minutes
#
[eddie] Hey, while I’m working on finishing up my AutoAuth this week, I might as well throw PKCE in the mix?
#
aaronpk might as well! it's not a huge thing to add
#
[eddie] Yep, then that’ll give me incentive to add it to Indigenous
#
aaronpk the hardest part is probably figuring out how to do sha256 in whatever language you're using
#
[eddie] ahh gotcha. Yeah that’s not too bad in node.js
#
sknebel [eddie]: what do you use for your auth?
#
[eddie] Handrolled Node.js
#
sknebel available somewhere standalone, or baked into your site?
#
[eddie] Baked into my site currently
wagle and [kevinmarks] joined the channel
#
@blairmacintyre ↩️ I’m working on it. Later in the week. Indieweb, webmentions, ghost, extracting comments from disqus, tying into http://micro.blog, … so many levels of FREAKING AWESOMENESS … (twitter.com/_/status/1104837185310769155)
snarfed and [grantcodes] joined the channel
#
dougbeal kevinmarks: I haven't got as far as webmentions yet
[tantek] joined the channel
#
[eddie] Based on the great commonplaces session that [chrisaldrich] led, I thought I wanted to test Own Your Swarms private checkins for checkins I might not want to blast across my front page but store for future. I hadn’t tested it since aaronpk added it.
#
Zegnat [grantcodes], you showed the me parameter wrt redirects, I didn’t spot its use quick enough but thought I’d let you know that the me parameter in the requests has mostly been removed since https://github.com/indieweb/indieauth/issues/19
#
Loqi [00dani] #19 Allow the 'me' parameter to authorization endpoints to be omitted?
#
[eddie] I tested a fake private checkin and saw it on the homepage. 😞 Fail. Until I realized I was logged in. Log out and success! 🙌
#
Zegnat E.g. selfauth has completely stopped looking at it https://github.com/Inklings-io/selfauth/pull/43
#
Loqi [Zegnat] #43 Remove all uses of the client supplied me
chrisaldrich joined the channel
#
[grantcodes] Zegnat: Yes it doesn't use it in the redirect back to the client. My demo showed it redirecting to the auth endpoint which does need the me parameter. My auth endpoint was just a blank page was all
#
[eddie] sknebel++
#
Loqi sknebel has 42 karma in this channel over the last year (105 in all channels)
#
[eddie] Zegnat++
#
Loqi Zegnat has 56 karma in this channel over the last year (167 in all channels)
#
[eddie] for AutoAuth sketches that help visualize things today
#
@JanElznic #Webmentions, zajímavý nápad, jak se mohou dvě strany navzájem notifikovat o tom, že na sebe odkazují: https://alistapart.com/article/webmentions-enabling-better-communication-on-the-internet Aktuálně ve stádiu #W3C Recommendation: https://www.w3.org/TR/webmention/ (twitter.com/_/status/1104844857393250304)
iasai joined the channel
#
GWG aaronpk, WordPress doesn't hash with SHA256 as an option because it wasn't introduced until 5.3.2
#
aaronpk what's the lowest version of php you need to support?
#
GWG aaronpk, I just bumped the minimum to 5.4 and changed all hashing to sha256 for Indieauth
#
GWG aaronpk, 5.2, but WordPress is moving to minimum 5.6 then 7.0 within the year, so 5.4 is fine
#
GWG Most of the Indieweb plugins are either 5.3 or.5.4
#
aaronpk it's hard to find docs but it looks like the hash function is in php 5.1
#
GWG I tried to keep it as close to minimum for WordPress as possible
#
GWG aaronpk, it is, but SHA256 wasn't in till later
#
aaronpk where'd you see that? I couldn't find that on php.net/hash
#
aaronpk I think your best option is to add a check and just don't do PKCE at all on php <5.2
#
aaronpk and use the sha256 hash function if it's there. then when wordpress changes to min 5.6 you can remove the version check
#
GWG I don't think raising the version is an issue regardless, but will add the fallback.
#
GWG And if it works, Quill will show it in the dashboard?
iasai joined the channel
#
aaronpk a client won't know whether the server supports pkce or not
#
aaronpk either the pkce flow will work, or the server will ignore the pkce parameters, and that looks the same to the client
#
GWG I may ask you to review the PR then
#
aaronpk quill will always do PKCE now though
[Rose], iasai, snarfed and gRegorLove_ joined the channel
#
Zegnat Should PKCE be mentioned as a SHOULD in the spec?
iasai and [grantcodes] joined the channel
#
[grantcodes] Ok, got a proof of concept micropub client that will post everything from examples.tpxl.io
#
[grantcodes] https://micropub-post-types.glitch.me/
#
[grantcodes] Not recommended on a live site
iasai and [jgmac1106] joined the channel
#
Zegnat Hmm. Thought I would run it against sink.zegnat.net, but got a state error. Will need to debug tomorrow.
eli_oat joined the channel
#
Zegnat The glitch app tells me “State doesnt match”
#
aaronpk Zegnat: possibly yeah. let's wait til we get a few more implementations tho
tw2113, snarfed, eli_oat, iasai, gRegorLove and KartikPrabhu joined the channel