#dev 2019-07-17

2019-07-17 UTC
[manton] joined the channel
#
aaronpk [tantek]: regarding google OIDC... https://chat.indieweb.org/meta/2019-07-17#t1563321831242600 moving here since this is gonna get very developer-y
#
Loqi [[tantek]] no it's technically proprietary Google protocol that happens to use OIDC as a large part of its implementation
#
aaronpk example: Okta is a service that handles user login, by default it uses a built-in user/password database
#
aaronpk however you can configure your account to connect to external identity providers, including a few proprietary ones, as well as arbitrary ones if they support OIDC
#
aaronpk so you can make your okta organization support an arbitrary number of nascar buttons by adding a bunch of external OIDC identity providers
#
aaronpk that's what i mean when I say that OIDC enables delegated sign-in
#
aaronpk here are a bunch of OIDC providers that work: https://developer.okta.com/docs/guides/federate-with-oidc/overview/#supported-identity-providers
#
[tantek] interesting so OIDC has discoverable setup
#
[tantek] even if the identifiers are not global, nor user-chosen/owned
#
aaronpk somewhat, but it still requires that you register a client app
#
[tantek] is that registration a standard protocol? or proprietary UX on each OIDC provider website
#
aaronpk _some_ providers support dynamic client registration, but not many, and i know some intentionally don't support it
#
aaronpk it's either OIDC or OAuth dynamic client registration https://tools.ietf.org/html/rfc7591 or https://openid.net/specs/openid-connect-registration-1_0.html
#
aaronpk but if that isn't supported for one reason or another, then it requires the app developer signing up for a developer account and getting API keys
[fluffy] joined the channel
#
aaronpk for example if you want to use "sign in with google" in your website you have to sign up as a developer, go into the console, register an app, etc
#
[tantek] ^^^ so I'd call that a proprietary solution wrapped around a standard protocol
#
aaronpk not quite
#
aaronpk but this is the reason IndieAuth is useful
#
[tantek] as someone (a website) consuming "Sign-in with Google", I'd consider that a proprietary "protocol" purely because it's polluted with the proprietary sign-up process
#
aaronpk it depends on your definition of proprietary
#
[tantek] this is classic "embrace and extend" technique of making something open/standard into something proprietary
#
aaronpk there are a _lot_ of things that are not proprietary about it
#
aaronpk it could be a lot lot worse
#
[tantek] sure
#
[tantek] it's how it starts
#
[tantek] https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish
#
[tantek] Google is using Microsoft's playbook
#
aaronpk i don't think google is at the heart of this one
#
[tantek] old 1990s era
#
aaronpk the main argument I hear fo requireing developers sign up for api keys manually is that the services want the developer to agree to their terms of service
#
[tantek] their *proprietary* terms of service
#
[tantek] unlike say, a standard license like CC-BY
#
aaronpk CC licenses don't apply here
#
aaronpk that would be an interesting idea though, some sort of open source terms of service
#
[tantek] a standard set of TOS for users and or developers yeah
#
[tantek] point being, the TOS is not standard, it's proprietary
#
[tantek] and as soon as you mix that in, you have a proprietary protocol, even if it's just 1% proprietary
#
aaronpk like i said, depends on your definition of proprietary
#
[tantek] I like my clean water clean
#
[tantek] not "clean"
#
aaronpk do you buy bottled water? ;-)
#
[tantek] it's like saying, that depends on how much your ok with your drinking water smelling weird
#
[tantek] *you're ok with your
#
[tantek] no, bottled water quality is often worse due to manufacturing dust in the plastic as compared to tap water
#
aaronpk "clean"
#
[tantek] it's not even like Google is claiming their proprietary TOS is good for you — it's merely good for them
[benatwork] joined the channel
