#dev 2019-03-11

2019-03-11 UTC
[davidmead], iasai and eli_oat joined the channel
#
gRegorLove
aaronpk, can indiebookclub use indielogin.com?
#
aaronpk
not if you need to post to peoples sites
#
GWG
Trying to figure out PKCE
#
gRegorLove
I mean for the non-micropub users. It's using indieauth.com/auth for them currently
iasai and [eddie] joined the channel
#
aaronpk
Ahh then yes
KartikPrabhu, gRegorLove and iasai joined the channel
#
aaronpk
!tell gRegorLove looks like indiebookclub has already been registered for indielogin.com!
#
Loqi
Ok, I'll tell them that when I see them next
[jgmac1106], iasai and [schmarty] joined the channel
#
Loqi
[Changelingmx] Got responses from the developers of the Indieauth plugin. I'll paste the link, but the short version is Own Your Swarm and the other services that are giving me problems are using depricated scopes. https://github.com/indieweb/wordpress-indieauth...
#
aaronpk
yeah I think that was a misunderstanding of the latest comment on the indieauth plugin
#
aaronpk
I figured i'd just leave it until you posted an update in the plugin
#
GWG
Started the PKCE stuff, but still confused
#
GWG
I need to find your book
#
aaronpk
and the video linked from https://indieweb.org/PKCE should help too
#
GWG
aaronpk: Wrapping my mind around it, but will get it.
#
aaronpk
let me know if you have any more questions
snarfed and iasai joined the channel
#
GWG
aaronpk: When I launch Quill, I don't see the code challenge in the query string. Shouldn't I?
#
GWG
Wait a minute, I think I might be filtering it.
iasai and [eddie] joined the channel
#
GWG
aaronpk: Think I implemented something. Not sure how to prove it works.
snarfed and iasai joined the channel
#
aaronpk
GWG awesome!
#
aaronpk
When I was testing mine I made the client do PKCE wrong so that I made sure my server was rejecting the request properly
iasai and KartikPrabhu joined the channel
#
Zegnat
I may or may not have added ~50% of PKCE to selfauth on the morning commute. Lets see if that results in a PR on the evening commute.
[Rose] joined the channel
#
[Rose]
Zegnat++, "coduting" is one of my favourite things to do.
#
Loqi
Zegnat has 57 karma in this channel over the last year (168 in all channels)
barpthewire joined the channel
#
Zegnat
I usually sleep, but I was feeling surprisingly awake this morning
cweiske, swentel, iasai, [Rose], [Vincent], jgmac1106 and [grantcodes] joined the channel
#
[grantcodes]
!tell Zegnat I fixed that state issue on the post type test, there are now a bunch of them on sink
#
Loqi
Ok, I'll tell them that when I see them next
#
Zegnat
Ah, so it wasn’t an issue on my part? Good! I haven’t touched sink in months. It just makes for a nice little test place for stuff like this
#
[grantcodes]
Nah, I forgot the state was in int and was checking it against a string. Fun times
#
Zegnat
Wouldn’t you expect state to always be a string?
#
[grantcodes]
Yes, just didn't think about it
iasai, swentie, [jgmac1106], swentel, jgmac1106, KartikPrabhu and kisik21 joined the channel
#
kisik21
i wanna redesign my cms again... it's bottlenecked by something and i dunno the reason because I don't know how to profile flask apps
#
Loqi
kisik21: ben_thatmustbeme left you a message 1 week, 6 days ago: I couldn't say at the moment, i have sadly be way too busy with a bunch of stuff. It is supposed to but only if it discovers them via the micropub endpoint
#
kisik21
ben_thatmustbeme: oh hello there... well, Quill does discover my syndication stuff, why doesn't Inkstone do that?
[tonz] and [kevinmarks] joined the channel
#
[kevinmarks]
The syndication syntax changed at some point, maybe inkstone is using the old version?
