#dev 2019-03-12

2019-03-12 UTC
iasai and snarfed joined the channel
#
@ritou
「IndieAuth は OpenID 2.0 いや、OpenID 1.1 のように自らの URL から IdP のエンドポイントを探して認証を要求する...ってのを OAuth 2.0 でやる」 みたいな、なんかすごく懐かしい気がするけど、OIDCとの違いあたりを見るとなんとなくムズムズする。 https://indieauth.net/
(twitter.com/_/status/1105277203623829505)
iasai and KartikPrabhu joined the channel
#
GWG
aaronpk: If the PKCE fails, what should happen?
#
aaronpk
what should the server return?
#
GWG
aaronpk: Yes
#
GWG
I just tried returning a standard OAuth Response and Quill crashed.
#
aaronpk
error: invalid_request
#
aaronpk
what happened with quill?
KartikPrabhu joined the channel
#
GWG
aaronpk: Error Exception, undefined index me
#
GWG
I'm guessing it isn't checking for an error response
#
aaronpk
that's odd, it should have recognized it failed
#
GWG
Type: ErrorExceptionCode: 8Message: Undefined index: meFile: /web/sites/quill.p3k.io/vendor/indieauth/client/src/IndieAuth/Client.phpLine: 127
#
aaronpk
ooh in indieauth-client even
#
aaronpk
i'll take a look
#
aaronpk
oh I think I know what happened
#
GWG
Oh?
#
aaronpk
quill uses indieauth-client in debug mode and I forgot to test the failures in that mode
#
aaronpk
GWG: should be fixed now
#
GWG
It now returns, The authorization code was not able to be verified
#
GWG
aaronpk: Now I have to figure out why it isn't working though.
#
aaronpk
I can take a look if you'd like
#
GWG
Well, I listed you as a reviewer, but let me push the change that verifies when both endpoints are in the same system.
#
aaronpk
oh is this already up on github?
#
aaronpk
SHA256 should be S256
#
Loqi
consistency has -1 karma over the last year
#
jacky
consistency--
#
aaronpk
I don't actually know why they went with "S256"
#
aaronpk
GWG: you'll also need to replace base64_encode with a function that does URL-safe base64 encoding
#
GWG
aaronpk: I borrowed yours.
#
GWG
I'm fixing it now
#
GWG
Yes
#
GWG
aaronpk: Pushed now.
#
GWG
I think I have it, but would welcome your review
ben_thatmustbeme joined the channel
#
aaronpk
does it work with quill now?
iasai joined the channel
#
GWG
Yes
#
GWG
It fails when I sabotage it.
#
GWG
So, so far so good
#
GWG
Still wouldn't mind the aaronpk auth expert seal of approval
#
GWG
Is there a known history of attacks mitigated by PKCE?
#
aaronpk
yes, it's to protect against someone stealing an authorization code
#
aaronpk
there are a number of ways that can and has happened
#
GWG
I need to put in a cleanup function for codes, just in case they aren't purged
#
GWG
aaronpk: At some point, I was going to write that this was available.
#
aaronpk
hm I just installed the indieauth plugin in my test wordpress but it's not adding the link rels
#
GWG
That's strange.
#
GWG
It should.
#
GWG
Didn't touch anything re that.
#
aaronpk
is there a setting i'm missing? I activated the plugin
#
GWG
I just checked.
#
GWG
It isn't showing on mine. Only the header ones.
#
GWG
Let me look at the code
#
aaronpk
i'm not seeing the header ones eithe
#
aaronpk
this is wordpress 4.9.9
#
GWG
Weird.
#
GWG
Is there a limit to the number of links in a header?
#
aaronpk
probably at some point?
#
aaronpk
the only header mine is returning is wordpress' rel="https://api.w.org/"
#
GWG
Odd
#
GWG
You sure it is active?
#
GWG
Not sure
#
aaronpk
I replaced if ( is_author() || is_front_page() ) with if (true) and then it displays
#
aaronpk
apparently neither of those conditions are true in my install
#
aaronpk
hmm my wordpress is installed in a subfolder, I wonder if that's part of it
#
aaronpk
aha yep that's it. I think I moved it to a subfolder so siteurl in the database doesn't actually match the real URL
iasai joined the channel
#
aaronpk
ok I moved it back to the root of the domain
#
aaronpk
hm I think I need to scrap this and start again
#
aaronpk
ok brand new install and it works *whew*
#
aaronpk
now trying a few things with my pkce client
#
aaronpk
looks great!
