#dev 2019-08-16

2019-08-16 UTC
mildlettuce joined the channel
#
mildlettuce hello
rainmanj_, [tantek], rainmanjam, tomasparks, NinjaTrappeur, cweiske, [Rose], jeremych_, [prtksxna], [jgmac1106], janttoDiscord[m] and willibuddyDiscor joined the channel
#
[jgmac1106] swentel having issues with Indigineous where I am throwing a 403 error when trying to load channels.
#
[jgmac1106] Trying to debug the issue. I can log into Aperture and see my channels
[KevinMarks], eli_oat and [grantcodes] joined the channel
#
[grantcodes] What about another reader?
#
[jgmac1106] Same thing in together. No channels load
#
[jgmac1106] But my microsub endpoint lookd fine
#
[jgmac1106] Was going to do a demo at edcampct today
#
[jgmac1106] Will fall back on screenshots
swentel joined the channel
#
[jgmac1106] this is my endpoint: <link rel="microsub" href="https://aperture.p3k.io/microsub/59">
IWSlackGateway and [grantcodes] joined the channel
#
[grantcodes] Well I can see it wasn't found in together
#
[grantcodes] https://jgregorymcverry.com/ doesn't have a microsub endpoint set up
swentel and [jgmac1106] joined the channel; swentel left the channel
#
[jgmac1106] I use https://quickthoughts.jgregorymcverry.com
swentel joined the channel; swentel left the channel
#
[grantcodes] Hmm you're saved in together with your root domain
rainmanjam joined the channel
#
[jgmac1106] I wonder if it rooted back, I had [aaronpk] switch me to my subdomain
#
[grantcodes] That's not related to together. It is trying to find your microsub endpoint from your root domain and doesn't find anything. Have you tried logging in with https://quickthoughts.jgregorymcverry.com
rainmanj_ joined the channel
#
[jgmac1106] yes that is what I login and get missing channels
#
[jgmac1106] its strane
rainmanjam joined the channel
#
[grantcodes] Hmm, definitely still not saved in the database as the subdomain, so there is something funny going on somewhere
DenSchub, rainmanj_, [jgarber], [tantek] and [KevinMarks] joined the channel; robdrake left the channel
#
GWG I did Indieweb stuff this morning for the first time in a bit
#
aaronpk yay
#
Loqi 😊
[Lewis_Cowles] joined the channel
#
[Lewis_Cowles] Is anyone using nginx as a way to put all resources on a single domain using location blocks with proxy_pass directives?
#
GWG Which resources?
#
[Lewis_Cowles] it might be separate systems. For example you could provide an alternative API for systems
#
[Lewis_Cowles] One use would be forwarding wp-admin to an echo server or blackhole service
#
[Lewis_Cowles] I think it's a nice way to strangle services which are a bit large and unweildy
#
[Lewis_Cowles] as well as stop access
#
GWG I use it at my house to provide API service
#
[Lewis_Cowles] Very cool. I would suppose it could allow separate apps to behave cohesively as one API
#
GWG Somewhat
qbeek, [mapkyca] and [fluffy] joined the channel
#
[fluffy] Something I’m curious about, in OAuth: what is the point of having separate client_id and client_secret when pretty much every OAuth API that provides/requires them needs them both all the time anyway?
#
sknebel you can tell others about the client_id
#
[fluffy] https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/ sorta explains but like… in practical usage, I’ve never seen any API ever provide things that only use _id
#
[fluffy] ah
#
sknebel at least I think that's the point
#
[fluffy] so where is a case that client_id might be shared with others?
#
[fluffy] mobile apps, I suppose
#
sknebel or websites
#
sknebel if I remember right, the auth flow there then often is with client_id in the request, doing the browser redirect thing
#
sknebel and then the client_secret is required to turn the auth code into a token
#
sknebel (which happens between the backend servers)
#
aaronpk yes exactly
#
aaronpk mobile apps and javascript apps can't use a client secret. services that give a secret to those kind of apps are misleading
#
sknebel of course search hit nr 2 is https://aaronparecki.com/oauth-2-simplified/ :D
#
aaronpk of course :)
jeremycherfas joined the channel
#
shokuninDiscord[ Hey aaronpk, just wanted to follow up on the client id thingy!
#
aaronpk hi, in a meeting right now, but can talk in an hour or so
#
shokuninDiscord[ Oki!
[jgarber] and [tonz] joined the channel
#
[fluffy] okay so what’s weird about the client_id/client_secret thing for stuff is… at least with Mastodon, I seem to have to provide both in the login URL.
