#dev 2019-07-28

2019-07-28 UTC
kitt, Dpk1 and [Michael_Beckwit joined the channel
#
[Michael_Beckwit
wasn’t a HUGE amount of progress, but I got some research done and some starting code to display my fitbit activities data. will be filterable by combinations of month, day, and year. Possibly week?
[fluffy], [KevinMarks], KartikPrabhu, [Michael_Beckwit, [jgmac1106], dhanesh95 and [tonz] joined the channel
ryanchristo[m]2, [mapkyca], KartikPrabhu, ingoogni, [tonz], dhanesh95, [JuJu] and [jgmac1106] joined the channel
#
[jgmac1106]
Need help with a definition. I need to explain why "/" is the same thing as "myurl.com"...basically what a link to href="/" does
#
[jgmac1106]
I wrote this for now, "First we will change the href="index.html" to href="/" browsers know this means to go to the root of the current page."
[KevinMarks] joined the channel
#
[KevinMarks]
It means root of the site, not current page.
#
[KevinMarks]
If you link to page.html than that is next to the current page. If you link to /page.html that's back up to the top.
BenLubar joined the channel
#
aaronpk
BenLubar: re: IndieAuth, Mastodon is already 90% of the way there by being an OAuth 2 server already
#
aaronpk
the missing pieces are enabling discovery from clients https://indieauth.spec.indieweb.org/#discovery
#
aaronpk
and allowing a client_id to be a URL rather than pre-registered
#
BenLubar
hmm, maybe this should be in https://github.com/doorkeeper-gem/doorkeeper rather than Mastodon
#
aaronpk
is that what mastodon uses?
#
BenLubar
yes
#
aaronpk
ah could probably do it as an extension
#
Loqi
[doorkeeper-gem] doorkeeper: Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
#
BenLubar
aaronpk: do the Link HTTP headers look okay? I'm not able to get IndieLogin to redirect me to the not-yet-modified OAuth2 page https://mastodon.lubar.me/@ben
#
BenLubar
ah, is it required to be in the HTML?
[fluffy] joined the channel
#
[fluffy]
incidentally there’s an open issue on Mastodon that’s worth mentioning (both Aaron and I have posted on it a few times): https://github.com/tootsuite/mastodon/issues/4800
#
BenLubar
OpenID is probably much harder to implement than IndieAuth for this case
#
BenLubar
by the way, should user profile pages have a link rel=me to themselves?
#
BenLubar
as in, is https://mastodon.lubar.me/@ben required to claim itself as "me" in order to be used directly as an auth endpoint?
#
[fluffy]
Depends on which version of OpenID you mean 😛
#
BenLubar
I mean, Mastodon already supports OAuth2
#
[fluffy]
but yeah RelMeAuth generally requires the rel=“me” link to go both ways
#
BenLubar
and IndieAuth is just OAuth2 with less steps
#
[fluffy]
Right, but like, OpenID 2 and OpenID Connect are also based on OAuth2
#
[fluffy]
A big part of that thread is a lot of confusion over what is actually meant by OpenID
#
BenLubar
they shouldn't have named it OpenID Connect
#
BenLubar
it's just OAuth2
#
[fluffy]
Also I only linked to that particular issue because it’s where discussion of using Mastodon as a generalized identity endpoint is taking place, not because I agree that OpenID is the path forward.
#
[fluffy]
It’s OAuth 2 + extra stuff in the token grant to provide some form of identity.
#
BenLubar
I'm thinking instead of modifying Doorkeeper I'll have Mastodon change the input to match what it already expects behind the scenes
#
[fluffy]
Not a very useful one, granted.
#
[fluffy]
But yeah Mastodon provides a “give me a disposable client ID/secret pair” endpoint, all it’s missing for IndieAuth is discovery and support for “use an arbitrary URL as client ID.”
#
[fluffy]
I mean IndieAuth doesn’t need the former, but like, autoregistration is there.
#
[fluffy]
And adding IndieAuth-compatible autoregistration, and IndieAuth-compatible endpoint discovery, are what’s missing.
#
BenLubar
Mastodon doesn't support any form of external registration, so that'd take more work
#
[fluffy]
but it does
#
[fluffy]
I wrote code that uses it just a few weeks ago 😛
#
[fluffy]
It’s in the Mastodon API rather than the OAuth API.
#
BenLubar
oh, I meant registration for accounts, not apps
#
[fluffy]
Oh, right.
#
BenLubar
the app registration thing is great because it supports CORS so you can do a completely serverless web app
#
[fluffy]
I was assuming you meant authenticating against a Mastodon ID in IndieAuth, not using IndieAuth to log in to Mastodon.
#
[fluffy]
Since that’s the usual use case for it.
#
[fluffy]
Or am I still misunderstanding what you mean?
#
BenLubar
I think I misunderstood you rather than you misunderstanding me
leg and [tonz] joined the channel
#
[fluffy]
It happens. 🙂 The terminology around this stuff tends to be confusing and inconsistent.
#
[fluffy]
I’m always mixing up “authentication” vs “authorization” for example.