[eddie], [jgmac1106], iasai, snarfed, swentel, [Rose], [manton] and leg joined the channel
#
[eddie]
In the "Quantified Self on my website" category... I track what I watch and listen to. I'm almost ready to start posting what I play (on Nintendo Switch). I've been thinking about what I code... I have two potential sources: GitHub for public commits and I also use WakaTime which is has plugins in various IDE and tracks the amount of time that I program every day. So I'm thinking I could grab what projects I work on, what commits I make and how
#
[eddie]
programming and put that on my website 🙂
[stefp], [tantek], swentie and chrisaldrich joined the channel
#
[jgmac1106]
eddie check the resolution on your screenshot of Quill Authorizaton
#
[eddie]
haha yeah, it's pretty bad
#
[eddie]
it's a screenshot of a video because I was writing the article and didn't have my dev environment
#
[jgmac1106]
is it stretching to 100%
#
[jgmac1106]
can you make it smaller?
#
[eddie]
Nope my site puts all photos at full width
#
[eddie]
Probably not the best CSS haha
#
[jgmac1106]
you could try inline styling in emergency....
#
swentie
[eddie], 'access list' is just a list of domains ? (re: autoauth)
#
[eddie]
Yep, exactly. Although everyone in my access list is also in my nickname cache
#
[jgmac1106]
nvm I see what you mean
#
[eddie]
Doesn't have to be a hard and fast requirement
#
[jgmac1106]
what did you use for screencapture then, that seems like a low resolution
#
swentie
[eddie], ok, I was kind of 'missing' what controlled the access (to be fair, haven't read through the complete spec)
#
[eddie]
[jgmac1106] The plan is to replace the screenshot this evening when I have my dev machine available again
#
swentie
but interesting development there
#
Loqi
eddie has 35 karma in this channel over the last year (94 in all channels)
#
[jgmac1106]
for the demo
#
[eddie]
swentie: gotcha. Essentially the AutoAuth spec can tell my site "I promise, the person on your site right now is this URL"
#
[eddie]
so then my site will take that and provide additional access based on the URL
#
[eddie]
I have names connected inside my site with the URL so it's more user friendly though
#
swentie
cool, will start experimenting with it myself with the drupal module
#
[eddie]
awesome! That would be great
#
sknebel
yeah, on my site it's also just an "audience" property with a list of URLs for now
#
aaronpk
the actual ACL should not be part of the spec and should be left up to each site to do however makes the most sense internally
#
[eddie]
absolutely
#
sknebel
(which of course collides with the other concept of audience, so not the best name)
#
[eddie]
sknebel exactly same for me, I just also have a list of h-cards indexed by url so I can cross reference it
#
aaronpk
the useful part of the spec is that your site gets a way to know that a request is being made by a particular person
#
aaronpk
or rather by a machine authorized by that person
#
[eddie]
sknebel I actually find the audience overload to be perfect
iasai joined the channel
#
swentie
[eddie], will ping you once I have something, either being able to read something from you or the other way around.
#
sknebel
I have a test endpoint with which you can test the first part
#
sknebel
it just returns your identity if you sucessfully authenticate to it
#
swentie
ah, also cool
#
[eddie]
swentel: That sounds great!
#
[eddie]
swentie: also, https://indieweb.org/autoauth has some nice diagrams linked
#
[eddie]
sknebel I have visibility that can be public or private (or unlisted). A public or unlisted with an audience is basically just an "FYI". A private with an audience becomes an access control list
#
aaronpk
i want to find a better name for this spec soon
#
[eddie]
but for me audience is always a url that links to an h-card
#
aaronpk
also the scope name
#
[eddie]
lol we better hurry 🙂 You know how names are 😄
#
swentie
registers autoauth.com :p
#
aaronpk
sounds like a used car verification shop
snarfed joined the channel
#
swentel
hehe yeah
#
swentel
have to go, later!