#
GWG
aaronpk: Still checking the header issue, but it looks like this is ready to merge.
#
aaronpk
my wordpress was just confused about what its base URL was
#
GWG
I'll merge and push it then
#
GWG
Ooops
#
GWG
Forgot to bump the version
iasai joined the channel
#
GWG
Might as well add some documentation if I need to change that
#
aaronpk
documentation++
#
Loqi
documentation has 4 karma over the last year
iasai, [tonz], raucao, barpthewire, cweiske, swentel, [jgmac1106], swentie, [grantcodes], jjuran, [kevinmarks], KartikPrabhu and j4y_funabashi joined the channel
#
j4y_funabashi
Morning indieweb crew. I have recently added q=source support to my media server and some brief documentation here -> https://indieweb.org/micropub_media_endpoint#Query_media_by_URL
#
GWG
j4y_funabashi: I know source is matching the micropub endpoint, but it isn't source exactly.
#
j4y_funabashi
GWG yeah I didnt really want to deviate from micropub syntax too much and naming is hard so just stuck with that.
#
GWG
What are you using the query for?
#
j4y_funabashi
If anyone else implements this I am happy to go with consensus
#
GWG
I don't yet have a use case.
#
j4y_funabashi
GWG my micropub client is going to list all media that comes back from this query for me to add to posts.
#
GWG
Should be interesting to see
#
GWG
If there is a client that does it, that might be the use case for others to implement and iterate on it
#
j4y_funabashi
GW if you can log in here you can see a stubbed out demo: http://okami.funabashi.co.uk/login
#
GWG
Bookmarking that for later
#
j4y_funabashi
I have photos + videos sat on memory cards of a couple of devices and am scared of losing them so I want to upload everything to my media server so I can post it to my site later
jeremych_ joined the channel
#
j4y_funabashi
Next step is to wire up the client to the media server. Also building a cli client that will push everything from memory card to media server.
#
j4y_funabashi
Then I can have a bit more piece of mind :)
[Vincent] joined the channel
#
[Vincent]
@j4y_funabashi nice one Jay 🙂
[xavierroy], [kevinmarks], snarfed and [grantcodes] joined the channel
#
[grantcodes]
!tell schmarty no PKCE yet but slightly improve indieauth lib is up at https://github.com/grantcodes/indieauth-helper feel free to install it directly from github to test in projects
#
Loqi
Ok, I'll tell them that when I see them next
[eddie] joined the channel
#
[eddie]
j4y_funabashi: that’s a great idea! the ability to do that with my media endpoint is definitely on my it list!!
#
[eddie]
Around the query naming, if you were to break it down to the individual level first, like Micropub did and say you provide a url for a photo and get data back on it, I would call it info
#
[eddie]
So then an info query without a url is a list of photo info, so when I build it in mine if there haven’t been any other changes/proposals, I will probably do ?q=info on mine
#
[eddie]
Then I can do ?q=info&url=URL to just get info on a single file if I already know the url
snarfed joined the channel
#
swentel
hmm there's a proposal I think
#
swentel
oh wait, a list, mm
#
[eddie]
There is? For the media endpoint?
#
j4y_funabashi
[eddie]: Yeah I would be happy to change the q=xxx value to whatever people decide. Certainly not precious about it.
#
swentel
that's the only think I can find
#
swentel
GWG added that link to add it to indigenous
#
[eddie]
Ohh yeah that’s just the last file
#
swentel
that's for the last photo at least
#
[eddie]
As opposed to a list
#
[eddie]
And I would assume the ability to page or something when the list gets big
#
j4y_funabashi
The next slightly tricky part I am planning is for my media server to accept webmentions. That way I can know which photos I have already published to my site
#
j4y_funabashi
So I can then mark them as 'published' in the query response so clients can filter out photos that have already been added
#
[eddie]
Ohhhh interesting. I literally had just been thinking “I’ll want to figure out a way to tell when a photo has been published though...”
