#dev 2019-07-03

2019-07-03 UTC
gRegorLove joined the channel
#
GWG
I think I have a significant problem I need to figure out.
#
GWG
I just discovered a rather significant bug.
#
GWG
But I'm not sure the logic to fix it
BenLubar joined the channel
#
jacky
wants to retroactively capture his likes and bookmarks from Instagram to his website
#
GWG
Hi, jacky
#
jacky
yo yo
valuemachine and [tantek] joined the channel
#
[tantek]
same Jacky same
valuemachine and [aaronpk] joined the channel
#
GWG
aaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
valuemachine and [Slackbot]1 joined the channel
#
[Slackbot]1
aaronpk: If I may have made a mistake in implementing IndieAuth, do you take the book back?
#
[aaronpk]
haha no that means you get another copy so that you have a higher chance of reading it again?
gRegorLove joined the channel
#
GWG
[aaronpk]: Regrettably, it's a WordPress logic issue.
#
[Slackbot]1
@aaronpk: Regrettably, it's a WordPress logic issue.
valuemachine, [aaronpk], [Slackbot]1, lza1, KartikPrabhu, [KevinMarks], [Rose], cweiske, rhiaro, petermolnar_ and gRegorLove joined the channel
#
@Motweet
↩️ wahrscheinlich auch wieder eine automatische Lösung, aber „Antwort an...“ ist nicht aussagekräftig. Finde das sehr spannend mit den Webmentions. Spätestens beim @Almcamp musst Du mir alles darüber erzählen bitte
(twitter.com/_/status/1146314838735556608)
#
[KevinMarks]
I saw a polyfill for lazy loading images where you wrap them in <noscript> tags
valuemachine joined the channel
#
jjuran
So JS;DR purists still get an <img>? Nice.
swentel, valuemachine, pierreboc[m], jeremych_, jjuran, [grantcodes] and [jgmac1106] joined the channel
#
petermolnar_
jacky, [tantek]: does an instagram export not contain any bookmarks? The likes I'm not expecting but the bookmarks really should be in there.
#
@voxpelli
↩️ Då tex GitHub hostear dem gratis åt en är det ett väldigt smidigt ekosystem att anpassa sig efter, vilket jag tex gör med mina IndieWeb-tjänster (Webmention och Micropub) Min sajt har växt till lite av ett Jekyll-monster templatemässigt, men finns här: https://github.com/voxpelli/voxpelli.github.com
(twitter.com/_/status/1146368736355594240)
#
GWG
I am still having trouble figuring out how to improve mapping of URLs to WordPress users for IndieAuth
#
GWG
I need an outside opinion
#
[grantcodes]
What's the actual problem?
jjuran and [aaronpk] joined the channel
#
[aaronpk]
GWG: whoever the logged in user is the URL that you should return, not the other way around
valuemachine joined the channel
#
[aaronpk]
In fact, you can pretty much just ignore the "me" URL that's in the request entirely. There's a discussion on the spec right now and it turns out that's only really useful for multi-domain authorization endpoints like IndieAuth.com
#
GWG
The issue is how you assign the root of the domain
#
GWG
If it was just using the /author/username format that WordPress uses for author archive pages...that would not be an issue
#
GWG
Also, external domains
#
[aaronpk]
I thought we talked through all this last time?
#
GWG
The issue I found yesterday makes me think I need to rewrite it again
#
GWG
And rethink the logic
#
GWG
Make it more secure
#
GWG
Also, Autoauth
#
[aaronpk]
I thought there was a toggle for "single user mode" where it always returns the Wordpress base url regardless of which Wordpress user is logged in
#
GWG
No. The Indieweb plugin has a single author setting
#
[aaronpk]
Oh right and doesn't this plugin read that setting?