#
[jgmac1106]
and ten years later swentel sells authoauth.com for 100k
#
[jgmac1106]
meant auto
#
jeremycherfas
I have an image-handling problem in PHP. I'm scraping images from a site, and I do not know in advance whether they are jpg or png (unlikely to be anything else). I need to resize and then save. I can find image type, and I was wondering, is there a reverse of image_type_to_extension? That is, if I have the extension, use that in imagecreatefromjpeg or imagecreatefrompng?
[davidmead] and KartikPrabhu joined the channel
#
[davidmead]
spitballing here, but is there a way to take an RSS feed and create posts from it’s entries using PHP?
#
[davidmead]
As in “a standard way”
iasai joined the channel
#
aaronpk
what do you mean "create posts"?
#
jeremycherfas
I'm rolling my own. Doesn't me4an there isn't a standard way, but I have not found one.
#
aaronpk
RSS is pretty frustrating to parse in PHP since you have to deal with XML libraries. there's also https://granary.io which can convert it to other formats.
#
snarfed
actually granary only does rss output right now, not input yet
#
Loqi
[snarfed] #137 RSS input
#
aaronpk
(i was assuming davidmead was using "RSS" as a catch-all term for XML feeds as most people do)
#
[davidmead]
thinking longterm about a way to create posts in Known from silos that only offer RSS feeds - I did this in Wordpress using a plugin called Maptico (I think)
#
[davidmead]
so I check in with Untappd and it creates a post on my blog - Like your OwnYourSwarm aaronpk
#
[jgmac1106]
an IFTT like recipe
#
aaronpk
you can get IFTTT to send a micropub request if you try hard enough too
#
[jgmac1106]
you can go untappd to IFTT to CSV already, maybe easier to start there? though never used it, not sure what table looks like
#
[davidmead]
I would love to get a plugin that I could manually enter a post (kind) that would also add something to Known to listen to RSS feeds and grab those too. A ‘drink’ plugin that I can manually enter that damn fine coffee in, but would grab beer from Untappd too
#
[jgmac1106]
What is a reader?
#
Loqi
A reader (AKA indie reader or social reader) in the context of the indieweb is the portion/feature integrated into an indieweb site that provides a way to read content from other indieweb sites, possibly including posts from the current site, and respond (like, comment, repost, etc) inline in the reading UI itself https://indieweb.org/reader
#
[jgmac1106]
Can you subscribe to your rss feed in your reader and then republish to the post to Known? What happens I never tried?
#
[jgmac1106]
forget that untappd is pretty good with their apis it looks like: https://untappd.com/api/docs#activityfeed
#
[jgmac1106]
looks like it requires you to build an app and I didn't read TOS, but if you can get data out like that somebody (not me) can get it into Known
#
snarfed
hey aaronpk, GWG, i just noticed there are three different wordpress implementation reports on micropub.rocks: https://micropub.rocks/implementation-reports/servers/
#
snarfed
(all with different results, naturally)
#
aaronpk
i assume done by different people testing their wordpress
#
snarfed
right, but i assume the goal is to show the status of implementations, not sites
#
snarfed
any chance you all could consolidate them down to one? the "wordpress-micropub" may be the most authoritative, but GWG this could be a chance to see if you've added support for any new tests since i did that one years ago
#
aaronpk
the report page was really part of the w3c process more than anything
#
aaronpk
but yeah i need to clean that up
#
snarfed
low priority
[kevinmarks] and iasai joined the channel
#
[kevinmarks]
Unmung.com will make rss into h-feed, so you could parse that and post each one.
#
[eddie]
That's how I currently import my podcast episodes into my website
snarfed joined the channel
#
@BeardOps
I'm a 10x developer. That is it takes me 10x the amount of time to write the same amount of code as other people.