#
j4y_funabashi
Otherwise I would have to scroll through thousands of photos and remember which ones to add
#
[eddie]
Definitely
#
j4y_funabashi
[eddie]: Yeah if your site already sends mentions to all links in a post then you already have the first half done
#
j4y_funabashi
[eddie]: I have been thinking through this for a while :)
#
[eddie]
j4y_funabashi++
#
Loqi
j4y_funabashi has 1 karma in this channel over the last year (2 in all channels)
#
j4y_funabashi
[eddie]: Does your media endpoint extract exif data from photos? Mine currently gets date_time (which I use for the h-entry published date) and lat/lng if available
iasai joined the channel
#
[eddie]
Mine is currently very basic
#
[eddie]
Add file, get url
#
[eddie]
It’s also built into my site right now
#
[eddie]
I actually want to move it to amazon s3 through AWS gateway
dougbeal|mb1 joined the channel
#
j4y_funabashi
ah yeah I store everything on s3
snarfed and iasai joined the channel
[jgmac1106], [dougbeal], snarfed, petermolnar_, rhiaro_ and [schmarty] joined the channel
#
Loqi
[schmarty]: [grantcodes] left you a message 1 hour, 10 minutes ago: no PKCE yet but slightly improve indieauth lib is up at https://github.com/grantcodes/indieauth-helper feel free to install it directly from github to test in projects
#
[schmarty]
[grantcodes]: very nice!
#
[schmarty]
grantcodes++
#
Loqi
grantcodes has 21 karma in this channel over the last year (39 in all channels)
raucao joined the channel
#
[grantcodes]
When getting a token from a token endpoint will the `grant_type` always be `authorization_code`? I found this https://aaronparecki.com/oauth-2-simplified/#others but not sure if it applied to IndieAuth or only OAuth
blueyed joined the channel
#
sknebel
IndieAuth only knows authorization_code, yes
#
[grantcodes]
Ok cool, thanks sknebel
[stefp] and iasai joined the channel
#
[grantcodes]
Ok I think I final IndieAuth related question for now RE PKCE: Is it pointless to generate a code verifier that is not totally random but unique for each user / domain? It's obviously not as strong as a truly random string but it means I could automatically build it into the helper library because it has no idea of storage / session
#
[schmarty]
haha grantcodes i was just replying on the GH issue.
[kevinmarks] joined the channel
#
[grantcodes]
Well figured some people here might know about it too 😛
#
[schmarty]
haha yeah i am hoping for aaronpk to chime in 😆
#
[grantcodes]
I guess it's the case of is it better to have a less random PKCE code verifier than none at all?
#
[schmarty]
as long as it can be overridden by the caller, i am happy
#
[grantcodes]
For sure will make it an option
#
[grantcodes]
I will probably make it the same as I did for the state. It is an option you can pass in, but if you omit it one is automatically generated for you
eli_oat and [dougbeal] joined the channel
#
jeremycherfas
Making slow and steady progress. That is all.
#
j4y_funabashi
jeremycherfas: having fun though?
#
jeremycherfas
Oh yes! Getting to grips with imagemagick (because I just couldn't fathom GD) to resize and image and preserve its type. Very satisfying.
jackjamieson, [stefp], iasai and snarfed joined the channel
#
snarfed
imagemagick++
#
Loqi
imagemagick has 1 karma over the last year
#
jeremycherfas
It is mostly overkill for my needs, but when you gifure out the bits and pieces it is amazing.
iasai, [grantcodes], snarfed, [eddie], [schmarty], [kim_landwehr], gRegorLove, anth_x, barpthewire, [Vincent], [jgmac1106] and [tantek] joined the channel
#
@jgmac1106
Here is major reason I am exploring and developing webmention badges: https://www.edsurge.com/news/2019-03-12-who-owns-digital-badges-a-company-s-patent-on-credentials-raises-questions We don't need some third party service, or backpacks that switch hands more than hand-me-downs. Own your assessment from your own domain, your url is your… https://quickthoughts.jgregorymcverry.com/2019/03/12/here-is-major-reason-i-am-exploring
(twitter.com/_/status/1105534043448315905)
snarfed, [kevinmarks], [schmarty], iasai and swentel joined the channel
#
swentel
jacky, you tried sending me a webmention on reply/content/1824 this sunday right, for https://v2.jacky.wtf/post/c37bf20a-e431-4bb0-a7ee-14f502e3c721 ?