#
@Cambridgeport90 Have any #indieweb folks found the Yarns Plugin in #Wordpress to be a good Microsub server? Or am I better off hosting Aperture or something? Advice would be great. Thanks! I'll go for either; it's about time more microsub springs up anyways. (twitter.com/_/status/1151306830251012096)
gRegorLove, [KevinMarks], [Michael_Beckwit, [Rose] and [tantek] joined the channel
#
@akyrho Class 'IndieAuth\Client' not found Adding a target URL raises the error above. I use Known v0.12.12+2019071101 (twitter.com/_/status/1151381566662352896)
swentel and [Zegnat] joined the channel
#
@PinPopular IndieAuth - IndieWeb https://indieweb.org/IndieAuth (twitter.com/_/status/1151410247048679424)
KartikPrabhu joined the channel
#
@icymihn IndieAuth – A federated login protocol using one's own domain name http://bit.ly/2Six86V comm: http://bit.ly/2Six8nr (twitter.com/_/status/1151419300374360064)
[Zegnat], jgmac1106, [jgmac1106] and gRegorLove_ joined the channel
#
@SandervHooft ↩️ The only thing that's keeping me from migrating from WP to a static site is that I'm not ready to let go of the comments section - love the interaction. Haven't found a decent alternative for this yet. Don't like Disqus' UI, Webmentions are no easy read either. (twitter.com/_/status/1151455164412416000)
#
GWG I feel sad that people keep leaving WordPress
#
GWG Conversely, I understand why they would
jgmac1106 joined the channel
#
prtksxna GWG: 😓
#
prtksxna GWG: Did they share why?
#
GWG Not always
[xavierroy] joined the channel
#
[xavierroy] Most of them say they'll migrate but msot often they don't 😁
#
prtksxna [xavierroy]: Migrate to?
#
[xavierroy] Migrate to a diff platform like a static site or anything similar
#
prtksxna nods
#
[xavierroy] I too contemplate it every couple of days but don't act upon it. 🙂
#
prtksxna I do know a lot of people who moved to Squarespace, it is easier to use, and no maintenance
KartikPrabhu, [schmarty] and jgmac1106 joined the channel
#
[jgmac1106] Hotel California hard to check out of...
KartikPrabhu and [KevinMarks] joined the channel
#
petermolnar prtksxna: unless they need dynamic features, egs bookings, I'd recommend checking Mobirise for small business
#
petermolnar https://mobirise.com/
#
@cwhite_92 <script>alert(0)</script> https://sebastiandedeyne.com/adding-webmentions-to-my-blog/ (twitter.com/_/status/1151491528289869824)
#
KartikPrabhu oops ^
[Zegnat] joined the channel
#
[schmarty] looks like it was escaped correctly for display 🤷
#
@nuncapops IndieAuth - IndieWeb https://indieweb.org/IndieAuth (twitter.com/_/status/1151500486757048320)
[tonz], jjuran, eli_oat and [snarfed] joined the channel
#
[snarfed] re the ^ XSS attempt, i fixed a handful of those recently in bridgy. security is hard etc, 🤡. https://github.com/snarfed/bridgy/issues/880#ref-commit-34e8151
#
[snarfed] (bridgy doesn't have any sessions or state that XSSes could exploit, but still.)
[benatwork] joined the channel
#
[schmarty] snarfed++
#
Loqi snarfed has 46 karma in this channel over the last year (79 in all channels)
#
[schmarty] so around summit i recall some folks saying they follow the micro.blog discover feed and/or photos feed. ... ... how are y'all doing that? micro.blog/discover and micro.blog/discover/photos don't seem to have mf2 or reference sidefile feeds. 😕
#
aaronpk the jsonfeed i think
[grantcodes] joined the channel
#
[grantcodes] Yeah, jsonfeed, but the photo one isn't great
#
[grantcodes] https://micro.blog/feeds/photos.json
#
aaronpk what's wrong with it?
#
[grantcodes] No text content
#
aaronpk oh huh
#
[schmarty] thanks! i could not find that info from the actual pages
#
[grantcodes] I think if not all of that feed, at least the majority is also on the discover feed
#
[grantcodes] But then the discover feed I follow also has the photos inside the html content so neither works perfectly for me 🤷‍♂️
[tantek], francoscarpa, [Franco_Scarpa] and jackjamieson joined the channel
#
[Franco_Scarpa] What do I need to implement the POSSE model for Twitter? What if I'd like to write a custom Netlify lamba function?