#
[fluffy] But Mastodon also treats the id and secret as disposable anyway
#
aaronpk umm plz tell me that's not true
#
[fluffy] Or maybe I’m just inappropriately sending it along
#
aaronpk is this the API docs? https://docs.joinmastodon.org/api/authentication/
#
aaronpk lol ffs you're right https://docs.joinmastodon.org/api/authentication/#get-oauth-authorize
#
[fluffy] yeah. https://docs.joinmastodon.org/api/authentication/#get-oauth-authorize says you have to pass the client_secret along
#
[fluffy] yeah
#
aaronpk "Redirect here with response_type=code, client_id, client_secret, redirect_uri, scope"
#
aaronpk 🤦
#
[fluffy] I haven’t tried not sending the client_secret though
#
aaronpk so if that's the case, then the secret is doing absolutely nothing and they may as well not use it
#
[fluffy] yeah
#
[fluffy] I’ll try not sending it 😛
#
[fluffy] okay it doesn’t actually need client_secret. I’ll submit a change to the docs 😛
#
aaronpk whew
#
aaronpk i feel like we've had this conversation before
#
[fluffy] https://source.joinmastodon.org/mastodon/docs/merge_requests/51
#
[fluffy] We’ve had conversations about their shitty OAuth docs before yes
#
[fluffy] Specifically it was missing docs for `state`. https://source.joinmastodon.org/mastodon/docs/merge_requests/46
#
aaronpk ahh
kev1 joined the channel
#
[fluffy] To be fair the “code flow” tutorial was correct, but the actual API docs were not.
#
aaronpk that's good
#
[fluffy] anyway, I’m glad I could get this cleared up before I hecked up my implementation for Twitter, where it actually matters. 🙂 aaronpk++
#
Loqi aaronpk has 43 karma in this channel over the last year (194 in all channels)
#
[fluffy] on a related note, is IndieAuth supposed to do anything with tokens as a persistent thing, and is it still a good idea to call `/oauth/revoke`? Or does it hurt anything by doing (or not doing) that?
#
[fluffy] I see that SelfAuth doesn’t implement that endpoint
#
[fluffy] I guess Authl can just go ahead and try calling that endpoint since it doesn’t care about the response anyway
#
aaronpk i don't think many indieauth servers support it
#
[fluffy] Authl just maintains an OAuth token long enough to verify the identity and then destroys it, because it’s intended to be largely stateless. like, Publ just uses a signed session cookie rather than any server-side persistence.
#
sknebel for IndieAuth, it shouldn't even request a token then
#
sknebel if it is only doing Authentication
#
sknebel selfauth is not a token endpoint, so the question does not apply to it
#
shokuninDiscord[ I'm back now aaronpk
#
shokuninDiscord[ So I was gonna follow up with Akshay on the indieauth setup. Do you think we can start with your instance and allow the client id permaweb.io, and then test the heroku you've been thinking (if it's still on the table!)?
[aarongustafson] joined the channel
#
aaronpk shokuninDiscord[: yes, that sounds like a good plan
[tantek] joined the channel
#
shokuninDiscord[ ok great! is the client id like how you needed it, or is there anything we should do different?
#
aaronpk shokuninDiscord[: ok https://permaweb.io/ is added as a client_id now, that should be it
#
shokuninDiscord[ ok awesome!
#
shokuninDiscord[ 🙂
#
shokuninDiscord[ it doesn't need to be added domain wide, wildcard or such?
#
aaronpk that is the client_id value to use, and it will only allow redirect URIs on the same hostname
#
shokuninDiscord[ Got it, great
#
shokuninDiscord[ Thanks for the help
#
shokuninDiscord[ Have you thought more about the deploy to Heroku / Docker image kinda thing?
#
aaronpk i do want to make a deploy to heroku button
#
aaronpk i don't know enough about docker to do that, and i have no interest in learning either :) but i'd accept a PR that makes it work in docker
#
shokuninDiscord[ Yeah it sounds like a pain rn
#
shokuninDiscord[ Is the heroku stuff easy btw? I've noticed widgetbot.io uses it
#
shokuninDiscord[ (It's a widget we use to embed Discord on permaweb.io)
#
aaronpk yeah heroku is easy
#
aaronpk once i get the button set up you can deploy it without writing any code or using the command line :)
[Lewis_Cowles] joined the channel
#
[Lewis_Cowles] What needs a deploy to heroku button?
#
aaronpk indielogin.com
#
aaronpk https://github.com/aaronpk/indielogin.com
#
Loqi [aaronpk] indielogin.com: Sign in with your domain name
#
[Lewis_Cowles] does it need anything complex for the JS, and does it work with new (ish) PHP?
#
aaronpk JS is static, it runs in PHP 7.2, haven't test in 7.3 yet
#
aaronpk it needs mysql
#
[Lewis_Cowles] cool, give me a bit to get it up and running locally
#
[Lewis_Cowles] I run a lot of docker. I enjoy dockerising apps
#
aaronpk the PGP key verifier is a separate ruby app but i should probably add a switch to disable that feature for this
#
aaronpk so just ignore the ruby stuff
#
aaronpk oh it needs redis too
#
aaronpk if that's too complicated, I could probably rewrite the redis parts to store in mysql instead. there aren't that many places where it's used
#
[Lewis_Cowles] right in heroku those are provided via ENV, does it use a config file, or is it editing variables directly?
