#dev 2019-07-28

2019-07-28 UTC
kitt, Dpk1 and [Michael_Beckwit joined the channel
#
[Michael_Beckwit wasn’t a HUGE amount of progress, but I got some research done and some starting code to display my fitbit activities data. will be filterable by combinations of month, day, and year. Possibly week?
[fluffy], [KevinMarks], KartikPrabhu, [Michael_Beckwit, [jgmac1106], dhanesh95 and [tonz] joined the channel
#
[jgmac1106] !mf2 http://jgregorymcverry.com/myseeds.html
#
Kaja https://php.microformats.io/?url=http%3A%2F%2Fjgregorymcverry.com%2Fmyseeds.html
ryanchristo[m]2, [mapkyca], KartikPrabhu, ingoogni, [tonz], dhanesh95, [JuJu] and [jgmac1106] joined the channel
#
[jgmac1106] Need help with a definition. I need to explain why "/" is the same thing as "myurl.com"...basically what a link to href="/" does
#
[jgmac1106] I wrote this for now, "First we will change the href="index.html" to href="/" browsers know this means to go to the root of the current page."
[KevinMarks] joined the channel
#
[KevinMarks] It means root of the site, not current page.
#
jgmac1106[m] Thx
#
[KevinMarks] If you link to page.html than that is next to the current page. If you link to /page.html that's back up to the top.
BenLubar joined the channel
#
aaronpk BenLubar: re: IndieAuth, Mastodon is already 90% of the way there by being an OAuth 2 server already
#
aaronpk the missing pieces are enabling discovery from clients https://indieauth.spec.indieweb.org/#discovery
#
aaronpk and allowing a client_id to be a URL rather than pre-registered
#
BenLubar hmm, maybe this should be in https://github.com/doorkeeper-gem/doorkeeper rather than Mastodon
#
aaronpk is that what mastodon uses?
#
BenLubar yes
#
aaronpk hmm
#
aaronpk ah could probably do it as an extension
#
aaronpk https://github.com/doorkeeper-gem/doorkeeper#extensions
#
Loqi [doorkeeper-gem] doorkeeper: Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
#
BenLubar aaronpk: do the Link HTTP headers look okay? I'm not able to get IndieLogin to redirect me to the not-yet-modified OAuth2 page https://mastodon.lubar.me/@ben
#
BenLubar ah, is it required to be in the HTML?
[fluffy] joined the channel
#
[fluffy] incidentally there’s an open issue on Mastodon that’s worth mentioning (both Aaron and I have posted on it a few times): https://github.com/tootsuite/mastodon/issues/4800
#
BenLubar OpenID is probably much harder to implement than IndieAuth for this case
#
BenLubar by the way, should user profile pages have a link rel=me to themselves?
#
BenLubar as in, is https://mastodon.lubar.me/@ben required to claim itself as "me" in order to be used directly as an auth endpoint?
#
[fluffy] Depends on which version of OpenID you mean 😛
#
BenLubar I mean, Mastodon already supports OAuth2
#
[fluffy] but yeah RelMeAuth generally requires the rel=“me” link to go both ways
#
BenLubar and IndieAuth is just OAuth2 with less steps
#
[fluffy] Right, but like, OpenID 2 and OpenID Connect are also based on OAuth2
#
[fluffy] A big part of that thread is a lot of confusion over what is actually meant by OpenID
#
BenLubar they shouldn't have named it OpenID Connect
#
BenLubar it's just OAuth2
#
[fluffy] Also I only linked to that particular issue because it’s where discussion of using Mastodon as a generalized identity endpoint is taking place, not because I agree that OpenID is the path forward.
#
[fluffy] It’s OAuth 2 + extra stuff in the token grant to provide some form of identity.
#
BenLubar I'm thinking instead of modifying Doorkeeper I'll have Mastodon change the input to match what it already expects behind the scenes
#
[fluffy] Not a very useful one, granted.
#
[fluffy] But yeah Mastodon provides a “give me a disposable client ID/secret pair” endpoint, all it’s missing for IndieAuth is discovery and support for “use an arbitrary URL as client ID.”
#
[fluffy] I mean IndieAuth doesn’t need the former, but like, autoregistration is there.
#
[fluffy] And adding IndieAuth-compatible autoregistration, and IndieAuth-compatible endpoint discovery, are what’s missing.
#
BenLubar Mastodon doesn't support any form of external registration, so that'd take more work
#
[fluffy] but it does
#
[fluffy] I wrote code that uses it just a few weeks ago 😛
#
[fluffy] https://docs.joinmastodon.org/api/rest/apps/#post-api-v1-apps
#
[fluffy] It’s in the Mastodon API rather than the OAuth API.
#
BenLubar oh, I meant registration for accounts, not apps
#
[fluffy] Oh, right.
#
BenLubar the app registration thing is great because it supports CORS so you can do a completely serverless web app
#
[fluffy] I was assuming you meant authenticating against a Mastodon ID in IndieAuth, not using IndieAuth to log in to Mastodon.
#
[fluffy] Since that’s the usual use case for it.
#
[fluffy] Or am I still misunderstanding what you mean?
