#dev 2019-07-17

2019-07-17 UTC
[manton] joined the channel
#
aaronpk
[tantek]: regarding google OIDC... https://chat.indieweb.org/meta/2019-07-17#t1563321831242600 moving here since this is gonna get very developer-y
#
Loqi
[[tantek]] no it's technically proprietary Google protocol that happens to use OIDC as a large part of its implementation
#
aaronpk
example: Okta is a service that handles user login, by default it uses a built-in user/password database
#
aaronpk
however you can configure your account to connect to external identity providers, including a few proprietary ones, as well as arbitrary ones if they support OIDC
#
aaronpk
so you can make your okta organization support an arbitrary number of nascar buttons by adding a bunch of external OIDC identity providers
#
aaronpk
that's what i mean when I say that OIDC enables delegated sign-in
#
[tantek]
interesting so OIDC has discoverable setup
#
[tantek]
even if the identifiers are not global, nor user-chosen/owned
#
aaronpk
somewhat, but it still requires that you register a client app
#
[tantek]
is that registration a standard protocol? or proprietary UX on each OIDC provider website
#
aaronpk
_some_ providers support dynamic client registration, but not many, and i know some intentionally don't support it
#
aaronpk
but if that isn't supported for one reason or another, then it requires the app developer signing up for a developer account and getting API keys
[fluffy] joined the channel
#
aaronpk
for example if you want to use "sign in with google" in your website you have to sign up as a developer, go into the console, register an app, etc
#
[tantek]
^^^ so I'd call that a proprietary solution wrapped around a standard protocol
#
aaronpk
not quite
#
aaronpk
but this is the reason IndieAuth is useful
#
[tantek]
as someone (a website) consuming "Sign-in with Google", I'd consider that a proprietary "protocol" purely because it's polluted with the proprietary sign-up process
#
aaronpk
it depends on your definition of proprietary
#
[tantek]
this is classic "embrace and extend" technique of making something open/standard into something proprietary
#
aaronpk
there are a _lot_ of things that are not proprietary about it
#
aaronpk
it could be a lot lot worse
#
[tantek]
it's how it starts
#
[tantek]
Google is using Microsoft's playbook
#
aaronpk
i don't think google is at the heart of this one
#
[tantek]
old 1990s era
#
aaronpk
the main argument I hear fo requireing developers sign up for api keys manually is that the services want the developer to agree to their terms of service
#
[tantek]
their *proprietary* terms of service
#
[tantek]
unlike say, a standard license like CC-BY
#
aaronpk
CC licenses don't apply here
#
aaronpk
that would be an interesting idea though, some sort of open source terms of service
#
[tantek]
a standard set of TOS for users and or developers yeah
#
[tantek]
point being, the TOS is not standard, it's proprietary
#
[tantek]
and as soon as you mix that in, you have a proprietary protocol, even if it's just 1% proprietary
#
aaronpk
like i said, depends on your definition of proprietary
#
[tantek]
I like my clean water clean
#
[tantek]
not "clean"
#
aaronpk
do you buy bottled water? ;-)
#
[tantek]
it's like saying, that depends on how much your ok with your drinking water smelling weird
#
[tantek]
*you're ok with your
#
[tantek]
no, bottled water quality is often worse due to manufacturing dust in the plastic as compared to tap water
#
aaronpk
"clean"
#
[tantek]
it's not even like Google is claiming their proprietary TOS is good for you — it's merely good for them
[benatwork] joined the channel
#
@Cambridgeport90
Have any #indieweb folks found the Yarns Plugin in #Wordpress to be a good Microsub server? Or am I better off hosting Aperture or something? Advice would be great. Thanks! I'll go for either; it's about time more microsub springs up anyways.
(twitter.com/_/status/1151306830251012096)
gRegorLove, [KevinMarks], [Michael_Beckwit, [Rose] and [tantek] joined the channel
#
@akyrho
Class 'IndieAuth\Client' not found Adding a target URL raises the error above. I use Known v0.12.12+2019071101
(twitter.com/_/status/1151381566662352896)
swentel and [Zegnat] joined the channel
KartikPrabhu joined the channel
#
@icymihn
IndieAuth – A federated login protocol using one's own domain name http://bit.ly/2Six86V comm: http://bit.ly/2Six8nr
(twitter.com/_/status/1151419300374360064)
[Zegnat], jgmac1106, [jgmac1106] and gRegorLove_ joined the channel
#
@SandervHooft
↩️ The only thing that's keeping me from migrating from WP to a static site is that I'm not ready to let go of the comments section - love the interaction. Haven't found a decent alternative for this yet. Don't like Disqus' UI, Webmentions are no easy read either.
(twitter.com/_/status/1151455164412416000)
#
GWG
I feel sad that people keep leaving WordPress
#
GWG
Conversely, I understand why they would
jgmac1106 joined the channel
#
prtksxna
GWG: 😓
#
prtksxna
GWG: Did they share why?
#
GWG
Not always
[xavierroy] joined the channel
#
[xavierroy]
Most of them say they'll migrate but msot often they don't 😁
#
prtksxna
[xavierroy]: Migrate to?
#
[xavierroy]
Migrate to a diff platform like a static site or anything similar
#
[xavierroy]
I too contemplate it every couple of days but don't act upon it. 🙂
#
prtksxna
I do know a lot of people who moved to Squarespace, it is easier to use, and no maintenance
KartikPrabhu, [schmarty] and jgmac1106 joined the channel
#
[jgmac1106]
Hotel California hard to check out of...
