#GWGaaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
valuemachine and [Slackbot]1 joined the channel
#[Slackbot]1aaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
#[aaronpk]haha no that means you get another copy so that you have a higher chance of reading it again?
gRegorLove joined the channel
#GWG[aaronpk]: Regrettably, it's a WordPress logic issue.
#[Slackbot]1@aaronpk: Regrettably, it's a WordPress logic issue.
valuemachine, [aaronpk], [Slackbot]1, lza1, KartikPrabhu, [KevinMarks], [Rose], cweiske, rhiaro, petermolnar_ and gRegorLove joined the channel
#@Motweet↩️ wahrscheinlich auch wieder eine automatische Lösung, aber „Antwort an...“ ist nicht aussagekräftig.
Finde das sehr spannend mit den Webmentions. Spätestens beim @Almcamp musst Du mir alles darüber erzählen bitte (twitter.com/_/status/1146314838735556608)
#[KevinMarks]I saw a polyfill for lazy loading images where you wrap them in <noscript> tags
swentel, valuemachine, pierreboc[m], jeremych_, jjuran, [grantcodes] and [jgmac1106] joined the channel
#petermolnar_jacky, [tantek]: does an instagram export not contain any bookmarks? The likes I'm not expecting but the bookmarks really should be in there.
#[aaronpk]GWG: whoever the logged in user is the URL that you should return, not the other way around
valuemachine joined the channel
#[aaronpk]In fact, you can pretty much just ignore the "me" URL that's in the request entirely. There's a discussion on the spec right now and it turns out that's only really useful for multi-domain authorization endpoints like IndieAuth.com
#GWGThe issue is how you assign the root of the domain
#GWGIf it was just using the /author/username format that WordPress uses for author archive pages...that would not be an issue
#[aaronpk]I thought there was a toggle for "single user mode" where it always returns the Wordpress base url regardless of which Wordpress user is logged in
#GWGNo. The Indieweb plugin has a single author setting
#[aaronpk]Oh right and doesn't this plugin read that setting?
#[aaronpk]I can't keep track of which plugin does what
#GWGBut if it always returns the base URL.. then it issues all tokens in the credentials of that user, even if another user requested them
#[jgmac1106]My literacyeverday.org site is multiuser. Welcome to play there
#[jgmac1106]Or just say "On the IndieWeb a user is associated with their url? Therefore multi author sites are not supported?"
#[jgmac1106]Wonder what happens on mutli user Known sites with IndieAuth
#Zegnat(Same goes for granting scopes. If they control the the token endpoint URL, they control the scopes.)
#ZegnatNote that from a security perspective, any user with access to plugins or the theme can be allowed to authenticate as the root site. Since they are in charge of chosing the auth endpoint anyway and could swap it out for one that lets them do it.
#[jgmac1106]So maybe that could be solution gwg, a custom endpoint created on any user page in a multiuser WP install used to log in
#ZegnatThey don’t need custom endpoints. WP just needs to not reply with a me-value equal to the site root if the user isn’t allowed to act as the site root
#GWGBut either way, I need to document the scenarios and write a solution that secures them all, even if I am not building out further functionality around them
#aaronpkThat does look pretty nice, at least it just publishes a static site. But anything that says "ProGram is super easy to use!" Followed by "npm -i" is out for me
#[tantek]to be fair, it does start with "A CLI-Based" so at least it's upfront