(twitter.com/_/status/1091456027768250368)
#
Loqi
ok, I added "https://twitter.com/BeardOps/status/1091456027768250368" to a brand new "See Also" section of /User:Tantek.com https://indieweb.org/wiki/index.php?diff=57996&oldid=51221
chrisaldrich joined the channel
#
[davidmead]
thx kevinmarks, aaronpk, jgmac1106 for the RSS/Post info. Something to dive into
iasai joined the channel
#
[jgmac1106]
davidmead you are like the 147th person who wants to own their UNTAPPD posts, first time I looked at API info....hoe somebody way smarter than me really digs in, the unmung approach you will need to test to see what tags Known does and does not strip from the HTML,
#
[jgmac1106]
properties...haven't found any tags it removes
#
[davidmead]
I have a distant memory of someone forking OYS and using for Untappd, but I don’t think it actually worked.
#
[davidmead]
That’s why I’m adding to the list of “stuff I’m going to hack & slash at”
#
[jgmac1106]
your list is getting long, can't wait to see the thing you tackle next, ohh yeah update the Listen plugin if you haven't, I fixed the errant h2
#
[davidmead]
I’ll have to pull that down - I’m going to be “offline” for the next couple of days as The Division 2 starts and I’ll be neck deep gaming that 🙂
[schmarty], KartikPrabhu, iasai and snarfed joined the channel
#
[tantek]
would that be own your drinks? or own your brews? or ... ?
#
[tantek]
definitely waiting for that to come up in a Homebrew Website Club meetup 🙂
iasai, KartikPrabhu, snarfed, jackjamieson, [dougbeal], chrisaldrich, gRegorLove and [eddie] joined the channel
#
[tantek]
Kinda expecting this to get parodied / memed pretty hard (in a sarcastic way) https://twitter.com/SlackHQ/status/1103832235122274304
#
@SlackHQ
@log1kal It wasn't a widely used slash command, so we've done some spring cleaning of the Slack clients.
(twitter.com/_/status/1103832235122274304)
#
[tantek]
what is design
#
Loqi
Design is a catchall term used to refer to everything that affects users about a page/site including: Graphic design (including site icon) User interface design (UI design) User experience (UX) Information architecture (IA) URL design https://indieweb.org/design
snarfed joined the channel
#
[tantek]
design << How NOT to decide to remove features: https://twitter.com/SlackHQ/status/1103832235122274304 (see top message of thread and its replies for more)
#
@SlackHQ
@log1kal It wasn't a widely used slash command, so we've done some spring cleaning of the Slack clients.
(twitter.com/_/status/1103832235122274304)
#
Loqi
ok, I added "How NOT to decide to remove features: https://twitter.com/SlackHQ/status/1103832235122274304 (see top message of thread and its replies for more)" to the "See Also" section of /design https://indieweb.org/wiki/index.php?diff=58106&oldid=57007
iasai, [schmarty], [jgmac1106], [benatwork], [kevinmarks] and chrisaldrich joined the channel
#
[schmarty]
[grantcodes] really liking some of the indieauth-lib-wp stuff. I made a quick fork for this specific device flow proxy project: https://glitch.com/edit/#!/veil-mirror?path=lib/indieauth-authentication.js
#
[schmarty]
oops i should make that a tel
#
[schmarty]
!tell grantcodes liking the indieauth-lib-wp! i made a fork here with a couple of extra features: https://glitch.com/edit/#!/veil-mirror?path=lib/indieauth-authentication.js
#
Loqi
Ok, I'll tell them that when I see them next
[grantcodes] joined the channel
#
[grantcodes]
What did you add?
#
[schmarty]
i added an optional "extra_rels" map to getEndpointsFromUrl, since it's already fetched the page and parsed the rels.
#
[schmarty]
i also added an extra_args to getToken, so i can pass the PKCE verifier
#
[schmarty]
and removed the object-to-form-data stuff since that's used by micropub and not indieauth
#
[grantcodes]
Cool, that'll be useful, I thought about even just caching all the rels in a property
#
[schmarty]
you can see in index.js how i ended up using everything
#
[schmarty]
i think caching the rels in a property sounds great
#
[schmarty]
i also did a little dance to override the automatic state generation, because i wanted to preserve some local info for state rather than trying to pass a whole encrypted object around.
#
[schmarty]
despite those leaks for my weird use case it was totally usable!