#
[aaronpk]
I can't keep track of which plugin does what
#
GWG
But if it always returns the base URL.. then it issues all tokens in the credentials of that user, even if another user requested them
#
GWG
That would be bad
#
[aaronpk]
Oh I see what you mean
#
[aaronpk]
Sounds like a minor fix tho
#
GWG
Yes
#
GWG
But I'm worried now about it being insecure
#
GWG
That's why I wanted to think outside my box
#
GWG
And I need to cover all levels of user ability
#
GWG
So I need to ensure only one user can represent the root of the site
#
GWG
Or alternatively only allow the /author/username URL
#
GWG
Or something else
#
GWG
But I need to get it right and test it thoroughly
David1 joined the channel
#
GWG
Also, if I want to support IndieAuth for more than publishing... I need to rethink my definitions
#
GWG
I defined authors
#
GWG
I need to define users
#
GWG
The system now will allow a token to be issued with permissions to create posts even if the associated user does not have that permission
#
GWG
It will fail when they try to do it though
#
GWG
This is all because of Microsub and AutoAuth
#
GWG
I realized my original assumptions won't work anymore
#
GWG
I have to update and rethink the use cases
#
[jgmac1106]
Gwg do admin, editors, authors, and users get distinctive profile urls?
#
GWG
I believe they all get /author
#
GWG
But I could also create a custom profile URL
#
[jgmac1106]
How many multiuser site requests do you get for IndieAuth.? Commonly requested feature....ouch... Difficult then
#
GWG
That isn't an archive
#
[jgmac1106]
Would have to.
#
GWG
Until this came up, not many
#
[jgmac1106]
My literacyeverday.org site is multiuser. Welcome to play there
#
[jgmac1106]
Or just say "On the IndieWeb a user is associated with their url? Therefore multi author sites are not supported?"
#
[jgmac1106]
Wonder what happens on mutli user Known sites with IndieAuth
#
Zegnat
(Same goes for granting scopes. If they control the the token endpoint URL, they control the scopes.)
#
Zegnat
Note that from a security perspective, any user with access to plugins or the theme can be allowed to authenticate as the root site. Since they are in charge of chosing the auth endpoint anyway and could swap it out for one that lets them do it.
#
Zegnat
Otherwise it gets more tricky.
#
Zegnat
Doesn’t Known by default make you authenticate as your user page with IndieAuth? Not sure how they handle tokens though
#
[jgmac1106]
So maybe that could be solution gwg, a custom endpoint created on any user page in a multiuser WP install used to log in
#
Zegnat
They don’t need custom endpoints. WP just needs to not reply with a me-value equal to the site root if the user isn’t allowed to act as the site root
#
[jgmac1106]
Ahh that would work
#
[jgmac1106]
Just a rel me to the user page created by WP?
#
Zegnat
a me-value in the authentication flow response to point to the user’s page. Yes. I believe that is what Known does.
#
Zegnat
(no rel-me in sight here)
#
[jgmac1106]
Is the site I have gwg have a staging version where you can dool around
#
GWG
I added a second user to my test site to play with this
#
GWG
One without admin privileges
#
GWG
Users don't have pages per se
#
GWG
But either way, I need to document the scenarios and write a solution that secures them all, even if I am not building out further functionality around them
#
Zegnat
Sounds like a good paper test run, GWG!
#
GWG
Yes
#
GWG
Zegnat, especially since one of the use cases is now AutoAuth
#
[jgmac1106]
Known plugin says not to use on mutliuser site
#
GWG
And I need to look at pfefferle's use case
#
GWG
He wanted to log into one of his sites using the credentials of another site
oed3[m] joined the channel
#
GWG
So...lots to map out
#
GWG
May be back for sounding board help
#
GWG
I think I need to set modes
#
GWG
For example...a strict single user setting that rejects everything but the main account
#
GWG
Etc
#
Zegnat
“ wanted to log into one of his sites using the credentials of another site” - I still think that is an entirely different thing
#
Zegnat
Then you are talking about replacing the WordPress login box. Maybe replacing it with RelMeAuth+IndieAuth. Or whatever.
