#dev 2019-03-12

2019-03-12 UTC
iasai and snarfed joined the channel
#
@ritou 「IndieAuth は OpenID 2.0 いや、OpenID 1.1 のように自らの URL から IdP のエンドポイントを探して認証を要求する...ってのを OAuth 2.0 でやる」 みたいな、なんかすごく懐かしい気がするけど、OIDCとの違いあたりを見るとなんとなくムズムズする。 https://indieauth.net/ (twitter.com/_/status/1105277203623829505)
iasai and KartikPrabhu joined the channel
#
GWG aaronpk: If the PKCE fails, what should happen?
#
aaronpk what should the server return?
#
GWG aaronpk: Yes
#
aaronpk https://tools.ietf.org/html/rfc7636#section-4.4.1
#
GWG I just tried returning a standard OAuth Response and Quill crashed.
#
aaronpk error: invalid_request
#
aaronpk what happened with quill?
KartikPrabhu joined the channel
#
GWG aaronpk: Error Exception, undefined index me
#
GWG I'm guessing it isn't checking for an error response
#
aaronpk that's odd, it should have recognized it failed
#
GWG Type: ErrorExceptionCode: 8Message: Undefined index: meFile: /web/sites/quill.p3k.io/vendor/indieauth/client/src/IndieAuth/Client.phpLine: 127
#
aaronpk ooh in indieauth-client even
#
aaronpk i'll take a look
#
aaronpk oh I think I know what happened
#
GWG Oh?
#
aaronpk quill uses indieauth-client in debug mode and I forgot to test the failures in that mode
#
aaronpk GWG: should be fixed now
#
GWG It now returns, The authorization code was not able to be verified
#
aaronpk great
#
GWG aaronpk: Now I have to figure out why it isn't working though.
#
aaronpk I can take a look if you'd like
#
GWG Well, I listed you as a reviewer, but let me push the change that verifies when both endpoints are in the same system.
#
aaronpk oh is this already up on github?
#
aaronpk SHA256 should be S256
#
Loqi consistency has -1 karma over the last year
#
jacky consistency--
#
aaronpk I don't actually know why they went with "S256"
#
aaronpk GWG: you'll also need to replace base64_encode with a function that does URL-safe base64 encoding
#
GWG aaronpk: I borrowed yours.
#
GWG I'm fixing it now
#
aaronpk k
#
aaronpk this one I assume? https://github.com/indieweb/indieauth-client-php/blob/master/src/IndieAuth/Client.php#L472
#
GWG Yes
#
aaronpk 👍
#
GWG aaronpk: Pushed now.
#
GWG I think I have it, but would welcome your review
ben_thatmustbeme joined the channel
#
aaronpk does it work with quill now?
iasai joined the channel
#
GWG Yes
#
GWG It fails when I sabotage it.
#
GWG So, so far so good
#
aaronpk great
#
GWG Still wouldn't mind the aaronpk auth expert seal of approval
#
GWG Is there a known history of attacks mitigated by PKCE?
#
aaronpk yes, it's to protect against someone stealing an authorization code
#
aaronpk there are a number of ways that can and has happened
#
GWG I need to put in a cleanup function for codes, just in case they aren't purged
#
GWG aaronpk: At some point, I was going to write that this was available.
#
aaronpk hm I just installed the indieauth plugin in my test wordpress but it's not adding the link rels
#
GWG That's strange.
#
GWG It should.
#
GWG Didn't touch anything re that.
#
aaronpk is there a setting i'm missing? I activated the plugin
#
GWG I just checked.
#
GWG It isn't showing on mine. Only the header ones.
#
GWG Let me look at the code
#
aaronpk i'm not seeing the header ones eithe
#
aaronpk r
#
aaronpk this is wordpress 4.9.9
#
GWG Weird.
#
GWG Is there a limit to the number of links in a header?
#
aaronpk probably at some point?
#
aaronpk the only header mine is returning is wordpress' rel="https://api.w.org/"
#
GWG Odd
#
GWG You sure it is active?
#
aaronpk yea
#
GWG Not sure
#
aaronpk I replaced if ( is_author() || is_front_page() ) with if (true) and then it displays
#
aaronpk apparently neither of those conditions are true in my install
#
aaronpk https://github.com/indieweb/wordpress-indieauth/blob/master/includes/class-indieauth-authorize.php#L54
#
aaronpk hmm my wordpress is installed in a subfolder, I wonder if that's part of it
#
aaronpk aha yep that's it. I think I moved it to a subfolder so siteurl in the database doesn't actually match the real URL
iasai joined the channel
#
aaronpk ok I moved it back to the root of the domain
#
aaronpk hm I think I need to scrap this and start again
#
aaronpk ok brand new install and it works *whew*
#
aaronpk now trying a few things with my pkce client
#
aaronpk looks great!