KartikPrabhu and [KevinMarks] joined the channel
#
petermolnar
prtksxna: unless they need dynamic features, egs bookings, I'd recommend checking Mobirise for small business
[Zegnat] joined the channel
#
[schmarty]
looks like it was escaped correctly for display 🤷
[tonz], jjuran, eli_oat and [snarfed] joined the channel
#
[snarfed]
re the ^ XSS attempt, i fixed a handful of those recently in bridgy. security is hard etc, 🤡. https://github.com/snarfed/bridgy/issues/880#ref-commit-34e8151
#
[snarfed]
(bridgy doesn't have any sessions or state that XSSes could exploit, but still.)
[benatwork] joined the channel
#
[schmarty]
snarfed++
#
Loqi
snarfed has 46 karma in this channel over the last year (79 in all channels)
#
[schmarty]
so around summit i recall some folks saying they follow the micro.blog discover feed and/or photos feed. ... ... how are y'all doing that? micro.blog/discover and micro.blog/discover/photos don't seem to have mf2 or reference sidefile feeds. 😕
#
aaronpk
the jsonfeed i think
[grantcodes] joined the channel
#
[grantcodes]
Yeah, jsonfeed, but the photo one isn't great
#
aaronpk
what's wrong with it?
#
[grantcodes]
No text content
#
aaronpk
oh huh
#
[schmarty]
thanks! i could not find that info from the actual pages
#
[grantcodes]
I think if not all of that feed, at least the majority is also on the discover feed
#
[grantcodes]
But then the discover feed I follow also has the photos inside the html content so neither works perfectly for me 🤷‍♂️
[tantek], francoscarpa, [Franco_Scarpa] and jackjamieson joined the channel
#
[Franco_Scarpa]
What do I need to implement the POSSE model for Twitter? What if I'd like to write a custom Netlify lamba function?
#
[schmarty]
[Franco_Scarpa] when you say "POSSE model for Twitter", what are you including in that?
#
[schmarty]
at its simplest, POSSE is often manual. post on your own site, then go post the same or similar on twitter, and you're done.
#
[Franco_Scarpa]
I'd like to create a JSON file of my personal notes on my website. But I want these notes to be published on Twitter using IndieWeb's POSSE model.
#
[schmarty]
if you have a single JSON file of personal notes, with publish times for each note, you should be able to write a Netlify function to post the most recent note on twitter.
#
[schmarty]
keeping track of whether the function has already published a given note might be tricky, since netlify functions don't have persistent storage as far as i know.
#
[schmarty]
kartikprabhu mentioned bridgy publish (https://brid.gy/publish) which takes care of keeping track of which posts are already on twitter, and handling the twitter API itself.
#
KartikPrabhu
[Franco_Scarpa]: bridgy publish has an API https://brid.gy/about#webmentions
#
[Franco_Scarpa]
Well, yeah but I'd like to get my hands dirty and write my personal lamba function to get the job done.
#
[schmarty]
to use it, you sign up with brid.gy (to verify your twitter account and give brid.gy permission to publish on your behalf), then include some markup in your pages.
#
[schmarty]
the markup has two parts: one to help brid.gy understand the content of the page that you want to post, and the second to confirm to brid.gy that you want it to publish it.
#
[schmarty]
you'd still need to trigger brid.gy for each new post, which would be accomplished with a netlify function that runs after a successful publish.
#
KartikPrabhu
if you want to handle the JSON directly, then you might have to deal with the twitter API. bridgy uses the microformats+HTML on your site
#
[Franco_Scarpa]
Exactly, the Twitter API.
#
[Franco_Scarpa]
Now, an article I read spoke about these keys:
#
[Franco_Scarpa]
This can be stupid but I'm not able to find these keys on my Twitter developer account.
#
[schmarty]
[Franco_Scarpa] the consumer key and secret are part of a particular application on twitter.
#
[schmarty]
and should be somewhere in the configuration pages for your app at developer.twitter.com
#
[Franco_Scarpa]
You're right, but Twitter asks me a lot of information that are not related to the idea of “app”...
#
[Franco_Scarpa]
Do you think this is the way to go?
#
[Franco_Scarpa]
[schmarty]
#
[schmarty]
[Franco_Scarpa] these days twitter has a fairly in-depth approval process that new apps must go through before they will issue any keys and tokens.
[snarfed] joined the channel
#
[snarfed]
also single-user twitter apps are the exception. most are multi-user, in which case all of that info is important
#
[Franco_Scarpa]
I see...
#
[Franco_Scarpa]
Thanks, [schmarty] and [snarfed]!
#
aaronpk
just manually POSSE'd a tip to foursquare
KartikPrabhu joined the channel
#
[snarfed]
lol. how much did it hurt?
#
aaronpk
well i posted the tip on my site as a reply to my checkin, so that part was easy
#
aaronpk
possibly not exactly analogous to how it appears on foursquare, but oh well
#
aaronpk
urgh, i've gotta add some better timeout handling of my activitypub followers, and at some point drop delivery to them
#
[schmarty]
dang, is there not an opengraph / twitter / metacrap validator that works by dumping in an HTML page?
#
[schmarty]
i want to test something on a private staging site before publishing it anywhere 😒
#
jamietanna[m]
francoscarpa: not seen if anyone has mentioned it, but https://mxb.dev/blog/syndicating-content-to-twitter-with-netlify-functions/ is a good read on POSSE with Netlify Functions
[tantek] joined the channel
#
[Franco_Scarpa]
That article is my current North Star.
KartikPrabhu and [snarfed] joined the channel