#
[fluffy]
and OAuth being short for *both* doesn’t help.
KartikPrabhu joined the channel
#
aaronpk
sorry, stepped away
#
aaronpk
BenLubar: I think the syntax of the Link header is wrong
#
aaronpk
I think it needs quotes like rel="authorization_endpoint"
#
BenLubar
aaronpk: ah, ok
KartikPrabhu and gRegorLove joined the channel
#
BenLubar
I feel like there could be a fairly trivial bridge between indieauth and oauth2 in both directions
#
BenLubar
like, run an oauth2 provider that accepts indieauth and then connect all your services that don't natively support indieauth to the oauth2 provider
#
aaronpk
sure, that's the other half of indieauth.com which i'm eventually going to replace with myindieauth.com
#
BenLubar
does indieauth (the website) support OpenID 2?
#
aaronpk
openid 2 is even deader than openid 1
#
BenLubar
... actually, it appears to support at least enough for it to work with Gitea
#
aaronpk
... for real? how?
#
aaronpk
indieauth.com?
#
BenLubar
maybe gitea is just broken
#
BenLubar
https://git.lubar.me/ben <- I was able to log in but only once I added the openid2 link headers
#
aaronpk
maybe the openid library i'm using does support openid 2 and I just never knew
doesntgolf and dietricha joined the channel
#
BenLubar
https://github.com/keybase/keybase-issues/issues/3465 well, this is probably the easiest IndieAuth support that will ever be added to anything
KartikPrabhu joined the channel
#
BenLubar
is rel=pgpkey part of IndieAuth or just the implementations on indieauth.com and indielogin.com?
#
aaronpk
it's part of relmeauth
#
aaronpk
indieauth.com and indielogin.com support the pgp verification method of relmeauth
#
aaronpk
can you update the link on that issue to indielogin.com?
#
BenLubar
is there a different endpoint I should be using for openid on myindieauth?
#
BenLubar
or is that just a redirect so far
#
aaronpk
myindieauth.com doesn't exist yet :(
chrisaldrich joined the channel
#
BenLubar
I think I might end up writing my own indieweb server
KartikPrabhu joined the channel
#
jacky
BenLubar: like website or indieauth server?
#
BenLubar
server implementation
#
BenLubar
I've noticed a bunch of stuff is along the lines of "use this free service or run this PHP implementation"
#
BenLubar
and I'd rather... not... run PHP
#
aaronpk
the more the merrier!
#
BenLubar
I should probably set up traefik at some point so I don't have to keep manually setting IP addresses
#
jacky
I feel you
#
jacky
I have my site setup a bit modular so if I did want to remove or use an external service, I could
#
BenLubar
probably like 50% of my nginx config at this point is just proxy_pass instructions and boilerplate
#
jacky
one thing I need to set that up for is Webmentions (long storage somewhere and keep a shorter one on my site)
#
jacky
ha that's one reason why I'm so loyal to Dokku; I just push and it's live with TLS and the right stuff
doesntgolf left the channel
#
jacky
is there any reason why timelines in Microsub are called that?
#
jacky
I can't think of a different name but I am curious - helps with explaining to others
#
myfreeweb
aren't like all chronological post feeds called timelines everywhere? "your twitter timeline" etc.
#
Loqi
myfreeweb: kisik21 left you a message on 2018-11-27 at 8:04am UTC: https://unrelenting.technology/replies/2018-11-26-22-34-48 - error couldnt render entry, something may be broken
[JuJu] joined the channel
#
jacky
myfreeweb: probably
[tantek] joined the channel
#
[tantek]
except when they're algorithmic feeds
#
jacky
^ they still present it as a 'timeline' which is intrinsically misleading
#
[tantek]
what is an algorithmic timeline
#
Loqi
algorithmic timeline (sometimes non-chronological timeline) is a doublespeak phrase propagated by silos (and some popular media) to refer to social media algorithmic feed feature(s), as a timeline is "a display of a list of events in chronological order"[1], whereas silos now (since 2016+) use "timeline" to refer to often out of chronological order display of aggregations of following's posts which still presentationally resemble previous chronologically ordered displays https://indieweb.org/algorithmic_timeline
krup joined the channel
#
krup
greetings!
#
krup
I'm trying to figure out how the micro.blog iOS formats its requests when uploading photos
#
krup
sorry, iOS app
#
aaronpk
so the micro.blog app uses the Micropub standard
#
krup
it seems like it does media-endpoint discovery, but i can't quite figure out how the returned location is sent in the request
#
aaronpk
micro.blog's specifics are documented here https://help.micro.blog/2017/api-posting/
#
aaronpk
you might also find these examples helpful, although micro.blog will only be sending a subset of these https://indieweb.org/Micropub#Examples_of_Creating_Objects
#
krup
wow, i totally failed to scroll down on that page
#
aaronpk
and the spec itself is here https://www.w3.org/TR/micropub/
#
krup
the h=entry&content=Hello%20world.&photo=https://...&mp-photo-alt=Description%20here. example on that page is exactly what i needed thanks!
#
aaronpk
great!
BenLubar left the channel