#
GWG aaronpk: Still checking the header issue, but it looks like this is ready to merge.
#
aaronpk my wordpress was just confused about what its base URL was
#
GWG I'll merge and push it then
#
GWG Ooops
#
GWG Forgot to bump the version
iasai joined the channel
#
GWG Might as well add some documentation if I need to change that
#
aaronpk documentation++
#
Loqi documentation has 4 karma over the last year
iasai, [tonz], raucao, barpthewire, cweiske, swentel, [jgmac1106], swentie, [grantcodes], jjuran, [kevinmarks], KartikPrabhu and j4y_funabashi joined the channel
#
j4y_funabashi Morning indieweb crew. I have recently added q=source support to my media server and some brief documentation here -> https://indieweb.org/micropub_media_endpoint#Query_media_by_URL
#
GWG j4y_funabashi: I know source is matching the micropub endpoint, but it isn't source exactly.
#
j4y_funabashi GWG yeah I didnt really want to deviate from micropub syntax too much and naming is hard so just stuck with that.
#
GWG What are you using the query for?
#
j4y_funabashi If anyone else implements this I am happy to go with consensus
#
GWG I don't yet have a use case.
#
j4y_funabashi GWG my micropub client is going to list all media that comes back from this query for me to add to posts.
#
GWG Ok
#
GWG Should be interesting to see
#
GWG If there is a client that does it, that might be the use case for others to implement and iterate on it
#
j4y_funabashi GW if you can log in here you can see a stubbed out demo: http://okami.funabashi.co.uk/login
#
GWG Bookmarking that for later
#
j4y_funabashi I have photos + videos sat on memory cards of a couple of devices and am scared of losing them so I want to upload everything to my media server so I can post it to my site later
jeremych_ joined the channel
#
j4y_funabashi Next step is to wire up the client to the media server. Also building a cli client that will push everything from memory card to media server.
#
j4y_funabashi Then I can have a bit more piece of mind :)
[Vincent] joined the channel
#
[Vincent] @j4y_funabashi nice one Jay 🙂
[xavierroy], [kevinmarks], snarfed and [grantcodes] joined the channel
#
[grantcodes] !tell schmarty no PKCE yet but slightly improve indieauth lib is up at https://github.com/grantcodes/indieauth-helper feel free to install it directly from github to test in projects
#
Loqi Ok, I'll tell them that when I see them next
[eddie] joined the channel
#
[eddie] j4y_funabashi: that’s a great idea! the ability to do that with my media endpoint is definitely on my it list!!
#
[eddie] Around the query naming, if you were to break it down to the individual level first, like Micropub did and say you provide a url for a photo and get data back on it, I would call it info
#
[eddie] So then an info query without a url is a list of photo info, so when I build it in mine if there haven’t been any other changes/proposals, I will probably do ?q=info on mine
#
[eddie] Then I can do ?q=info&url=URL to just get info on a single file if I already know the url
snarfed joined the channel
#
swentel hmm there's a proposal I think
#
swentel oh wait, a list, mm
#
[eddie] There is? For the media endpoint?
#
j4y_funabashi [eddie]: Yeah I would be happy to change the q=xxx value to whatever people decide. Certainly not precious about it.
#
[eddie] 👍
#
swentel hmm https://indieweb.org/micropub_media_endpoint#Query_the_last_thing_uploaded
#
swentel that's the only think I can find
#
swentel GWG added that link to add it to indigenous
#
[eddie] Ohh yeah that’s just the last file
#
swentel that's for the last photo at least
#
[eddie] As opposed to a list
#
swentel right
#
[eddie] And I would assume the ability to page or something when the list gets big
#
swentel right
#
j4y_funabashi The next slightly tricky part I am planning is for my media server to accept webmentions. That way I can know which photos I have already published to my site
#
j4y_funabashi So I can then mark them as 'published' in the query response so clients can filter out photos that have already been added
#
[eddie] Ohhhh interesting. I literally had just been thinking “I’ll want to figure out a way to tell when a photo has been published though...”