#
@pinboard_pop IndieAuth - IndieWeb https://indieweb.org/IndieAuth (twitter.com/_/status/1151567255697874944)
#
[schmarty] [Franco_Scarpa] when you say "POSSE model for Twitter", what are you including in that?
#
[schmarty] at its simplest, POSSE is often manual. post on your own site, then go post the same or similar on twitter, and you're done.
#
[Franco_Scarpa] I'd like to create a JSON file of my personal notes on my website. But I want these notes to be published on Twitter using IndieWeb's POSSE model.
#
[schmarty] if you have a single JSON file of personal notes, with publish times for each note, you should be able to write a Netlify function to post the most recent note on twitter.
#
[schmarty] keeping track of whether the function has already published a given note might be tricky, since netlify functions don't have persistent storage as far as i know.
#
[schmarty] kartikprabhu mentioned bridgy publish (https://brid.gy/publish) which takes care of keeping track of which posts are already on twitter, and handling the twitter API itself.
#
KartikPrabhu [Franco_Scarpa]: bridgy publish has an API https://brid.gy/about#webmentions
#
[schmarty] whoops, i meant https://brid.gy/about#publish
#
[Franco_Scarpa] Well, yeah but I'd like to get my hands dirty and write my personal lamba function to get the job done.
#
[schmarty] to use it, you sign up with brid.gy (to verify your twitter account and give brid.gy permission to publish on your behalf), then include some markup in your pages.
#
[schmarty] the markup has two parts: one to help brid.gy understand the content of the page that you want to post, and the second to confirm to brid.gy that you want it to publish it.
#
[schmarty] you'd still need to trigger brid.gy for each new post, which would be accomplished with a netlify function that runs after a successful publish.
#
KartikPrabhu if you want to handle the JSON directly, then you might have to deal with the twitter API. bridgy uses the microformats+HTML on your site
#
[Franco_Scarpa] Exactly, the Twitter API.
#
[Franco_Scarpa] Now, an article I read spoke about these keys:
#
[Franco_Scarpa] This can be stupid but I'm not able to find these keys on my Twitter developer account.
#
[schmarty] [Franco_Scarpa] the consumer key and secret are part of a particular application on twitter.
#
[schmarty] and should be somewhere in the configuration pages for your app at developer.twitter.com
#
[Franco_Scarpa] You're right, but Twitter asks me a lot of information that are not related to the idea of “app”...
#
[Franco_Scarpa] Do you think this is the way to go?
#
[Franco_Scarpa] [schmarty]
#
[schmarty] [Franco_Scarpa] these days twitter has a fairly in-depth approval process that new apps must go through before they will issue any keys and tokens.
[snarfed] joined the channel
#
[snarfed] also single-user twitter apps are the exception. most are multi-user, in which case all of that info is important
#
[Franco_Scarpa] I see...
#
[Franco_Scarpa] Thanks, [schmarty] and [snarfed]!
#
aaronpk just manually POSSE'd a tip to foursquare
KartikPrabhu joined the channel
#
[snarfed] lol. how much did it hurt?
#
aaronpk well i posted the tip on my site as a reply to my checkin, so that part was easy
#
aaronpk possibly not exactly analogous to how it appears on foursquare, but oh well
#
aaronpk urgh, i've gotta add some better timeout handling of my activitypub followers, and at some point drop delivery to them
#
[schmarty] dang, is there not an opengraph / twitter / metacrap validator that works by dumping in an HTML page?
#
[schmarty] i want to test something on a private staging site before publishing it anywhere 😒
#
jamietanna[m] francoscarpa: not seen if anyone has mentioned it, but https://mxb.dev/blog/syndicating-content-to-twitter-with-netlify-functions/ is a good read on POSSE with Netlify Functions
[tantek] joined the channel
#
[Franco_Scarpa] That article is my current North Star.
KartikPrabhu and [snarfed] joined the channel