#
swentel
it looks like the source was missing the domain, so I only got '/post/c37bf20a-e431-4bb0-a7ee-14f502e3c721'
#
swentel
and by source, the source property in the post request
#
swentel
it's ok now after I added the domain and reprocessed it
iasai joined the channel
#
swentel
but, just wanted to let you know
barpthewire, [kimberlyhirsh] and iasai joined the channel
#
@jgmac1106
Look at the Record https://telegraph.p3k.io leaves when issuing webmention badge #OpenBadges https://t.co/Gbjj1a8Rc4
(twitter.com/_/status/1105556478155472896)
KartikPrabhu, [stefp], [chrisaldrich], eli_oat, snarfed, iasai and [jgmac1106] joined the channel
#
[jgmac1106]
just thinking as we thought about owning your Untappd as each beer checkin is a mix of a review and a checkin at a venue with people tagging
[schmarty] joined the channel
#
[schmarty]
what will consume this?
#
[schmarty]
also saying i ate/drank a thing is not the same as wanting to give my review of it
#
[jgmac1106]
no but the beer ratings had star reviews...we were thinking Bridgy
#
[schmarty]
in my version of "IndTapped" these would have to be different things
#
[schmarty]
i drank a thing and that might have a location
#
[schmarty]
and i rated a thing and that's a separate post
#
[schmarty]
(these could both live at the same permalink)
#
Loqi
[snarfed] #863 new silo: Untappd
#
[jgmac1106]
yeah that is what I wrote originally these are like two post types in one
snarfed joined the channel
#
[jgmac1106]
but this happens to me a ton with read, watch, and listen ...how much reviewing before something becomes a review...again all academic...untappd for me is a review given the rating system
#
[jgmac1106]
maybe i just use that for my mental imagery have a scale=review
#
[schmarty]
again i think it comes down to the consuming case
#
@jgmac1106
↩️ @OnlineCrsLady check this out for a new form of gradebook http://edu407.jgregorymcverry.com/badges.html If students do not earn badge get email or comment explaining revisions to make. After spring break students will apply for webmention badges and explain how… https://quickthoughts.jgregorymcverry.com/2019/03/12/ken_bauer-onlinecrslady-check-this-out-for
(twitter.com/_/status/1105572092194537474)
iasai, [ken], [grantcodes] and snarfed joined the channel
#
GWG
I need some help on a description for Indieauth
#
sknebel
GWG: details? I can try to help
#
GWG
I am trying to improve the readme for Indieauth for WordPress
#
GWG
For the non initiated
#
Loqi
[dshanske] #132 331
iasai joined the channel
#
aaronpk
there might be some text on indieauth.net you can use, not sure if it's the right audience tho
#
GWG
aaronpk, that what I want helo brainstorming
#
GWG
I tried to be more general
#
sknebel
tricky into how much detail to go.
#
sknebel
on first read I feel like there's a bit too much going in that text, and some things maybe don't need to be in there, but need to think about that more. will try to give more concrete feedback the next few days
iasai and KartikPrabhu joined the channel; gRegorLove left the channel
#
GWG
WordPress parses it into sections
[tantek] joined the channel
#
[tantek]
what is engagement
#
Loqi
engagement is after you propose marriage but before the wedding https://indieweb.org/engagement
#
aaronpk
wat haha
#
aaronpk
engagement << lulz
#
Loqi
ok, I added "[[lulz]]" to a brand new "See Also" section of /engagement https://indieweb.org/wiki/index.php?diff=58140&oldid=50284
#
[tantek]
hah at least it wasn't defined by me this time! ([snarfed] 😂)
#
[tantek]
what is reach
#
Loqi
reach is usually used to refer to the number or extent of people that see or are at least shown a specific post (of yours) in whatever aggregator or reader app, site, or home (news) feed feature of a silo that they use to view posts https://indieweb.org/reach
#
[tantek]
reach << Criticism: reach is a lie that can be bought: https://twitter.com/JamieJBartlett/status/1105151495773847552
#
@JamieJBartlett
I’m completely obsessed by click farms - where thousands of machines are lined up to generate fake engagement. https://twitter.com/EnglishRussia1/status/862661011882561537/video/1
(twitter.com/_/status/1105151495773847552)
#
Loqi
ok, I added "Criticism: reach is a lie that can be bought: https://twitter.com/JamieJBartlett/status/1105151495773847552" to the "See Also" section of /reach https://indieweb.org/wiki/index.php?diff=58141&oldid=48773
#
[tantek]
lulz << engagement
#
Loqi
ok, I added "https://twitter.com/JamieJBartlett/status/1105151495773847552" to the "See Also" section of /engagement https://indieweb.org/wiki/index.php?diff=58143&oldid=58140
[jgmac1106] joined the channel