#
j4y_funabashi Otherwise I would have to scroll through thousands of photos and remember which ones to add
#
[eddie] Definitely
#
j4y_funabashi [eddie]: Yeah if your site already sends mentions to all links in a post then you already have the first half done
#
j4y_funabashi [eddie]: I have been thinking through this for a while :)
#
[eddie] j4y_funabashi++
#
Loqi j4y_funabashi has 1 karma in this channel over the last year (2 in all channels)
#
j4y_funabashi [eddie]: Does your media endpoint extract exif data from photos? Mine currently gets date_time (which I use for the h-entry published date) and lat/lng if available
iasai joined the channel
#
[eddie] Mine is currently very basic
#
[eddie] Add file, get url
#
[eddie] It’s also built into my site right now
#
[eddie] I actually want to move it to amazon s3 through AWS gateway
dougbeal|mb1 joined the channel
#
j4y_funabashi ah yeah I store everything on s3
snarfed and iasai joined the channel
#
[eddie] Nice!
[jgmac1106], [dougbeal], snarfed, petermolnar_, rhiaro_ and [schmarty] joined the channel
#
[schmarty] .
#
Loqi [schmarty]: [grantcodes] left you a message 1 hour, 10 minutes ago: no PKCE yet but slightly improve indieauth lib is up at https://github.com/grantcodes/indieauth-helper feel free to install it directly from github to test in projects
#
[schmarty] [grantcodes]: very nice!
#
[schmarty] grantcodes++
#
Loqi grantcodes has 21 karma in this channel over the last year (39 in all channels)
raucao joined the channel
#
[grantcodes] When getting a token from a token endpoint will the `grant_type` always be `authorization_code`? I found this https://aaronparecki.com/oauth-2-simplified/#others but not sure if it applied to IndieAuth or only OAuth
blueyed joined the channel
#
sknebel IndieAuth only knows authorization_code, yes
#
[grantcodes] Ok cool, thanks sknebel
[stefp] and iasai joined the channel
#
[grantcodes] Ok I think I final IndieAuth related question for now RE PKCE: Is it pointless to generate a code verifier that is not totally random but unique for each user / domain? It's obviously not as strong as a truly random string but it means I could automatically build it into the helper library because it has no idea of storage / session
#
[schmarty] haha grantcodes i was just replying on the GH issue.
[kevinmarks] joined the channel
#
[grantcodes] Well figured some people here might know about it too 😛
#
[schmarty] haha yeah i am hoping for aaronpk to chime in 😆
#
[grantcodes] I guess it's the case of is it better to have a less random PKCE code verifier than none at all?
#
[schmarty] as long as it can be overridden by the caller, i am happy
#
[grantcodes] For sure will make it an option
#
[grantcodes] I will probably make it the same as I did for the state. It is an option you can pass in, but if you omit it one is automatically generated for you
eli_oat and [dougbeal] joined the channel
#
jeremycherfas Making slow and steady progress. That is all.
#
j4y_funabashi jeremycherfas: having fun though?
#
jeremycherfas Oh yes! Getting to grips with imagemagick (because I just couldn't fathom GD) to resize and image and preserve its type. Very satisfying.
jackjamieson, [stefp], iasai and snarfed joined the channel
#
snarfed imagemagick++
#
Loqi imagemagick has 1 karma over the last year
#
jeremycherfas It is mostly overkill for my needs, but when you gifure out the bits and pieces it is amazing.
iasai, [grantcodes], snarfed, [eddie], [schmarty], [kim_landwehr], gRegorLove, anth_x, barpthewire, [Vincent], [jgmac1106] and [tantek] joined the channel
#
@jgmac1106 Here is major reason I am exploring and developing webmention badges: https://www.edsurge.com/news/2019-03-12-who-owns-digital-badges-a-company-s-patent-on-credentials-raises-questions We don't need some third party service, or backpacks that switch hands more than hand-me-downs. Own your assessment from your own domain, your url is your… https://quickthoughts.jgregorymcverry.com/2019/03/12/here-is-major-reason-i-am-exploring (twitter.com/_/status/1105534043448315905)
snarfed, [kevinmarks], [schmarty], iasai and swentel joined the channel
#
swentel jacky, you tried sending me a webmention on reply/content/1824 this sunday right, for https://v2.jacky.wtf/post/c37bf20a-e431-4bb0-a7ee-14f502e3c721 ?
#
swentel it looks like the source was missing the domain, so I only got '/post/c37bf20a-e431-4bb0-a7ee-14f502e3c721'
#
swentel and by source, the source property in the post request
#
swentel it's ok now after I added the domain and reprocessed it
iasai joined the channel
#
swentel but, just wanted to let you know
barpthewire, [kimberlyhirsh] and iasai joined the channel
#
@jgmac1106 Look at the Record https://telegraph.p3k.io leaves when issuing webmention badge #OpenBadges https://t.co/Gbjj1a8Rc4 (twitter.com/_/status/1105556478155472896)
KartikPrabhu, [stefp], [chrisaldrich], eli_oat, snarfed, iasai and [jgmac1106] joined the channel
#
[jgmac1106] What do others think: https://github.com/cleverdevil/Known-Food/issues/6
#
[jgmac1106] just thinking as we thought about owning your Untappd as each beer checkin is a mix of a review and a checkin at a venue with people tagging
[schmarty] joined the channel
#
[schmarty] what will consume this?