#
[Lewis_Cowles] same for docker TBH
#
[Lewis_Cowles] the basis for a Heroku docker is really simple. Most of the work will be containerising I should imagine
#
[Lewis_Cowles] build:
#
[Lewis_Cowles] web: Dockerfile
#
[Lewis_Cowles] docker:
#
aaronpk it does have a config file. i added a template into the repo
#
aaronpk https://github.com/aaronpk/indielogin.com/blob/master/lib/config.template.php
#
aaronpk needs github and twitter api keys, mailgun api key, and DB credential
#
aaronpk s
#
[Lewis_Cowles] yeah those can come in via ENV
#
[Lewis_Cowles] so do you happen to know which php extensions other than json, mysql, redis?
#
[Lewis_Cowles] and would you like the build of the dockerfile to run tests?#
#
[Lewis_Cowles] It's already multi-stage build
#
aaronpk i don't think i have any tests there o.O
#
[Lewis_Cowles] that simplifies that question 😉
#
[Lewis_Cowles] I'll omit them in case it crashes
#
aaronpk it looks like it doesn't require the redis extension, but it will be faster with the `phpiredis` extension
#
[fluffy] [sknebel] yeah after re-going through my IndieAuth implementation and trying to OAuthify it I realized that (about it not having tokens in the first place). Brainfart. 🙂
#
aaronpk according to the redis library i'm using
#
[Lewis_Cowles] 😉 It's building the first attempt (local docker). Let's see if frankenstein will rise on the first punt
#
[Lewis_Cowles] if it works I'm having another beer 🙂
#
aaronpk oh one more thing... the php libraries it uses need to be installed via composer
#
aaronpk i don't know how that's normally done in heroku
#
[Lewis_Cowles] yeah I got that it's done inside the docker container for this (you did say docker in heroku right?)
#
aaronpk i don't think heroku uses docker for their stuff? not sure https://devcenter.heroku.com/articles/heroku-button
#
[Lewis_Cowles] yeah I know how to deploy a heroku button with Docker
#
[Lewis_Cowles] I've in-fact never used anything else
#
[Lewis_Cowles] for the button
#
aaronpk huh i didn't know that was a thing
#
[Lewis_Cowles] scroll up you'll see the tiny config required to run a Dockerfile
#
[Lewis_Cowles] it's quite lovely
#
[Lewis_Cowles] 3 lines
#
[Lewis_Cowles] accidentally typed alpine in... first build failed, thank someone for build caching
#
[Lewis_Cowles] do you dump the autoloader? I can't remember if there was a step past composer install for auto-linking things like the helper
#
aaronpk i just do composer install and then it's ready
[jgarber] joined the channel
#
[Lewis_Cowles] it's cycling on connection reset. I suppose now is the time for config.php
#
[Lewis_Cowles] there are more bits in there than mentioned
#
[Lewis_Cowles] is it evaluated once at startup, or many times?
#
[Lewis_Cowles] if services are in an invalid state what does it do? (crash?)
#
[Lewis_Cowles] I have a docker-compose.yml + Dockerfile + heroku button. Problem is now making the app run lol
#
aaronpk are you familiar with how php apps run?
#
[Lewis_Cowles] yes, but I'm asking how your app copes if it does not have config values
#
aaronpk it'll probably just error on every request
#
[Lewis_Cowles] I am now receiving 403. I am unaware if this is good or bad
#
aaronpk that doesn't sound good
[jgmac1106] and [manton] joined the channel
#
[Lewis_Cowles] Ha... got it working
#
[Lewis_Cowles] https://github.com/Lewiscowles1986/indielogin.com/tree/docker-heroku-love-button
#
[Lewis_Cowles] It should be fine. I'm yet to deploy it outside of docker-compose (http://localhost:5000)
#
[Lewis_Cowles] gotta clean the shelf of my personal heroku
#
[Lewis_Cowles] I may change the database URL and add helper logic for switching mysql heroku providers
#
aaronpk wow
#
[tantek] that's pretty amazing
#
[tantek] [Lewis_Cowles]++
#
Loqi [Lewis_Cowles] has 2 karma in this channel over the last year (3 in all channels)
[Rose] joined the channel
#
[Lewis_Cowles] Well it needs work. I've just dropped the requirement for cleardb and I think it cascades to support all heroku mysql providers as well as the ability to provide custom host(with port), db, user, password, custom database url (if any db url is there it uses that)
#
[Lewis_Cowles] It also now takes the name and url from heroku
#
[Lewis_Cowles] and not everything is required 😂
#
[Lewis_Cowles] ... error logging is apparently not setup correctly
[KevinMarks] joined the channel