#[dmitshur]I've realized there's a usability problem with just letting people sign in with their URL is that if they've previously left reactions, they'll lose all that state because their IndieAuth URL would effectively be a completely separate account.
#[dmitshur]Ideally, I would have some UI where you can explicitly choose your preferred identity out of many (e.g., "example.com" or "github.com/user"), but perhaps I can take a UI-less shortcut by using the heuristic: if you sign in as X (instead of Y), then X is your current identity until you sign in via Y.
KartikPrabhu, [manton], [Michael_Beckwit and [dmitshur] joined the channel
#[dmitshur]On a different but related note, "https://example.com/user" and "https://example.com/user/" are technically different URLs. It seems weird to let 2 completely different people differ only by a trailing slash. But https://indieauth.spec.indieweb.org/#url-canonicalization allows it.
#[dmitshur]Marty's website claims he is "https://github.com/martymcguire/" (note the trailing slash) on GitHub. I think I should handle that no different than if he left out the trailing slash, since that URL does show his profile. I wonder what I should do if someone has a rel="me" url="https://github.com/example/repo-or-some-such"... I imagine I would reject that, since a repository isn't a GitHub user.
[KevinMarks] joined the channel
#[KevinMarks]If you follow the url does it redirect to a common form?
#[dmitshur]it does not. however, the URLs in links in the rendered HTML have a canonical form: including canonical case and no trailing slash
maifaelin53 and maficious joined the channel; maifaelin53 left the channel
#maficiousI don't see any messages, is it because nobody sends anything or is it my problem?
maficious left the channel
#nloadholtesIt is just a quiet moment, this is a pretty active channel most days
#aaronpk[dmitshur]: check out all the text around redirect following in IndieAuth , that's how to treat URLs with extra slashes the same
#aaronpkyou will probably have to make special cases for GitHub or sites with usernames if they serve the profile page from multiple URLs without redirecting. Check if they use rel=canonical tho
#[schmarty]dmitshur: good tip about canonical GitHub URLs! I have it in my head that they are inconsistent about when they allow or disallow trailing slashes. 🤔
[dmitshur] joined the channel
#[dmitshur][aaronpk]: Thanks! I'm fairly aware of redirect following (although implementing much of that is still a known TODO), but it doesn't help with GitHub because they don't redirect.
#aaronpkYeah that's why I said you have to handle those kinds of sites differently
#[dmitshur]Great idea about rel=canonical though. I checked, not seeing it, but there is a meta property="og:url" which might be usable instead? Going to read about it.
#aaronpkit's their own fault for not sending redirects. It causes other problems besides this for them too
#[dmitshur]Do you agree it's reasonable not to accept someone's GitHub profile if their rel=me link doesn't point to the profile but another page (e.g., their repo)
#[dmitshur]in practice, I'm not going to need it for now because it's just easier to add special case for github. For now at least, I'm going to use GitHub API to fetch the user info including their HTMLURL, rather than doing an HTTP get.
#[dmitshur]but it's good to know there may be a way of applying a general solution even to github
#[dmitshur]the possibility of a trailing-slash difference between two different legitimate users is slightly unfortunate, but thinking more about it, it seems very unlikely to come up in practice.
#aaronpkYeah with indielogin.com I switched to using the silo APIs to get user info instead of dealing with URL normalization and it really cleaned things up
[jgmac1106] and [KevinMarks] joined the channel
#[KevinMarks]I hope they don't change their urls at dinner point, or do it carefully. Didn't twitter switch to having an @ in the canonical url after a few years?
#[dmitshur]at first I thought I'd just ignore errors, but now I'm thinking I'll report them to user and prevent from logging in. so they'll be motivated to fix (or remove) their broken/misconfigured stuff.
#[dmitshur]I'm thinking about how to handle error cases when a user signed in successfully via IndieAuth but their user info is misconfigured/erroneous.
#[dmitshur]and make the error messages helpful/detailed that is
#[dmitshur]I'll include my email under the error message so if I messed up or if people have questions, they can reach me.
#[dmitshur]that seems more in line with my principles (be strict about input and report detailed error messages), so that's where I'll start.
#[dmitshur](most of these error conditions are very unlikely, but I still need to make a decision for how to handle them)
#[dmitshur]a future enhancement may be to have some UI that says "I acknowledge this thing is broken and would prefer to proceed without it anyway".
#[dmitshur]this should be a better user experience than a thing becoming broken causing it to silently disappear
#[dmitshur]example error conditions I have in mind:
#[dmitshur]• user's website has rel="me" pointing to a github.com profile, but that profile doesn't link back to their website
#[dmitshur]• h-card.photo[0] is present but is an invalid URL
#[dmitshur]• h-card.photo is present but has 0 elements (maybe?)
#[dmitshur]• h-card.photo[0] is a valid URL but fetching it is non-2xx status code (maybe?)
dckc joined the channel
#[dmitshur]another one (a subset of the first item above):
#[dmitshur]• user's website has rel="me" pointing to a github.com/user profile but that user doesn't exist
aaronpk, treora and [KevinMarks] joined the channel
#[dmitshur](thanks to aaronpk, schmarty and willnorris whose websites have a GitHub profile linked and I'm using for testing this)
#[dmitshur]this is going so well and I am enjoying this so much 😄
#[dmitshur]note that it correctly reported an error for dev.dmitri.shuralyov.com because the github account it points to doesn't point back to it.
blueyed, [manton], [Michael_Beckwit and shivankDiscord[m joined the channel
#@hankchizljawI’d really like something that will ping me for each webmention so I can approve it or reject it. Are there any existing services that do that?
(Please say yes I don’t need more side projects) (twitter.com/_/status/1216105178526617601)
#@sil↩️ how are you getting and storing the webmentions now? If I want notifying about something, most of the time I just punch out an RSS feed for it and then subscribe to that, if that's a useful approach (twitter.com/_/status/1216108772453732359)
#[tantek]^^^ interesting, actual webmention spam or twitter spam via Bridgy?
#[tantek]aaronpk, good point about "#!". Maybe fragmention should explicitly disallow "#!" fragmentions and note that such URLs are reserved for single page app routing (per that old Google advice ages ago). Then we can tell anyone who breaks (like WebMD) that they are violating Google's standard for single page app routing, and they should fix their site 😄
#[tantek]KevinMarks ^^^ WDYT? Worth me filing an issue on fragmention for that?