#
[schmarty] also saying i ate/drank a thing is not the same as wanting to give my review of it
#
[jgmac1106] no but the beer ratings had star reviews...we were thinking Bridgy
#
[schmarty] in my version of "IndTapped" these would have to be different things
#
[schmarty] i drank a thing and that might have a location
#
[schmarty] and i rated a thing and that's a separate post
#
[jgmac1106] https://github.com/snarfed/bridgy/issues/863
#
[schmarty] (these could both live at the same permalink)
#
Loqi [snarfed] #863 new silo: Untappd
#
[jgmac1106] yeah that is what I wrote originally these are like two post types in one
snarfed joined the channel
#
[jgmac1106] but this happens to me a ton with read, watch, and listen ...how much reviewing before something becomes a review...again all academic...untappd for me is a review given the rating system
#
[jgmac1106] maybe i just use that for my mental imagery have a scale=review
#
[schmarty] again i think it comes down to the consuming case
#
@jgmac1106 ↩️ @OnlineCrsLady check this out for a new form of gradebook http://edu407.jgregorymcverry.com/badges.html If students do not earn badge get email or comment explaining revisions to make. After spring break students will apply for webmention badges and explain how… https://quickthoughts.jgregorymcverry.com/2019/03/12/ken_bauer-onlinecrslady-check-this-out-for (twitter.com/_/status/1105572092194537474)
iasai, [ken], [grantcodes] and snarfed joined the channel
#
GWG I need some help on a description for Indieauth
#
sknebel GWG: details? I can try to help
#
GWG I am trying to improve the readme for Indieauth for WordPress
#
GWG For the non initiated
#
GWG https://github.com/indieweb/wordpress-indieauth/pull/132
#
Loqi [dshanske] #132 331
iasai joined the channel
#
aaronpk there might be some text on indieauth.net you can use, not sure if it's the right audience tho
#
GWG aaronpk, that what I want helo brainstorming
#
GWG I tried to be more general
#
sknebel tricky into how much detail to go.
#
sknebel on first read I feel like there's a bit too much going in that text, and some things maybe don't need to be in there, but need to think about that more. will try to give more concrete feedback the next few days
#
sknebel (for easy access/logs, link to the rendered view of the text: https://github.com/indieweb/wordpress-indieauth/blob/f7b927fdd837bf7d3e022aab1feaedf89f619553/readme.md )
iasai and KartikPrabhu joined the channel; gRegorLove left the channel
#
GWG WordPress parses it into sections
[tantek] joined the channel
#
[tantek] what is engagement
#
Loqi engagement is after you propose marriage but before the wedding https://indieweb.org/engagement
#
aaronpk wat haha
#
aaronpk engagement << lulz
#
Loqi ok, I added "[[lulz]]" to a brand new "See Also" section of /engagement https://indieweb.org/wiki/index.php?diff=58140&oldid=50284
#
[tantek] hah at least it wasn't defined by me this time! ([snarfed] 😂)
#
[tantek] what is reach
#
Loqi reach is usually used to refer to the number or extent of people that see or are at least shown a specific post (of yours) in whatever aggregator or reader app, site, or home (news) feed feature of a silo that they use to view posts https://indieweb.org/reach
#
[tantek] reach << Criticism: reach is a lie that can be bought: https://twitter.com/JamieJBartlett/status/1105151495773847552
#
@JamieJBartlett I’m completely obsessed by click farms - where thousands of machines are lined up to generate fake engagement. https://twitter.com/EnglishRussia1/status/862661011882561537/video/1 (twitter.com/_/status/1105151495773847552)
#
Loqi ok, I added "Criticism: reach is a lie that can be bought: https://twitter.com/JamieJBartlett/status/1105151495773847552" to the "See Also" section of /reach https://indieweb.org/wiki/index.php?diff=58141&oldid=48773
#
[tantek] lulz << engagement
#
Loqi ok, I added "[[engagement]]" to the "See Also" section of /lulz https://indieweb.org/wiki/index.php?diff=58142&oldid=55643
#
[tantek] engagement << https://twitter.com/JamieJBartlett/status/1105151495773847552
#
Loqi ok, I added "https://twitter.com/JamieJBartlett/status/1105151495773847552" to the "See Also" section of /engagement https://indieweb.org/wiki/index.php?diff=58143&oldid=58140
[jgmac1106] joined the channel