#
GWG
It's web sign in
#
GWG
That part of the plugin should probably be split out
#
GWG
Again, need to think of all use cases and plan a way forward even if I don't implement
#
[aaronpk]
I really do wish that was handled by a different plugin so this one can focus on being an IndieAuth server
#
[jgmac1106]
modularity++
#
Loqi
modularity has 1 karma over the last year
valuemachine and [KevinMarks] joined the channel
#
@nystudio107
@zachleat Have you run into this with webmentions? It appears that my host has been inexplicably banned. @webmentionrocks https://github.com/aaronpk/webmention.io/issues/131
(twitter.com/_/status/1146425564569448448)
gRegorLove, [benatwork], [Rose], valuemachine, AXEL-Lee[m], [tonz] and VP-Brian[m] joined the channel
#
@katharinabrx
↩️ @andybelldesign I’ve never used a static site generator, so that could get this off my todo list. Is it working with stuff like webmentions?
(twitter.com/_/status/1146445934739501056)
Rick[m]2, CryptoEmpress[m] and fozzie[m] joined the channel
#
@mxbck
↩️ Works very well together IMHO! Also worth checking out https://webmention.app to handle outgoing webmentions. via @rem
(twitter.com/_/status/1146447412405387266)
[tantek] joined the channel
#
@foobartel
I’ve added http://Brid.gy to enhance the webmentions on my site and this is a test tweet. Feel free to like it and we will soon find out if it actually works… Testing, testing… https://foobartel.com/notes/welcome-brid-gy
(twitter.com/_/status/1146455482636197889)
#
@foobartel
I’ve added http://Brid.gy to enhance the webmentions on my site and this is a test tweet. Feel free to like it and we will soon find out if it actually works… Testing, testing… https://foobartel.com/notes/welcome-brid-gy
(twitter.com/_/status/1146455482636197889)
KartikPrabhu and Trello[m] joined the channel
#
@nhoizey
↩️ Yes, correct, it takes some time. Most of my Webmentions are Twitter likes and retweets http://Grid.gy found and sent to my http://webmention.io endpoint, waiting for my Jekyll build to run.
(twitter.com/_/status/1146461716424929280)
[snarfed] joined the channel
#
[snarfed]
CSS GRID.GY 😎
#
[tantek]
snarfed++ 😂
#
Loqi
snarfed has 49 karma in this channel over the last year (84 in all channels)
valuemachine, msena3[m], [cleverdevil] and [dogeared] joined the channel; Trello[m] left the channel
#
[tantek]
Worst. SEO. Ever. 😂
valuemachine joined the channel
#
aaronpk
That does look pretty nice, at least it just publishes a static site. But anything that says "ProGram is super easy to use!" Followed by "npm -i" is out for me
#
[tantek]
to be fair, it does start with "A CLI-Based" so at least it's upfront
#
[tantek]
nothing CLI is "easy", much less "super easy" so your criticism of that stands
#
[tantek]
also any CTA with "simply" is problematic (probably worth reviewing our own dfns / CTAs for that)
#
[tantek]
forking that tangent to meta
JeffMaherVegas[m and [jgarber] joined the channel
#
[jgarber]
Hello, all! I’ve just pushed v1.0.0 of the Ruby webmention gem: https://github.com/indieweb/webmention-client-ruby
#
[tantek]
jgarber++
#
Loqi
jgarber has 7 karma in this channel over the last year (8 in all channels)
#
[jgarber]
Thanks, [tantek]! 😄
#
[jgarber]
It’s a significant rewrite, so definitely looking for feedback on regressions and any feature ideas for future development.
#
[jgarber]
Plus documentation gaps. Super interested to know where things are unclear.
#
[tantek]
were you able to run regression tests e.g. via webmention.rocks ?
#
[jgarber]
Endpoint discovery is handled by the indieweb-endpoints-ruby which passes all the webmention.rocks discovery tests.
#
[jgarber]
(The webmention-client-ruby gem is using the indieweb-endpoints-ruby gem under the hood for the endpoint discovery bit.)
#
[tantek]
and all the sending tests? e.g. does it pass the update / delete tests?
#
jacky
does it have a report page?
#
[jgarber]
[tantek] Good question. I’ll have to look at those tests.
#
[jgarber]
jacky: It would appear not. Assuming this is what you’re referring to? https://github.com/w3c/webmention/tree/master/implementation-reports
[jared078], [jgmac1106], leg, [mapkyca], [Vanessa] and jenncloud[m] joined the channel