#
BenLubar I think I misunderstood you rather than you misunderstanding me
leg and [tonz] joined the channel
#
[fluffy] It happens. 🙂 The terminology around this stuff tends to be confusing and inconsistent.
#
[fluffy] I’m always mixing up “authentication” vs “authorization” for example.
#
[fluffy] and OAuth being short for *both* doesn’t help.
KartikPrabhu joined the channel
#
aaronpk sorry, stepped away
#
aaronpk BenLubar: I think the syntax of the Link header is wrong
#
aaronpk I think it needs quotes like rel="authorization_endpoint"
#
BenLubar aaronpk: ah, ok
KartikPrabhu and gRegorLove joined the channel
#
BenLubar I feel like there could be a fairly trivial bridge between indieauth and oauth2 in both directions
#
BenLubar like, run an oauth2 provider that accepts indieauth and then connect all your services that don't natively support indieauth to the oauth2 provider
#
aaronpk sure, that's the other half of indieauth.com which i'm eventually going to replace with myindieauth.com
#
BenLubar does indieauth (the website) support OpenID 2?
#
aaronpk no
#
aaronpk openid 2 is even deader than openid 1
#
BenLubar ... actually, it appears to support at least enough for it to work with Gitea
#
aaronpk ... for real? how?
#
aaronpk indieauth.com?
#
BenLubar maybe gitea is just broken
#
BenLubar https://git.lubar.me/ben <- I was able to log in but only once I added the openid2 link headers
#
aaronpk maybe the openid library i'm using does support openid 2 and I just never knew
doesntgolf and dietricha joined the channel
#
BenLubar https://github.com/keybase/keybase-issues/issues/3465 well, this is probably the easiest IndieAuth support that will ever be added to anything
KartikPrabhu joined the channel
#
BenLubar is rel=pgpkey part of IndieAuth or just the implementations on indieauth.com and indielogin.com?
#
aaronpk it's part of relmeauth
#
aaronpk indieauth.com and indielogin.com support the pgp verification method of relmeauth
#
aaronpk can you update the link on that issue to indielogin.com?
#
BenLubar is there a different endpoint I should be using for openid on myindieauth?
#
BenLubar or is that just a redirect so far
#
aaronpk myindieauth.com doesn't exist yet :(
chrisaldrich joined the channel
#
BenLubar I think I might end up writing my own indieweb server
KartikPrabhu joined the channel
#
jacky BenLubar: like website or indieauth server?
#
BenLubar server implementation
#
BenLubar I've noticed a bunch of stuff is along the lines of "use this free service or run this PHP implementation"
#
BenLubar and I'd rather... not... run PHP
#
aaronpk the more the merrier!
#
BenLubar I should probably set up traefik at some point so I don't have to keep manually setting IP addresses
#
jacky I feel you
#
jacky I have my site setup a bit modular so if I did want to remove or use an external service, I could
#
BenLubar probably like 50% of my nginx config at this point is just proxy_pass instructions and boilerplate
#
jacky one thing I need to set that up for is Webmentions (long storage somewhere and keep a shorter one on my site)
#
jacky ha that's one reason why I'm so loyal to Dokku; I just push and it's live with TLS and the right stuff
doesntgolf left the channel
#
jacky is there any reason why timelines in Microsub are called that?
#
jacky I can't think of a different name but I am curious - helps with explaining to others
#
myfreeweb aren't like all chronological post feeds called timelines everywhere? "your twitter timeline" etc.
#
Loqi myfreeweb: kisik21 left you a message on 2018-11-27 at 8:04am UTC: https://unrelenting.technology/replies/2018-11-26-22-34-48 - error couldnt render entry, something may be broken
[JuJu] joined the channel
#
jacky myfreeweb: probably
[tantek] joined the channel
#
[tantek] except when they're algorithmic feeds
#
jacky ^ they still present it as a 'timeline' which is intrinsically misleading
#
[tantek] what is an algorithmic timeline
#
Loqi algorithmic timeline (sometimes non-chronological timeline) is a doublespeak phrase propagated by silos (and some popular media) to refer to social media algorithmic feed feature(s), as a timeline is "a display of a list of events in chronological order"[1], whereas silos now (since 2016+) use "timeline" to refer to often out of chronological order display of aggregations of following's posts which still presentationally resemble previous chronologically ordered displays https://indieweb.org/algorithmic_timeline
krup joined the channel
#
krup greetings!
#
krup I'm trying to figure out how the micro.blog iOS formats its requests when uploading photos
#
krup sorry, iOS app
#
aaronpk so the micro.blog app uses the Micropub standard
#
krup it seems like it does media-endpoint discovery, but i can't quite figure out how the returned location is sent in the request
#
aaronpk micro.blog's specifics are documented here https://help.micro.blog/2017/api-posting/
#
aaronpk you might also find these examples helpful, although micro.blog will only be sending a subset of these https://indieweb.org/Micropub#Examples_of_Creating_Objects
#
krup wow, i totally failed to scroll down on that page
#
aaronpk and the spec itself is here https://www.w3.org/TR/micropub/
#
krup the h=entry&content=Hello%20world.&photo=https://...&mp-photo-alt=Description%20here. example on that page is exactly what i needed thanks!
#
aaronpk great!
BenLubar left the channel