#
[grantcodes]
With what I made I thought you had to manually use the function to generate the state so should be easy to use your own
#
[schmarty]
haha that sounds about right. i saw the functions and assumed they were called internally. i should have checked. 😂
#
[grantcodes]
It might be good to call them automatically if the user doesn't pass in a state but I hadn't really thought about that yet
#
[schmarty]
at the moment i like the optional-ness, since use cases may be very different.
#
[grantcodes]
Yeah and you're going to always have to manually run the function to check the state so makes sense you'd have to manually run it to generate the state too
#
[grantcodes]
But it's probably about good enough to get cleaned up, and put on GitHub and npm
#
[schmarty]
please consider storing all the rels and allowing extra args for getToken ;}
[cleverdevil] joined the channel
#
[grantcodes]
For sure, I'd count that as part of cleaning up 😛
#
[schmarty]
ooh, or, in place of the extra args for getToken, support PKCE via a this.options.pkce_verifier
snarfed joined the channel
#
[schmarty]
if present, generate its sha256 sum and add it to the auth args for getAuthUrl as pkce_challenge.
#
[grantcodes]
I'll make a blank GitHub repo to save these issues at least
#
[schmarty]
and then on getToken, if pkce_verifier is present, add it to the POST to the token endpoint as pkce_verifier.
#
[schmarty]
haha good clal.
barpthewire and iasai joined the channel
#
[grantcodes]
If you don't end up building it into the code somewhere could you write up the pkce stuff as an issue, can't say I fully understand it yet myself
#
GWG
I need to read up. I see PKCE talk
#
[grantcodes]
Cool, and probably more of a #meta question but it might be good to use the @indieweb org that I have on npm for this and the micropub helper. It's used in enough projects now I'd say to be considered pretty stable
#
[schmarty]
grantcodes: i'd be for that
barpthewire joined the channel; Mikaela left the channel
#
[grantcodes]
And if we did that we should probably move them to the indieweb GitHub too
[jgmac1106] and snarfed joined the channel
#
GWG
I just found a problem.
#
GWG
I need to talk this out
#
GWG
So, my token endpoint verifies directly, without querying my authorization endpoint
#
GWG
I was making it so my traditional auth code verification function worked, but I have no way of testing that
#
aaronpk
sign in to telegraph or something?
#
GWG
aaronpk: Wouldn't that be the same issue?
#
aaronpk
I am confused, which are you not able to test?
#
GWG
Well, I can't test the function where authorization code is verified by the authorization endpoint from the token endpoint because the token endpoint, being part of the same system, doesn't use that function
#
aaronpk
sure so you can test it by using an app that checks it at the authorization endpoint
#
GWG
Is there one?
#
aaronpk
yes, telegraph.p3k.io
#
aaronpk
and a bunch of others. anything that doesn't end up trying to post via micropub
#
aaronpk
indielogin.com will too
#
GWG
I have to build it into that flow.
#
GWG
The login flow.
#
GWG
PR needs more work
#
GWG
Does telegraph/indielogin support PKCE?
#
aaronpk
oh right I forgot you're talking about PKCE specifically
iasai joined the channel
#
GWG
So, how do I test this?>
#
aaronpk
you need a little client that does PKCE
#
aaronpk
that's how I tested mine yesterday
#
aaronpk
if you copy the example from the readme it's really quick to set one up https://github.com/indieweb/indieauth-client-php
#
Loqi
[indieweb] indieauth-client-php: Sample implementation and helper methods for an IndieAuth client.
#
aaronpk
you can even run it with the built in php server
#
GWG
Okay I will see what I can do.
#
GWG
I could use more testing
#
GWG
I wish I had a list of tests to perform
iasai joined the channel
#
aaronpk
yes I really need to do that on indieauth.rocks
#
GWG
aaronpk, would you have a list of things an Indieauth system should do off the top of your head?
#
aaronpk
yes I could write a description of a bunch of tests
#
GWG
If you ever do that, I want to improve my code
iasai joined the channel